[CERT-daily] Tageszusammenfassung - Montag 28-10-2013

Mon Oct 28 18:03:00 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 25-10-2013 18:00 − Montag 28-10-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** Email contains phishing scam, not iPhone 5S ***
---------------------------------------------
A new phishing email circulating the globe is preying on Apple fans who cant wait to get their hands on the coming iPhone 5S and iPhone 5c devices.
---------------------------------------------
http://www.scmagazine.com/email-contains-phishing-scam-not-iphone-5s/article/311080/


*** Blog: Cryptolocker Wants Your Money! ***
---------------------------------------------
A new ransomware Trojan is on the loose. The attackers give you roughly three days to pay them, otherwise your data is gone forever.
---------------------------------------------
http://www.securelist.com/en/blog/208214109/Cryptolocker_Wants_Your_Money


*** Blog-Software Wordpress 3.7 aktualisiert sich selbst ***
---------------------------------------------
In der neuen Version 3.7 hält sich die Blog-Software Wordpress selbst aktuell: Sicherheitsupdates werden künftig im Hintergrund automatisch eingespielt, wenn die Konfiguration das zulässt. Weitere Neuerungen dienen ebenfalls vorrangig der Sicherheit.
---------------------------------------------
http://www.heise.de/security/meldung/Blog-Software-Wordpress-3-7-aktualisiert-sich-selbst-1985697.html


*** Periodic Connections to Control Server Offer New Way to Detect Botnets ***
---------------------------------------------
A number of recent botnets and advanced threats use HTTP as their primary communications channel with their control servers. McAfee Labs research during the last couple of years reveals that more than 60 percent of the top botnet families depend on HTTP. These numbers have increased significantly over the last few quarters.
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/periodic-links-to-control-server-offer-new-way-to-detect-botnets


*** Improving Hadoop Security with Host Intrusion Detection (Part 2) ***
---------------------------------------------
This is a continuation of our previous post on Hadoop security. As we mentioned in our earlier post, we can use OSSEC to monitor for the file integrity of these existing Hadoop and HBase systems. OSSEC creates logs which a system administrator can use to check for various system events. It´s worth noting that big data systems ...
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/improving-hadoop-security-with-host-intrusion-detection-part-2/


*** Active Perl/Shellbot Trojan ***
---------------------------------------------
ISC received a submission from Zach of a Perl/Shellbot.B trojan served by fallencrafts[.]info/download/himad.png. The trojan has limited detection on Virustotal and the script contains a 'hostauth' of sosick[.]net[3] and the IRC server where the compromised systems are connecting to is located at 89.248.172.144. What we have so far, it appears it is exploiting older version of Plesk.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16907&rss


*** LinkedIn kann Mails mitlesen ***
---------------------------------------------
Die kürzlich eingeführte Intro-Technik für iOS bringt dem Berufsnetzwerk Kritik ein: Sie sei ein Traum für Angreifer und Sicherheitsdienste. Die Firma verteidigt sich: Alles sei sicher und man respektiere die Privatsphäre der Nutzer.
---------------------------------------------
http://www.heise.de/security/meldung/LinkedIn-kann-Mails-mitlesen-2034490.html


*** Einbruch bei Buffer ***
---------------------------------------------
Der Social-Media-Dienst wurde gestern gehackt. Laut Unternehmensblog sollen weder Passwörter noch Kreditkarteninformationen abhanden gekommen sein.
---------------------------------------------
http://www.heise.de/security/meldung/Einbruch-bei-Buffer-2034519.html


*** Storewize: IBM warnt vor Sicherheitslücke in Storage-Systemen ***
---------------------------------------------
In den SAN-Controllern der Serie Storewize von IBM steckt eine Lücke, mit der ein Angreifer die Konfiguration ändern und auch Daten löschen kann. Abhilfe schafft ein Firmware-Update, das schon bereitsteht. (IBM, Netzwerk)
---------------------------------------------
http://www.golem.de/news/storewize-ibm-warnt-vor-sicherheitsluecke-in-storage-systemen-1310-102388-rss.html


