[CERT-daily] Tageszusammenfassung - Freitag 27-09-2013

Daily end-of-shift report team at cert.at
Fri Sep 27 18:09:21 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 26-09-2013 18:00 − Freitag 27-09-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Time For a Change in Security Thinking, Experts Say ***
---------------------------------------------
WASHINGTON Security, like a lot of other things, tends to go in phases. A new attack technique is developed, vendors respond with a new defensive technology and then attackers find a way to defeat it. It has always been that way. And right now, things seem to be in one of those periodic down cycles ..
---------------------------------------------
http://threatpost.com/time-for-a-change-in-security-thinking-experts-say/102430




*** Malware Now Hiding In Graphics Cards ***
---------------------------------------------
mask.of.sanity writes "Researchers are closing in on a means to detect previously undetectable stealthy malware that resides in peripherals like graphics and network cards. The malware was developed by the same researchers and targeted host runtime memory using direct memory access provided to hardware devices. They said the malware was a highly critical threat to system security and integrity and could not be detected by any operating system."    Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/OU6tbGV5rt4/story01.htm




*** qemu host crash from within guest ***
---------------------------------------------
Topic: qemu host crash from within guest Risk: Medium Text:A dangling pointer access flaw was found in the way qemu handled hot-unplugging virtio devices. This flaw was introduced by v...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090186




*** Ask Slashdot: Has Gmails SSL Certificate Changed, How Would We Know? ***
---------------------------------------------
An anonymous reader writes "Recent reports from around the net suggest that SSL certificate chain for gmail has either changed this week, or has been widely compromised. Even less-than-obvious places to look for information, such as Googles Online Security Blog, are silent. The problem isnt specific to gmail, of course, which leads me to ask: What is the canonically-accepted out-of-band means by which a new SSL certificates fingerprint may be communicated and/or verified by end
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ElNnRuzfXzs/story01.htm




*** iOS 7.0.2 behebt kritische Sicherheitslücke ***
---------------------------------------------
Über einen Trick konnten Fotos und Kontakte ohne Eingabe des Codes zum Entsperren des Displays eingesehen weredn
---------------------------------------------
http://derstandard.at/1379292252272




*** Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files ***
---------------------------------------------
Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files
---------------------------------------------
http://www.securitytracker.com/id/1029102




*** DIY commercial CAPTCHA-solving automatic email account registration tool available on the underground market since 2008 ***
---------------------------------------------
With low-waged employees of unethical 'data entry' companies having already set the foundations for an efficient and systematic abuse of all the major Web properties, it shouldn't be surprising that new market segments quickly emerged to capitalize on the business opportunities offered by the (commercialized) demise of CAPTCHA as an additional human/bot differentiation technique. One of these market segments is supplying automatic (email) account registration services to
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/fT-TzsuZluo/




*** New TDL Dropper Variants Exploit CVE-2013-3660 ***
---------------------------------------------
Recently, we been seeing a new breed of TDL variants going around. These variants look to be clones of the notorious TDL4 malware reported by Bitdefender Labs.The new TDL dropper variants we saw (SHA1: abf99c02caa7bba786aecb18b314eac04373dc97) were caught on the client machine by DeepGuard, our HIPS technology (click the image below to embiggen). From the detection name, we can see that the variants are distributed by some exploit kits.Last year, ESET mentioned a TDL4 variant (some AV vendors
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002612.html




*** EMC VPLEX Lets Local Users Obtain the LDAP/AD Password ***
---------------------------------------------
Impact:   A local user can obtain the LDAP/AD bind password.
Solution:   The vendor has issued a fix (GeoSynchrony 5.2 SP1).
---------------------------------------------
http://www.securitytracker.com/id/1029105




*** ARP Spoofing And Lateral Movement ***
---------------------------------------------
In targeted attacks, during the lateral movement stage attacks try to gain access to other computers on the same local area network (LAN). One useful tool to achieve this is ARP spoofing, which can be used to carry out a variety of attacks to steal information as well as plant backdoors on other machines. 
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v1ZdDzc-S68/




*** WordPress-Blogs für DDoS-Attacken missbraucht ***
---------------------------------------------
Im April rüttelten Angreifer per Brute-Force-Attacke an Tausenden WordPress-Webseiten. Die Angreifer hatten wohl ein Langzeitziel im Auge. Jetzt wurden rund 550 WordPress-Blogs für eine DDoS-Attacke genutzt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/WordPress-Blogs-fuer-DDoS-Attacken-missbraucht-1968357.html




*** Zehn Internet-Fallen, die Sie kennen sollten! ***
---------------------------------------------
Es gibt immer wieder neue Tricks, mit denen Internet-Nutzer von Cyber-Kriminellen in die Falle gelockt werden. Wir zeigen Ihnen, wovor Sie sich beim Surfen in Acht nehmen sollten.
---------------------------------------------
http://web.de/magazine/digitale-welt/sicher-im-netz/17753226-internet-fallen-kennen.html




*** BSI Sicherheitskompass: Zehn Regeln für mehr Sicherheit im Netz ***
---------------------------------------------
Mit zehn Faustregeln wollen das BSI und die Polizeien der Länder für mehr Sicherheit im Netz sorgen. Anlass ist der europäische Cybersicherheitsmonat im Oktober. Das Konzept des National Cyber Security Awareness Month stammt aus den USA.
---------------------------------------------
http://www.heise.de/newsticker/meldung/BSI-Sicherheitskompass-Zehn-Regeln-fuer-mehr-Sicherheit-im-Netz-1968203.html




*** Security Bulletin: WebSphere DataPower XC10 Appliance vulnerability for administrative access to code and data (CVE-2013-5403) ***
---------------------------------------------
A security vulnerability in the WebSphere DataPower XC10 Appliance might allow unauthenticated access to administrative operations and data.  
CVE(s): CVE-2013-1571  
Affected product(s) and affected version(s):  WebSphere DataPower XC10 Appliance version 2.0 WebSphere DataPower XC10 Appliance version 2.1 WebSphere DataPower XC10 Appliance version 2.5
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_websphere_datapower_xc10_appliance_vulnerability_for_administrative_access_to_code_and_data_cve_2013_5403?lang=en_us




*** Attackers can slip malicious code into many Android apps via open Wi-Fi ***
---------------------------------------------
Connect hijacking could put users at risk of data theft, SMS abuse, and more.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/XKc0_9zgluU/story01.htm




*** LinkedIn Patches Multiple XSS Vulnerabilities ***
---------------------------------------------
LinkedIn was susceptible to four reflected cross site scripting (XSS) vulnerabilities before issuing a fix for those flaws over the summer.
---------------------------------------------
http://threatpost.com/linkedin-patches-multiple-xss-vulnerabilities/102443






More information about the Daily mailing list