[CERT-daily] Tageszusammenfassung - Dienstag 19-11-2013

Tue Nov 19 18:12:39 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 18-11-2013 18:00 − Dienstag 19-11-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Am I Sending Traffic to a "Sinkhole"?, (Mon, Nov 18th) ***
---------------------------------------------
It has become common practice to setup "Sinkholes" to capture traffic sent my infected hosts to command and control servers. These Sinkholes are usually established after a malicious domain name has been discovered and registrars agreed to redirect respective NS records to a specific name server configured by the entity operating the Sinkhole. More recently for example Microsoft gained court orders to take over...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17048


*** Google Completes Upgrade of its SSL Certificates to 2048-Bit RSA ***
---------------------------------------------
Google announced today it has completed upgrading all of its SSL certificates to 2048-bit RSA or better, up from 1024.
---------------------------------------------
http://threatpost.com/google-completes-upgrade-of-its-ssl-certificates-to-2048-bit-rsa/102959


*** Facebook URL redirection vulnerability patched ***
---------------------------------------------
A Facebook URL redirection vulnerability discovered last week was patched just a day after a blog post detailing the bug went live.
---------------------------------------------
http://www.scmagazine.com//facebook-url-redirection-vulnerability-patched/article/321528/


*** Winpmem - Mild mannered memory aquisition tool??, (Tue, Nov 19th) ***
---------------------------------------------
There should be little argument that with todays threats you should always acquire a memory image when dealing with any type of malware. Modern desktops can have 16 gigabytes of RAM or more filled with evidence that is usually crutial to understanding what was happening on that machine. Failure to acquire that memory will make analyzing the other forensic artifacts difficult or in some cases impossible. Chad Tilbury (@chadtilbury) recently told me about a new memory acquisition tool that I want...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17054&rss


*** Old JBoss vuln in the wild, needs patching ***
---------------------------------------------
Remote code execution, the usual thing JBoss sysadmins need to get busy hardening their systems, with a rising number of attacks against the system, according to Imperva.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/11/19/old_jboss_vuln_in_the_wild_needs_patching/


*** Cybercriminals spamvertise tens of thousands of fake "Sent from my iPhone" themed emails, expose users to malware ***
---------------------------------------------
Cybercriminals are currently mass mailing tens of thousands of malicious emails, supposedly including a photo attachment that's been "Sent from an iPhone". The social engineering driven spam campaign is, however, the latest attempt by a cybercriminal/group of cybercriminals that we've been monitor for a while, to attempt to trick gullible users into unknowingly joining the botnet operated by the malicious actor(s) behind the campaign. Detection rate for the spamvertised...
---------------------------------------------
http://www.webroot.com/blog/2013/11/19/cybercriminals-spamvertise-tens-thousands-fake-sent-iphone-themed-emails-expose-users-malware/


*** A .BIT Odd ***
---------------------------------------------
Like many security researchers, I see a lot of new malicious sites every week, far too many in fact. One thing that sets security researchers apart is that we can see a top-level domain (TLD) like .cc and recall instantly that it belongs to the Cocos Islands in the Indian Ocean, with a tiny population,...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rFeNuxSPHUg/


*** Vuln: Chainfire SuperSU CVE-2013-6775 Arbitrary Command Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63715


*** Vuln: Multiple Android Superuser Packages CVE-2013-6769 Arbitrary Command Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63712


*** Opera Unspecified Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55720


*** Network Security Services (NSS) Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55557


*** Vuln: MIT Kerberos 5 CVE-2013-6800 Remote Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63770


*** Elastix Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55739


*** Splunk Test Scripts Let Remote Authenticated Users Execute Arbitrary Shell Scripts on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1029316