*** End User Devices Security and Configuration Guidance ***
---------------------------------------------
UK Gov Configuration guidance for the following platforms: 
End User Devices Security Guidance: Windows Phone 8 
End User Devices Security Guidance: Android 4.2 
End User Devices Security Guidance: Windows 7 and Windows 8 
End User Devices Security Guidance: Ubuntu 12.04 
End User Devices Security Guidance: Windows 8 RT 
...
---------------------------------------------
https://www.gov.uk/government/collections/end-user-devices-security-guidance--2


*** Bypassing security scanners by changing the system language ***
---------------------------------------------
Luiz Eduardo and Joaquim Espinhara´s found that the majority of pentesting tools analyze specific problems in web applications - such as SQL injection - via the return messages that are provided by the application, and not by the error code that is reported by the database management system. So, what would happen if the setup language was not English, but Chinese or Portuguese? As their research showed, if the target SQL server doesnt use English by default, the scanners wont be able to
---------------------------------------------
http://www.net-security.org/secworld.php?id=15832


*** Cisco Identity Services Engine contains an input validation vulnerability ***
---------------------------------------------
Vulnerability Note VU#952422 Cisco Identity Services Engine contains an input validation vulnerability Original Release date: 28 Oct 2013 | Last revised: 28 Oct 2013   Overview Cisco Identity Services Engine contains an input validation vulnerability (CWE-20).  Description CWE-20: Improper Input ValidationCisco Identity Services Engine (ISE) contains an input validation vulnerability.
---------------------------------------------
http://www.kb.cert.org/vuls/id/952422


*** I challenged hackers to investigate me and what they found out is chilling ***
---------------------------------------------
It´s my first class of the semester at New York University. I´m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message.
---------------------------------------------
http://pandodaily.com/2013/10/26/i-challenged-hackers-to-investigate-me-and-what-they-found-out-is-chilling/


*** Spam-Versender. Schauen Sie doch mal bitte in Ihren Junk-Ordner ***
---------------------------------------------
Werbefilter funktionieren inzwischen ziemlich zuverlässig. Das wissen auch die Spam-Versender. Deshalb schicken sie noch eine zweite Nachricht hinterher.
---------------------------------------------
http://www.heise.de/security/meldung/Spam-Versender-Schauen-Sie-doch-mal-bitte-in-Ihren-Junk-Ordner-2034941.html


*** Scan Shows 65% of ReadyNAS Boxes on Web Vulnerable to Critical Bug ***
---------------------------------------------
It´s been known for some time now several months, in fact that there is a critical, remotely exploitable vulnerability in some of Netgear´s ReadyNAS storage boxes, and a patch has been available since July. However, many of the boxes exposed to the Web are still vulnerable, and a recent scan by HD Moore of Rapid7 found that ...
---------------------------------------------
http://threatpost.com/scan-shows-65-of-readynas-boxes-on-web-vulnerable-to-critical-bug/102706


*** Vuln: Cisco Catalyst 3750 Series Switches Default Credentials Security Bypass Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/63342


*** Bugtraq: Multiple CSRF Horde Groupware Web mail Edition 5.1.2 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529466


*** Bugtraq: DD-WRT v24-sp2 Command Injection ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529463


*** Apache Struts2 showcase multiple XSS ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100185


*** DSA-2787 roundcube ***
---------------------------------------------
http://www.debian.org/security/2013/dsa-2787


*** Woltlab Burning Board Regenbogenwiese 2007 Addon SQL Injection Exploit. ***
---------------------------------------------
http://www.exploit-db.com/exploits/29023


*** GnuPG Side-Channel Attack Lets Local Users Recover RSA Secret Keys ***
---------------------------------------------
http://www.securitytracker.com/id/1029242


*** DSA-2785 chromium-browser ***
---------------------------------------------
http://www.debian.org/security/2013/dsa-2785