[CERT-daily] Tageszusammenfassung - Dienstag 7-01-2014

Tue Jan 7 18:22:39 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 03-01-2014 18:00 − Dienstag 07-01-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Matthias Fraidl


*** Router auf Backdoor testen ***
---------------------------------------------
Die Netzwerkausrüster hüllen sich nach wie vor über den Zweck des kürzlich entdeckten, undokumentierten Router-Dienstes in Schweigen. So finden Sie heraus, ob Ihr Router ebenfalls auf Befehle wartet.
---------------------------------------------
http://www.heise.de/security/meldung/Router-auf-Backdoor-testen-2074844.html


*** Backdoor in Routern: Hersteller rätseln und analysieren ***
---------------------------------------------
Noch immer können die Router-Hersteller keine plausible Erklärung dafür liefern, dass auf auf ihren Geräten ein undokumentierter Konfigurationsdienst läuft. Sie sind nach eigenen Angaben selbst noch mit der Analyse beschäftigt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Backdoor-in-Routern-Hersteller-raetseln-und-analysieren-2077308.html


*** Distributionen patchen Drupal -- außer Ubuntu ***
---------------------------------------------
Debian und Fedora liefern Sicherheitsupdates für kürzlich gemeldete Sicherheitsprobleme in Drupal. Wer Ubuntu nutzt, muss sich jedoch selber kümmern.
---------------------------------------------
http://www.heise.de/security/meldung/Distributionen-patchen-Drupal-ausser-Ubuntu-2075618.html


*** Recent Windows Zero-Day Targeted Embassies, Used Syria-related Email ***
---------------------------------------------
In late November, Microsoft revealed that a zero-day vulnerability was in use in targeted attacks against Windows XP and Server 2003 systems. From samples of the exploit examined, it has a backdoor payload that possesses sophisticated anti-analysis techniques. Further research of this earlier attack - discussed in the blog posts above - has revealed that the exploit was deployed via...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/xqgSESnrQns/


*** A Year of Spam: The Notable Trends of 2013 ***
---------------------------------------------
2013 was a year of change inthe spam landscape. The volume of spam increased from 2012. We witnessed the decline of a previously-successful exploit kit. The old became new again, thanks to different techniques used by spammers. While we still saw traditional types of spam, we also saw several "improvements" which allowed spammers to avoid...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/uZ0knuU7r3A/


*** Malware Deployed by Fake Digital Certificates Bypassing Endpoint Security ***
---------------------------------------------
Enterprises that place unwavering faith in the sanctity of digital certificates may want to re-think that belief, now that the latest chapter in the Win32/Winwebsec malware saga has revealed a troubling new development: the use of stolen authentication credentials. Win32/Winwebsec is the catch-all term used by Microsoft to reference a group of fake anti-virus programs [...]
---------------------------------------------
http://www.seculert.com/blog/2014/01/malware-deployed-by-fake-digital-certificates-bypassing-endpoint-security.html


*** Ransomware: Powerlocker wird für 100 US-Dollar angeboten ***
---------------------------------------------
Die Gruppe Malware Crusaders warnt vor einer neuen Ransomware, die nicht nur besser verschlüsselt, sondern mit zusätzlichen Funktionen ausgestattet ist. In einschlägigen Foren wird Powerlocker bereits für 100 US-Dollar angeboten. (Virus, Malware)
---------------------------------------------
http://www.golem.de/news/ransomware-powerlocker-wird-fuer-100-us-dollar-angeboten-1401-103757-rss.html


*** Malicious Advertisements served via Yahoo ***
---------------------------------------------
Fox-IT operates the shared Security Operations Center service ProtACT. This service monitors the networks of our clients for malicious activity. On January 3 we detected and investigated the infection of clients after they visited yahoo.com.
---------------------------------------------
http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/


*** WordPress Connect plugin for WordPress unspecified cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/90106


*** Debian devscripts uscan.pl code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/90107


*** [2013-12-27] XPath Injection in IBM Web Content Manager ***
---------------------------------------------
By exploiting the identified XPath Injection vulnerability, an unauthenticated user is able to extract sensitive application configuration data from vulnerable installations of IBM Web Content Manager.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131227-0_IBM_WCM_XPath_Injection_v10.txt


*** HP Data Protector code execution  ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/90001
http://xforce.iss.net/xforce/xfdb/90002
http://xforce.iss.net/xforce/xfdb/90003