[CERT-daily] Tageszusammenfassung - Montag 9-09-2013

Mon Sep 9 18:02:51 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 06-09-2013 18:00 − Montag 09-09-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Zwei-Faktor-Authentifizierung bei GitHub ***
---------------------------------------------
Bei dem Quellcode-Hoster können Nutzer ihren Account nun auch mit einer zusätzlichen Authentifizierungsschicht absichern. Das schützt GitHub-Projekte vor Manipulationen, wenn die Zugangsdaten mal in die falschen Hände fallen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Zwei-Faktor-Authentifizierung-bei-GitHub-1951682.html


*** Citrix CloudPortal Services Manager Multiple Flaws Have Unspecified Impact ***
---------------------------------------------
Citrix CloudPortal Services Manager Multiple Flaws Have Unspecified Impact
---------------------------------------------
http://www.securitytracker.com/id/1028987


*** AirPort Extreme Base Station Frame Processing Bug Lets Remote Users Deny Service ***
---------------------------------------------
AirPort Extreme Base Station Frame Processing Bug Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1028988


*** pyOpenSSL hostname check bypassing vulnerability ***
---------------------------------------------
Topic: pyOpenSSL hostname check bypassing vulnerability Risk: Medium Text:The pyOpenSSL module implements hostname identity checks but it did not properly handle hostnames in the certificate that conta...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090061


*** John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC ***
---------------------------------------------
New submitter anwyn writes " In a recent article postend on the cryptography mailing list, long time civil libertarian and free software entrepreneur, John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggest that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones:"    Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KQm4nlge0-A/story01.htm


*** Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-22) ***
---------------------------------------------
A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, September 10, 2013. We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe … Continue reading →
---------------------------------------------
http://blogs.adobe.com/psirt/2013/09/prenotification-upcoming-security-updates-for-adobe-reader-and-acrobat-apsb13-22.html


*** Telekom: Router warnt bei Bot-Befall ***
---------------------------------------------
Die Telekom sammelt mit eigenen Honeypots Daten über Angriffsszenarien und macht sich diese zum Beispiel in einer Router-Software zu Nutze, die den Anwender warnt, wenn seine IP-Adresse Teil eines Botnetzes ist.
---------------------------------------------
http://www.heise.de/security/meldung/Telekom-Router-warnt-bei-Bot-Befall-1952121.html


*** Spy Service Exposes Nigerian ‘Yahoo Boys’ ***
---------------------------------------------
A crude but effective online service that lets users deploy keystroke logging malware and then view the stolen data remotely was hacked recently. The information leaked from that service has revealed a network of several thousand Nigerian email scammers and offers a fascinating glimpse into an entire underground economy that is seldom explored.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/Bxu69w83Y0Q/


*** Scammers pop up in Android’s Calendar App ***
---------------------------------------------
Over the last couple of days, we’ve intercepted a rather interesting fraudulent approach that’s not just successfully hitting the inboxes of users internationally, but is also popping up as an event on their Android Calendar apps. How is this possible? Fairly simple. Sample screenshot of the fraudulent Google Calendar invitation: Through automatic registration — thanks to the outsourcing of the CAPTCHA solving process — fraudsters are registering thousands of bogus
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/JEYS_MitQTU/


*** Kein großes Smartphone-Betriebssystem vor US-Geheimdienst sicher ***
---------------------------------------------
Der amerikanische Geheimdienst NSA kann sich Zugang zu Nutzerdaten von iPhones, Android-Smartphones und BlackBerry-Geräten verschaffen. Dies meldet der Spiegel unter Bezug auf geheime Unterlagen.
---------------------------------------------
http://www.heise.de


*** No, the NSA cant spy on arbitrary smartphone data ***
---------------------------------------------
The NSA has been exposed as evil and untrustworthy, but so has the press. The press distorts every new revelation, ignoring crucial technical details, and making it sound worse than it really is. An example is this Der Spiegel story claiming "NSA Can Spy On Smartphone Data", such as grabbing your contacts or SMS/email stored on the phone. Update: That was a teaser story, the actual story appearing tomorrow has more facts and fewer speculations than the teaser story.
---------------------------------------------
http://blog.erratasec.com/2013/09/no-nsa-cant-spy-on-smartphone-data.html


*** IBM OS/400 Java Multiple Vulnerabilities ***
---------------------------------------------
IBM OS/400 Java Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54631


*** ExecScent: Mining for New C&C Domains in Live Networks with Adaptive Control Protocol Templates ***
---------------------------------------------
In this paper, we present ExecScent, a novel system that aims to mine new, previously unknown C&C domain names from live enterprise network traffic. ExecScent automatically learns control protocol templates (CPTs) from examples of known C&C communications. These CPTs are then adapted to the “background traffic” of the network where the templates are to be deployed. The goal is to generate hybrid templates that can self-tune to each specific deployment scenario, thus ...
---------------------------------------------
https://www.damballa.com/downloads/a_pubs/Damballa_ExecScent.pdf


*** 30-Second HTTPS Crypto Cracking Tool Released ***
---------------------------------------------
Three researchers who discovered a crypto attack that can be used to grab sensitive information from HTTPS traffic in less than 30 seconds have released a tool to help website operators see if their systems are susceptible. Details of the BREACH -- short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext -- attack were first revealed last month at the Black Hat information security conference ...
---------------------------------------------
http://www.informationweek.com/security/attacks/30-second-https-crypto-cracking-tool-rel/240160741


*** Vuln: Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability ***
---------------------------------------------
Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/62251


*** [webapps] - Moodle 2.3.9, 2.4.6 - Multiple Vulnerabilities ***
---------------------------------------------
Moodle 2.3.9, 2.4.6 - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/28174


*** Exploring attacks against PHP applications ***
---------------------------------------------
Imperva released its September Hacker Intelligence Initiative report which presents an in-depth view of recent attacks against PHP applications, including attacks that involve the PHP “SuperGlobal” parameters, and provides further insight into the nature of hacking activities in general and the implications for the overall integrity of the World Wide Web.
---------------------------------------------
http://www.net-security.org/secworld.php?id=15535


*** Sophos pulls out spade, fills in holes in Web Appliance ***
---------------------------------------------
Uproots root privilege route, covers it over Sophos has pulled out the weeds in its web-scanning software after Core Security identified multiple holes in its Web Protection Appliance versions 3.8.0, 3.8.13 and 3.7.9 and earlier.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/09/09/sophos_patches_web_appliance_vuln/


*** Security experts question if Googles Chrome Apps is worth the risk ***
---------------------------------------------
Worry based on security issues with cross-platform tech such as Flash and Java, which pioneered the write once, infect everywhere model
---------------------------------------------
http://www.csoonline.com/article/739320/security-experts-question-if-google-s-chrome-apps-is-worth-the-risk?source=rss_application_security


*** Blackout - Feature-length What-If drama exploring the effects of a devastating cyber-attack on Britains national electricity grid ***
---------------------------------------------
Based on expert advice and meticulous research, Blackout combines real user-generated footage, alongside fictional scenes, CCTV archive and news reports to build a terrifyingly realistic account of Britain being plunged into darkness.
---------------------------------------------
http://www.channel4.com/programmes/blackout/episode-guide