[CERT-daily] Tageszusammenfassung - Mittwoch 18-09-2013

Wed Sep 18 18:04:24 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 17-09-2013 18:00 − Mittwoch 18-09-2013 18:00
Handler:     Christian Wojner
Co-Handler:  Matthias Fraidl


*** WordPress Simple Dropbox Upload Plugin Arbitrary File Upload Vulnerability ***
---------------------------------------------
WordPress Simple Dropbox Upload Plugin Arbitrary File Upload Vulnerability
---------------------------------------------
https://secunia.com/advisories/54856


*** Microsoft Releases Security Advisory 2887505 ***
---------------------------------------------
Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. 
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/09/17/microsoft-releases-security-advisory-2887505.aspx


*** Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks ***
---------------------------------------------
Researchers: It was resourceful Hidden Lynx crew wot done it Security researchers have linked the 'Hackers for hire' Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009.
---------------------------------------------
http://www.theregister.co.uk/2013/09/17/chinese_hackers4hire_crew/


*** Secure on Social Networks ***
---------------------------------------------
During the past few years, the popularity of social networks has grown tremendously. They have come to form an important part of our communication. Although social networks offer a useful and fun interactive platform for the exchange and provision of information, they also present various security and privacy risks. This factsheet offers you an overview of the risks involved in participation in social networks.
---------------------------------------------
http://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/factsheets/secure-on-social-networks.html


*** Study finds fraudsters foist one-third of all Tor traffic ***
---------------------------------------------
Anonymizing network disproportionately associated with online skullduggery People who access the internet through the anonymizing Tor network are much more likely to be up to no good than are typical internet users, according to a study by online reputation tracking firm Iovation.
---------------------------------------------
http://www.theregister.co.uk/2013/09/18/study_finds_onethird_of_all_tor_traffic_is_fraudulent/


*** Look at risk before leaping into BYOD, report cautions ***
---------------------------------------------
Risk management critical to skirting pitfalls of permitting personal devices in the office
---------------------------------------------
http://www.csoonline.com/article/739937/look-at-risk-before-leaping-into-byod-report-cautions?source=rss_application_security


*** Connecting the Dots: Fake Apps, Russia, and the Mobile Web ***
---------------------------------------------
The existence of fake mobile apps poses privacy and financial risks to users of the mobile web. As experts figure out the dangers of the consumerization and the lack of security of mobile devices, fake apps continue to grow.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/connecting-the-dots-fake-apps-russia-and-the-mobile-web


*** IBM Domino / iNotes Buffer Overflow Vulnerability ***
---------------------------------------------
IBM Domino / iNotes Buffer Overflow Vulnerability
---------------------------------------------
https://secunia.com/advisories/54895


*** Betrüger locken Smartphone-Nutzer mit angeblicher Werbung für G Data ***
---------------------------------------------
Werbung in Android-Applikationen soll Nutzer dazu verleiten, teure Premium-SMS-Abos abzuschließen. G Data wehrt sich rechtlich gegen den Missbrauch des Markennames.
---------------------------------------------
http://www.heise.de/security/meldung/Betrueger-locken-Smartphone-Nutzer-mit-angeblicher-Werbung-fuer-G-Data-1960528.html


*** Mozilla Firefox / Thunderbird Multiple Vulnerabilities ***
---------------------------------------------
Some vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
---------------------------------------------
https://secunia.com/advisories/54892


*** Researchers can slip an undetectable trojan into Intel's Ivy Bridge CPUS ***
---------------------------------------------
New technique bakes super stealthy hardware trojans into chip silicon.
---------------------------------------------
http://arstechnica.com/security/2013/09/researchers-can-slip-an-undetectable-trojan-into-intels-ivy-bridge-cpus/