[CERT-daily] Tageszusammenfassung - Dienstag 27-05-2014

Tue May 27 18:09:23 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 26-05-2014 18:00 − Dienstag 27-05-2014 18:00
Handler:     Christian Wojner
Co-Handler:  Stephan Richter


*** Mac OS X: VirusTotal veröffentlicht Uploader ***
---------------------------------------------
Der von Google aufgekaufte Viren-Scan-Dienst hat ein Tool veröffentlicht, mit dem Mac-Nutzer suspekte Dateien und Programme zur Prüfung hochladen können. VirusTotal erhofft sich tieferen Einblick in OS-X-Schadsoftware.
---------------------------------------------
http://www.heise.de/security/meldung/Mac-OS-X-VirusTotal-veroeffentlicht-Uploader-2198089.html


*** Malicious Redirections to Porn Websites ***
---------------------------------------------
The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infections had a similar pattern where they only targeted mobile devices. They are highly conditional as well making it challenging for webmasters to detect. Lets take a minute to explain...
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/aMQhA3--dfg/website-infections-malicious-redirect-to-porn-website-target-wordpress-and-joomla-users.html


*** Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass ***
---------------------------------------------
Accounts accessed from Wi-Fi hotspots and other unsecured networks are wide open.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/yKbonlXYDrk/


*** Youve got Mail! But someone else is reading it in Outlook for Android ***
---------------------------------------------
Researchers say Redmond forgot to encrypt messages stored on Android SD cards Researchers have plucked privacy holes in Microsofts Outlook Android app that expose user data when user security setting screws were not tightened.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/05/27/prying_privacy_pundits_crypto_calamity_outlook_outcry/


*** Mt. Gox: Bitcoin-Preise angeblich durch Bots manipuliert ***
---------------------------------------------
Neue Spekulation um die insolvente Bitcoin-Börse Mt. Gox: Laut einer Analyse sollen Bots die Preise an der Börse getrieben und mindestens rund 570.000 Bitcoins aufgekauft haben.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Mt-Gox-Bitcoin-Preise-angeblich-durch-Bots-manipuliert-2197907.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Fernwartungsfunktion: Onlineganoven entführen Macs und iPhones ***
---------------------------------------------
Mit "Find My iPhone" und "Find My Mac" können Nutzer geklaute Hardware über ihre Apple ID sperren. Gerät diese in falsche Hände, können das aber auch Erpresser. In Australien sollen solche "Entführungen" gerade öfter vorkommen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Fernwartungsfunktion-Onlineganoven-entfuehren-Macs-und-iPhones-2198274.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** cPanel cgiemail Character Injection Flaw Lets Remote Users Send SPAM via the System ***
---------------------------------------------
A remote user can inject newline characters via certain parameters to modify email fields and send SPAM to arbitrary destination addresses via cgiemail.
---------------------------------------------
http://www.securitytracker.com/id/1030287


*** Avast-Forum fällt Hackerangriff zum Opfer ***
---------------------------------------------
Unbekannten gelang es, Nutzernamen, E-Mail-Adressen und verschlüsselte Passwörter von 350.000 Nutzern zu kopieren. Der Firmenchef des Antivirenherstellers hält es für möglich, dass die Hacker an Klartext-Passwörter kommen.
---------------------------------------------
http://www.heise.de/security/meldung/Avast-Forum-faellt-Hackerangriff-zum-Opfer-2198377.html


*** Multiple Vulnerabilities in TYPO3 CMS ***
---------------------------------------------
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing.
---------------------------------------------
http://typo3.org/news/article/multiple-vulnerabilities-in-typo3-cms-1/


*** Amazons AWS bietet Verschlüsselung auf Blockebene ***
---------------------------------------------
Nutzer von Amazons Cloud-Angeboten können ihre auf virtuellen Laufwerken gespeicherten Daten verschlüsseln.
---------------------------------------------
http://www.heise.de/security/meldung/Amazons-AWS-bietet-Verschluesselung-auf-Blockebene-2198284.html


*** Top 10 Windows Server Security Misconfigurations ***
---------------------------------------------
Introduction According to Wikipedia, 32.6% of servers on the Internet are running Microsoft Windows. The purpose of this article is to create awareness among system administrators and managers about some of the areas on which it is important to focus when implementing a new Windows build or when hardening the security of an existing server. The Survey One of the activities of the @NCCGroupInfosec team is to perform build reviews on clients' systems, looking for any misconfigurations that...
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/05/top-10-windows-server-security-misconfigurations/


*** Zeus-Carberp Hybrid Trojan Pops Up ***
---------------------------------------------
Researchers have discovered a new hybrid Trojan that combines elements of two of the more notorious crimeware strains of the last few years: Zeus and Carberp. It's not uncommon for malware writers to steal bits and pieces of code from one another, but both Zeus and Carberp were once exclusively private tools, but the source...
---------------------------------------------
http://threatpost.com/zeus-carberp-hybrid-trojan-pops-up/106283