=======================
= End-of-Shift report =
=======================
Timeframe: Montag 18-02-2013 18:00 − Dienstag 19-02-2013 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Bugtraq: Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525726
*** Bugtraq: Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/525724
*** Cyber Security Bulletin (SB13-049) - Vulnerability Summary for the Week of February 11, 2013 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB13-049.html
*** Trust but verify: when CAs fall short ***
---------------------------------------------
"Weve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem...."
---------------------------------------------
http://www.securelist.com/en/blog/208194124/Trust_but_verify_when_CAs_fall_…
*** [TYPO3-announce] [Ticket#2013021910000016] Security issues in several third party TYPO3 extensions including cooluri and static_info_tables ***
---------------------------------------------
Several vulnerabilities have been found in the following third party TYPO3 extensions:
CoolURI (cooluri)
Static Info Tables (static_info_tables)
Fluid Extbase Development Framework (fed)
My quiz and poll (myquizpoll)
RSS feed from records (push2rss_3ds)
Slideshare (slideshare)
WEC Discussion Forum (wec_discussion)
For further information on the issue in the extension "CoolURI"...
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e…http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e…http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e…
*** Netzpolitik - Hackerangriff auf sparkasse.de ***
---------------------------------------------
Unbekannte haben Website manipuliert
---------------------------------------------
http://derstandard.at/1361240471623/Hackerangriff-auf-sparkassede
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 15-02-2013 18:00 − Montag 18-02-2013 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Most Malware-Laden Links Came From Legitimate Sites in 2012 ***
---------------------------------------------
"More malicious Websites were spotted in 2012, and most of them werent found in the seedier parts of the Internet, according to a recently released report from Websense. Nearly 85 percent of malicious Web links last year were found on legitimate hosts that had been compromised, compared to 82 percent in 2011, Websense said Tuesday in its 2013 Threat Report. Websense also found a 600 percent increase malicious websites in 2012 over 2011 levels...."
---------------------------------------------
http://www.securityweek.com/most-malware-laden-links-came-legitimate-sites-…
*** Vuln: IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities ***
---------------------------------------------
IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55095
*** 1st International Symposium for ICS & SCADA Cyber Security 2013 ***
---------------------------------------------
"The 1st International Symposium for ICS & SCADA Cyber Security brings together researchers with an interest in the security of industrial control systems in the light of their increasing exposure to cyber-space. The topics of interests are broad, ranging from security for hardware/firmware used in industrial control systems, to system aspects of ICS such as secure architectures and vulnerability screening to the human aspects of cyber security such as behaviour modelling and training.
---------------------------------------------
http://www.ics-csr.com/
*** ATM Fraud & Security Digest - January 2013 ***
---------------------------------------------
"January 2013 commenced with a significant number of cash trapping events detected in Europe. In response to this type of ATM fraud, the ATMIA have published Best Practices for Preventing Cash Trapping at ATMs. Card trapping was also at a significant level in January prompting warnings to the public...."
---------------------------------------------
http://www.atmsecurity.com/atm-security-monthly-digest/atm-fraud-security-d…
*** Webmail and Online Banks Targeted By Phishing Proxies ***
---------------------------------------------
An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VOI-9HX5F-k/story01.htm
*** Examining How Facebook Got Hacked ***
---------------------------------------------
"Even the most savvy information technologists arent immune from cyber-attacks. Just ask Facebook. The social-media titan says it fell victim to a sophisticated attack discovered in January in which an exploit allowed malware to be installed on employees laptops...."
---------------------------------------------
http://www.databreachtoday.com/examining-how-facebook-got-hacked-a-5518
*** They Sent A Guy A Coffin With His Name On It Why Russian Cyber Crooks Are So Scary ***
---------------------------------------------
"Russian cyber crooks hanging around the darkweb are the most advanced fraudsters on the planet. And, worryingly for the rest of the world, they are some of the most patriotic too. Thats what TechWeekEurope heard during a trip to RSAs Anti-Fraud Command Center (pictured) in Tel Aviv, Israel, where sleuths, who spend their days interacting with cyber crooks on the darkweb to learn about the latest trends amongst Russias Internet thieves, told one particularly Godfather-esque story...."
---------------------------------------------
http://www.techweekeurope.co.uk/news/russian-cyber-crooks-scary-rsa-fraud-c…
*** Schedule update to Security Advisory for Adobe Reader and Acrobat (APSA13-02) ***
---------------------------------------------
We just updated the Security Advisory (APSA13-02) posted on Wednesday, February 13, 2013 to include the planned schedule for a patch to resolve CVE-2013-0640 and CVE-2013-0641. Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and [...]
---------------------------------------------
http://blogs.adobe.com/psirt/2013/02/schedule-update-to-security-advisory-f…
*** IT-Sicherheit: Nur wenige handeln vernünftig ***
---------------------------------------------
Eine neue Studie der TU und der Universität Wien beschreibt das Sicherheitsverhalten österreichischer Unternehmen und Privatpersonen. Das Sicherheitsbewusstsein im IT-Bereich bei Behörden und Großunternehmen ist hoch, doch doch selbst gut Informierte wappnen sich oft unzureichend.
---------------------------------------------
http://futurezone.at/digitallife/14151-it-sicherheit-nur-wenige-handeln-ver…
*** Tech Insight: Attribution is Much More Than a Source IP ***
---------------------------------------------
"Recent attacks are shining more light on the need for attribution, but companies seem too quick to jump to the Chinese / APT bandwagon."The Chinese hacked us" is becoming an all too common phrase in recent corporate hacks. While it is no doubt true in some of the situations, its hard not to wonder how many of these attack victims are crying Red Army... er, uhm... wolf. Or, how many are simply basing their accusations on incomplete, faulty evidence...."
