[CERT-daily] Tageszusammenfassung - Freitag 20-09-2013

Fri Sep 20 18:02:31 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 19-09-2013 18:00 − Freitag 20-09-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** Can Companies Fight Against Targeted Attacks? ***
---------------------------------------------
There are various reasons why targeted attacks can happen to almost any company. One of the biggest reasons is theft of a company's proprietary information. There are many types of confidential data that could be valuable. Intellectual property is often the first thing that comes to mind.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/can-companies-fight-against-targeted-attacks/


*** Apple's iOS 7 Update Fixes 80 Security Bugs ***
---------------------------------------------
Yesterdays iOS 7 update brought a slew of bug fixes, 80 in total, to Apple devices.
---------------------------------------------
http://threatpost.com/apples-ios-7-update-fixes-80-security-bugs/102356


*** Vertexnet Botnet Hides Behind AutoIt ***
---------------------------------------------
Recently we found some new malware samples using AutoIt to hide themselves. On further analysis we found that those sample belong to the Vertexnet botnet. They use multiple layers of obfuscation; once decoded, they connect to a control server to accept commands and transfer stolen data. This sample is packed using a custom packer.
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/vertexnet-botnet-hides-behind-autoit


*** Experts Worry About Long-Term Implications of NSA Revelations ***
---------------------------------------------
With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA's collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what they can trust anymore.
---------------------------------------------
http://threatpost.com/experts-worry-about-long-term-implications-of-nsa-revelations/102355


*** Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact ***
---------------------------------------------
Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact
---------------------------------------------
http://www.securitytracker.com/id/1029039


*** Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service ***
---------------------------------------------
Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1029057


*** Massive Sicherheitslücke in iOS 7 entdeckt ***
---------------------------------------------
Trotz Bildschirmsperre kann auf iPhones und iPads mit iOS 7 auf Fotos und dadurch auch auf Kontakte oder Twitter zugegriffen werden. Ausgangspunkt dafür ist das neue Control Center.
---------------------------------------------
http://futurezone.at/produkte/apple-massive-sicherheitsluecke-in-ios-7-entdeckt/27.565.975


*** Western Digital Arkeia Remote Code Execution ***
---------------------------------------------
Western Digital Arkeia Remote Code Execution
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090143


*** HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks ***
---------------------------------------------
HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
---------------------------------------------
http://www.securitytracker.com/id/1029069


*** Sicherheitsunternehmen warnt vor NSA-Algorithmus ***
---------------------------------------------
Zufallsgenerator Dual EC DRBG in BSAFE und Data Protection Manager als Standard eingerichtet
---------------------------------------------
http://derstandard.at/1379291450962


*** FTC-Beschwerde: TrendNets IP-Kameras sind nicht sicher ***
---------------------------------------------
Die US-Handelskommission hat TrendNets zu umfangreichen Maßnahmen verpflichtet, um die Netzwerkkameras abzusichern. Auslöser war eine 2012 aufgedeckte Schwachstelle, durch die Unbefugte auf die Live-Streams hunderter TrendNet-Kunden zugreifen konnten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/FTC-Beschwerde-TrendNets-IP-Kameras-sind-nicht-sicher-1961474.html


*** The Small Biz 5 Step Plan to Security Breach Recovery ***
---------------------------------------------
Why do Internet criminals favor small and medium sized businesses? One reason is because many are suppliers and partners of large corporate entities offering a convenient pathway to these partners' networks. Although most SMBs will not experience a security breach, many will. So, how can your business recover following a hacking incident?
---------------------------------------------
http://www.business2community.com/small-business/small-biz-5-step-plan-security-breach-recovery-0621838


*** OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution ***
---------------------------------------------
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
---------------------------------------------
http://www.exploit-db.com/exploits/28408


*** Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges
---------------------------------------------
http://www.securitytracker.com/id/1029063


*** HP IceWall Multiple Products Multiple Vulnerabilities ***
---------------------------------------------
HP IceWall Multiple Products Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54930


*** Now Registering for Classes at Cybercrime U #INTH3WILD ***
---------------------------------------------
As summer comes to a close, students all over the world are heading back to the classroom even in the cyber underground. Over the last few weeks, RSA has observed a spike in the availability of cybercrime courses, lessons, counseling and tutoring that are being offered to help fraudsters achieve their career goals.
---------------------------------------------
https://blogs.rsa.com/now-registering-classes-cybercrime-u/


*** Yet another `malware-infected hosts as anonymization stepping stones` service offering access to hundreds of compromised hosts spotted in the wild ***
---------------------------------------------
The general availability of DIY malware generating tools continues to contribute to the growth of the `malware-infected hosts as anonymization stepping stones` Socks4/Socks5/HTTP type of services, with new market entrants entering this largely commoditized market segment on a daily basis. Thanks to the virtually non-attributable campaigns that could be launched through the use of malware-infected hosts, ...
---------------------------------------------
http://www.webroot.com/blog/2013/09/20/yet-another-malware-infected-hosts-anonymization-stepping-stones-service-offering-access-hundreds-compromised-hosts-spotted-wild/


*** Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability ***
---------------------------------------------
Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability
---------------------------------------------
https://secunia.com/advisories/54929