[CERT-daily] Tageszusammenfassung - Donnerstag 16-01-2014

Thu Jan 16 18:09:20 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 15-01-2014 18:00 − Donnerstag 16-01-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner

*** Compromised Sites Pull Fake Flash Player From SkyDrive ***
---------------------------------------------
On most days, our WorldMap shows more of the same thing. Today is an exception.One infection is topping so high in the charts that it pretty much captured our attention.Checking the recent history of this threat, we saw that these past few days, it has been increasing in infection hits.So we dug deeper It wasnt long before we saw that a lot of scripts hosted in various websites got compromised. Our telemetry actually showed that almost 40% of the infected websites were hosted in Germany. In
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002659.html


*** Microsoft antimalware support for Windows XP ***
---------------------------------------------
Microsoft has announced the Windows XP end of support date of April 8, 2014. After this date, Windows XP will no longer be a supported operating system. To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015. This does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures.
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/01/15/microsoft-antimalware-support-for-windows-xp.aspx


*** SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CORE-2014-001Project: Drupal coreVersion: 6.x, 7.xDate: 2014-January-15Security risk: Highly criticalExploitable from: RemoteVulnerability: Multiple vulnerabilitiesDescriptionMultiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.Impersonation (OpenID module - Drupal 6 and 7 - Highly critical)A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack
---------------------------------------------
https://drupal.org/SA-CORE-2014-001


*** A First Look at the Target Intrusion, Malware ***
---------------------------------------------
Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Todays post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/OVODHvnhoQs/


*** Amazons public cloud fingered as USs biggest MALWARE LAIR ***
---------------------------------------------
Cyber-crooks lurve Bezos & Cos servers and their whitelisted IP addresses Amazons public cloud is the largest haven of malware spreaders in the US, according to security company Solutionary.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/01/16/amazon_cloud_security_nightmare/


*** Ecava IntegraXor Buffer Overflow Vulnerability ***
---------------------------------------------
NCCIC/ICS-CERT is aware of a public report of a buffer overflow vulnerability with proof-of-concept (PoC) exploit code affecting Ecava IntegraXor, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by using a command to load an arbitrary resource from an arbitrary DLL located in the program’s main folder. 
---------------------------------------------
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-015-01


*** Advisory (ICSA-13-344-01) WellinTech Multiple Vulnerabilities ***
---------------------------------------------
NCCIC/ICS-CERT received reports from the Zero Day Initiative (ZDI) regarding a remote code execution vulnerability and an information disclosure vulnerability in WellinTech KingSCADA, KingAlarm&Event, and KingGraphic applications. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. WellinTech has produced a new version that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01


*** Google verstärkt Anti-Spam-Team mit Zukauf ***
---------------------------------------------
Das Team des Startups Impermium, das ein System gegen E-Mail-Account-Missbrauch entwickelt, wechselt zum Internet-Giganten.
---------------------------------------------
http://www.heise.de/security/meldung/Google-verstaerkt-Anti-Spam-Team-mit-Zukauf-2087315.html


*** Telekom reagiert mit Blog-Eintrag auf gefälschte Rechnungen ***
---------------------------------------------
Erneut versenden Kriminelle gefälschte Online-Rechnungen der Telekom als Lockmittel, um Schadsoftware zu verbreiten. Dieses Mal reagiert der Konzern mit Warn-Mails und einem Blog-Eintrag, der Unterscheidungsmerkmale zu echten Rechnungen erklärt.
---------------------------------------------
http://www.heise.de/security/meldung/Telekom-reagiert-mit-Blog-Eintrag-auf-gefaelschte-Rechnungen-2087353.html


*** The Hidden Backdoors to the City of Cron ***
---------------------------------------------
An attackers key to creating a profitable malware campaign is its persistency. Malicious code that is easily detected and removed will not generate enough value for their creators. This is the reason why we are seeing more and more malware using creative backdoor techniques, different obfuscation methods, and using unique approaches to increase the lifespanRead More
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/MCeUaRyYi88/the-hidden-backdoors-to-the-city-of-cron.html


*** DynDNS-Dienst knickt unter DDoS-Attacke ein ***
---------------------------------------------
Dyn, Betreiber eines der bekanntesten DynDNS-Dienstes, ist Ziel eines DDoS-Angriffs geworden. Es ist zwar nur ein Teil der DNS-Infrastruktur des Anbieters betroffen, aber die Störung schlägt dennoch bis zu den Nutzern durch.
---------------------------------------------
http://www.heise.de/newsticker/meldung/DynDNS-Dienst-knickt-unter-DDoS-Attacke-ein-2087662.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Niederländische Behörden warnen vor Webcams ***
---------------------------------------------
Die niederländischen Justizbehörden warnen, dass die in Tablets und Latops eingebauten Webcams eine Sicherheitslücke darstellen, über die Hacker eindringen können. Abkleben wird empfohlen.
---------------------------------------------
http://www.heise.de/security/meldung/Niederlaendische-Behoerden-warnen-vor-Webcams-2087684.html