[CERT-daily] Tageszusammenfassung - Montag 20-01-2014

Mon Jan 20 18:07:01 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 17-01-2014 18:00 − Montag 20-01-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner

*** NCR: Weltweit 95 Prozent aller Geldautomaten mit Windows XP ***
---------------------------------------------
Laut einem hochrangigen Manager des Herstellers NCR laufen fast alle Geldautomaten weltweit noch mit Windows XP. Die Deutsche Kreditwirtschaft will davon nichts wissen, und erklärt, dass die Geldautomaten in Deutschland nicht am Internet hängen. Daher spiele die Art des Betriebssystems keine Rolle. 
---------------------------------------------
http://www.golem.de/news/ncr-weltweit-95-prozent-aller-geldautomaten-mit-windows-xp-1401-103997-rss.html


*** Adware vendors buy Chrome Extensions to send ad- and malware-filled updates ***
---------------------------------------------
A first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the "Add to Feedly" extension. One morning, Agarwal got an e-mail offering "4 figures" for the sale of his Chrome extension. The extension was only about an hours worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account..
---------------------------------------------
http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/


*** VPN Related Vulnerability Discovered on an Android device - Disclosure Report ***
---------------------------------------------
As part of our ongoing mobile security research we have uncovered a network vulnerability on Android devices which has serious implications for users using VPN. This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the
---------------------------------------------
http://cyber.bgu.ac.il/blog/vpn-related-vulnerability-discovered-android-device-disclosure-report


*** Looking Forward Into 2014: What 2013′s Mobile Threats Mean Moving Forward ***
---------------------------------------------
2013 was the year that the Android malware not just grew, but matured into a full-fledged threat landscape. Not only did the number of threats grow, the sophistication and capabilities associated with these threats grew as well. As we noted earlier, the number of mobile malware threats has crossed the one million mark, and as of ...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/mF1EIjR8duU/


*** Open-Xchange Server Multiple Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been reported in Open-Xchange, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting and script insertion attacks.
---------------------------------------------
https://secunia.com/advisories/56390


*** F5 ARX Series Cyrus SASL NULL Pointer Dereference Vulnerability ***
---------------------------------------------
F5 has acknowledged a vulnerability in F5 ARX Series, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a bundled vulnerable version of Cyrus SASL in relation to the ARX Manager Configuration utility.
---------------------------------------------
http://secunia.com/advisories/56077/


*** Moodle Security Bypass Security Issue and Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A security issue and a vulnerability have been reported in Moodle, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site request forgery attacks.
---------------------------------------------
https://secunia.com/advisories/56556