[CERT-daily] Tageszusammenfassung - Mittwoch 9-10-2013

Daily end-of-shift report team at cert.at
Wed Oct 9 18:08:56 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 08-10-2013 18:00 − Mittwoch 09-10-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** WhatsApp-Verschlüsselung ruft Zweifel hervor ***
---------------------------------------------
Dem Chefentwickler des IM-Clients Adium zufolge müssen WhatsApp-Nutzer alle bisher versandten Nachrichten als entschlüsselbar betrachten.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-Verschluesselung-ruft-Zweifel-hervor-1974767.html




*** The October 2013 security updates ***
---------------------------------------------
This month we release eight bulletins - four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083. Our Bulletin Deployment Priority graph provides an overview of this month's priority releases...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/10/08/the-october-2013-security-updates.aspx




*** Other Patch Tuesday Updates (Adobe, Apple), (Wed, Oct 9th) ***
---------------------------------------------
Adobe released two bulletins today:  APSB13-24: Security update for RoboHelp http://www.adobe.com/support/security/bulletins/apsb13-24.html  I dont remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window.  APSB13-25: Security update for Adobe Acrobat and Adobe Reader http://www.adobe.com/support/security/bulletins/apsb13-25.html  This update fixes a problem that was introduced in a recent
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16763&rss




*** September 2013 Virus Activity Overview ***
---------------------------------------------
October 1, 2013 The first autumn month in 2013 was marked by a number of important events that could have a profound impact on IT security in the future. In particular, in early September a dangerous backdoor that can execute commands from a remote server was discovered, and a bit later Doctor Webs analysts identified the largest known botnet comprised of more than 200,000 infected devices running Android. Overall, numerous malignant programs for this platform were found in September. Viruses
---------------------------------------------
http://news.drweb.com/show/?i=3962&lng=en&c=9




*** ENISA - Can we learn from SCADA security incidents - White Paper ***
---------------------------------------------
Security experts across the world continue to sound the alarm bells about the security of Industrial Control Systems (ICS). Industrial Control Systems look more and more like consumer PCs. They are used everywhere and involve a considerable amount of software, often outdated and unpatched. Recent security incidents in the context of SCADA and Industrial Control Systems emphasise greatly the importance of good governance and control of SCADA infrastructures.
---------------------------------------------
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/scada-industrial-control-systems/can-we-learn-from-scada-security-incidents




*** Staying Stealthy: Passive Network Discovery with Metasploit ***
---------------------------------------------
One of the first steps in your penetration test is to map out the network, which is usually done with an active scan. In situations where you need to be stealthy or where active scanning may cause instability in the target network, such as in SCADA environments, you can run a passive network scan to avoid detection and reduce disruptions. A passive network scan stealthily...
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/10/09/passive-network-discovery-sniffing-for-network-discovery-with-metasploits-metamodules




*** Twitter Malware ***
---------------------------------------------
NCC Group has observed a sharp rise in threats using Twitter direct messages (often abbreviated to DMs) as a method of delivery over the last few months. These threats originate from compromised Twitter accounts. These accounts, once compromised, send direct messages to their followers. If received by email,...
---------------------------------------------
http://www.nccgroup.com/en/blog/2013/10/twitter-malware/




*** Alstom e-Terracontrol DNP3 Master Improper Input Validation ***
---------------------------------------------
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the Alstom e-terracontrol software. Alstom has produced a patch that mitigates this vulnerability. Adam Crain and Chris Sistrunk have tested the patch to validate that it resolves the vulnerability. This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-282-01


More information about the Daily mailing list