[CERT-daily] Tageszusammenfassung - Mittwoch 30-10-2013

Daily end-of-shift report team at cert.at
Wed Oct 30 18:01:33 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 29-10-2013 18:00 − Mittwoch 30-10-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** Nuclear Exploit Pack Getting More Aggresive ***
---------------------------------------------
Churning through our logs, we recently observed a significant rise in the number of transactions involving the Nuclear Exploit Pack, which has been in the news for quite some time now. In the past week, we stumbled upon thousands of transactions involving the Nuclear Exploit Pack infestation.
---------------------------------------------
http://research.zscaler.com/2013/10/nuclear-exploit-pack-getting-more.html




*** A Tour Through The Chinese Underground ***
---------------------------------------------
The Chinese underground has played host to many cybercriminals over the years. In the research brief titled Beyond Online Gaming Cybercrime: Revisiting the Chinese Underground Market, we provide some details of the current state of the Chinese underground economy. Last year, we looked into this underground sector, and this brief is a continuation of those efforts.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/a-tour-through-the-chinese-underground/




*** Major Corporations Fail to Defend Against Social Engineering ***
---------------------------------------------
Companies such as Apple and General Motors gave up crucial company information to social engineers during the annual Capture the Flag contest at Def Con.
---------------------------------------------
http://threatpost.com/major-corporations-fail-to-defend-against-social-engineering/102733




*** iOS apps can be hijacked to show fraudulent content and intercept data ***
---------------------------------------------
A large number of apps for iPhones and iPads are susceptible to hacks that cause them to surreptitiously send and receive data to and from malicious servers instead of the legitimate ones they were designed to connect to, security researchers said on Tuesday.
---------------------------------------------
http://arstechnica.com/security/2013/10/ios-apps-can-be-hijacked-to-show-fraudulent-content-and-intercept-data/




*** New Injection Campaign Peddling Rogue Software Downloads ***
---------------------------------------------
A mass injection campaign surfaced over the last two weeks that´s already compromised at least 40,000 web pages worldwide and is tricking victims into downloading rogue, unwanted software to their computer.
---------------------------------------------
http://threatpost.com/new-injection-campaign-peddling-rogue-software-downloads/102737




*** Defending Against CryptoLocker ***
---------------------------------------------
CryptoLocker infections were found across different regions, including North America, Europe Middle East and the Asia Pacific. Almost two-thirds of the affected victims - 64% - were from the US. Other affected countries include the UK and Canada, with 11% and 6% of global victims, respectively.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/defending-against-cryptolocker/




*** Analysis: Kaspersky Lab Report: Java under attack - the evolution of exploits in 2012-2013 ***
---------------------------------------------
One of the biggest problems facing the IT security industry is the use of vulnerabilities in legitimate software to launch malware attacks. Malicious programs can use these vulnerabilities to infect a computer without attracting the attention of the user and, in some cases, without triggering an alert from security software.
---------------------------------------------
http://www.securelist.com/en/analysis/204792310/Kaspersky_Lab_Report_Java_under_attack_the_evolution_of_exploits_in_2012_2013




*** Microsoft sieht Rückgang der Virengefahr, aber steigende Infektionen ***
---------------------------------------------
In fast allen großen Ländern habe die Zahl der 'Begegnungen mit Schad-Software' deutlich abgenommen, konstatiert der aktuelle Microsoft Security Intelligence Report. Für Entwarnung ist es jedoch zu früh - denn die Zahl der Infektionen nimmt trotzdem zu.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-sieht-Rueckgang-der-Virengefahr-aber-steigende-Infektionen-2036307.html




*** Joomla! Media Manager allows arbitrary file upload and execution ***
---------------------------------------------
A vulnerability has been discovered in older versions of the Joomla! content management software that allow an authenticated attacker to upload active content through the media manager form ('administrator/components/com_media/helpers/media.php'). Joomla! allows files with a trailing '.' to pass the upload checks.
---------------------------------------------
http://www.kb.cert.org/vuls/id/639620




*** Apples Siri is helping users bypass iOS security ***
---------------------------------------------
Siri was designed to be an effective personal assistant, but since the release of iOS 7, the artificial intelligence is bringing the bad with the good.
---------------------------------------------
http://www.scmagazine.com/apples-siri-is-helping-users-bypass-ios-security/article/314370/




*** [remote] - Apache / PHP 5.x Remote Code Execution Exploit ***
---------------------------------------------
+++ Betrifft veraltete Versionen +++
Unaffected versions are patched by CVE-2012-1823.
---------------------------------------------
http://www.exploit-db.com/exploits/29290




*** Vuln: Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-5599 Remote Memory Corruption Vulnerability ***
---------------------------------------------
+++ Betrifft veraltete Versionen +++
---------------------------------------------
http://www.securityfocus.com/bid/63423




*** ASUS RT-N13U Backdoor Account ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100206




*** Vuln: XAMPP for Windows Multiple Cross Site Scripting and SQL Injection Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/53979




*** Citrix XenDesktop Upgrade Feature Bug Lets Remote Authenticated Users Bypass Policy Controls ***
---------------------------------------------
http://www.securitytracker.com/id/1029263




*** WordPress MoneyTheme Cross Site Scripting / Shell Upload ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100199




*** WordPress Curvo Shell Upload ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100197




*** Google Play Billing Bypass ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100203




*** sup Remote Command Execution ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100202


More information about the Daily mailing list