---------------------------------------------
http://www.darkreading.com/threat-intelligence/167901121/security/attacks-b…
*** [BSI] TW-T13/0016 - Mehrere Schwachstellen in Pidgin geschlossen ***
---------------------------------------------
BETROFFENE SYSTEME
- Pidgin vor Version 2.10.7
EMPFEHLUNG
Das BürgerCERT empfiehlt die zeitnahe Installation der vom Hersteller
bereitgestellten Sicherheitsupdates [4], um die Schwachstellen zu
schließen.
BESCHREIBUNG
Pidgin ist ein Instant Messaging Client, der mehrere Instant Messaging...
---------------------------------------------
https://www.buerger-cert.de/archive?type=widtechnicalwarning&nr=TW-T13-0016
*** [webapps] - Netgear DGN2200B - Multiple Vulnerabilities ***
---------------------------------------------
Netgear DGN2200B - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24513
*** Bugtraq: SI6 Networks IPv6 Toolkit v1.3 released! ***
---------------------------------------------
SI6 Networks IPv6 Toolkit v1.3 released!
---------------------------------------------
http://www.securityfocus.com/archive/1/525711
*** Bugtraq: CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities ***
---------------------------------------------
CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/525708
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 14-02-2013 18:00 − Freitag 15-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** CFP: 8th International Workshop on Critical Information Infrastructures Security ***
---------------------------------------------
"(CRITIS 2013) Amsterdam, The Netherlands September 16-18, 2013Deadline for submission of papers: May 10, 2013Notification to authors: June 30, 2013Camera-ready papers: August 16, 2013The eighth CRITIS Conference on Critical Information Infrastructures Security is set to continue a tradition of presenting innovative research and exploring new challenges for the protection of critical information-based infrastructures. This conference focus is on the challenges regarding resilience of smart
---------------------------------------------
http://www.critis2013.nl/
*** Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability&
*** Adobe adds anti-spearphishing feature for Word embedded Flash ***
---------------------------------------------
"Scheduled update fixes 17 critical flaws in Flash, two in Shockwave and adds Click to Play auto-launch check for embedded Flash in Office documents. Hot of the heels of Adobes Flash zero-day fixes last Friday, the company has released a new update which integrates a security feature that could have helped prevent recent spearphishing attacks using embedded Flash in older versions of Microsoft Office documents. The Flash Player updates fix 17 critical vulnerabilities affecting it on
---------------------------------------------
http://www.cso.com.au/article/453621/adobe_adds_anti-spearphishing_feature_…
*** Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection ***
---------------------------------------------
Topic: Edimax EW-7206APg & EW-7209APg Redirection / XSS / Header Injection Risk: Low Text:Device Name: EW-7206APg / EW-7209APg Vendor: Edimax Vulnerable Firmware Releases: Device: EW-7206APg Hardw...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hKlz2mqtt70/WLB-20…
*** TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS ***
---------------------------------------------
Topic: TP-Link TL-WA701N / TL-WA701ND Directory Traversal & XSS Risk: Medium Text:Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link Vulnerable Firmware Releases: Firmware Version: 3.12.6 Bui...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/KnenNycHmss/WLB-20…
*** Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass ***
---------------------------------------------
Topic: Raidsonic IB-NAS5220 / IB-NAS4220-B XSS / Authentication Bypass Risk: High Text:Device Name: IB-NAS5220 / IB-NAS4220-B Vendor: Raidsonic Vulnerable Firmware Releases: Product Name IB-NAS5220...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/wLNEwqEuBik/WLB-20…
*** Websense Security Labs Releases 2013 Threat Report ***
---------------------------------------------
"Websense Security Labs has released its 2013 Threat Report. The study details the most prevalent mobile, social, email and web-based threats from last year. As far as the web is concerned, experts say it has become significantly more malicious in 2012...."
---------------------------------------------
http://news.softpedia.com/news/Websense-Security-Labs-Releases-2013-Threat-…
*** Wachsender Markt für Zero-Day-Exploits ***
---------------------------------------------
Mit ihrer offensiven Cyberwar-Strategie fördert die US-Regierung einen globalen Markt für IT-Sicherheitslücken, beklagen Experten. Das könnte das Web noch unsicherer machen, als es heute schon ist.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Wachsender-Markt-fuer-Zero-Day-Explo…
*** Apple kündigt Fix für Passcode-Problem in iOS 6.1 und 6.1.1 an ***
---------------------------------------------
Das Unternehmen zeigt sich über den Fehler informiert, mit dem sich auf Kontakte, Fotoalbum sowie Telefonfunktion zugreifen lässt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28978a85/l/0L0Sheise0Bde0Csec…
*** Mobile network infections increase by 67% ***
---------------------------------------------
"Kindsight released a new report that reveals security threats to home and mobile networks, including a small decline in home network infections and an increase in mobile network infections. Highlights include:The rate of home network infections decreased from 13 to 11 percent in Q4; 6 percent exhibited high-level threats, such as bots, rootkits and banking Trojans. The ZeroAccess botnet continued to be the most common malware threat, infecting 0...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2415
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 13-02-2013 18:00 − Donnerstag 14-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Drupal Manager Change For Organic Groups 7.x Cross Site Scripting ***
---------------------------------------------
Topic: Drupal Manager Change For Organic Groups 7.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1916312 * Advisory ID: DRUPAL-SA-CONTRIB-2013-015 * Project: Manager Change for Org...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/_gQ6taUHG30/WLB-20…
*** OpenPLI OS Command Execution / Cross Site Scripting ***
---------------------------------------------
Topic: OpenPLI OS Command Execution / Cross Site Scripting Risk: High Text:Device Name: OpenPLI - Dream Multimedia Box with OpenPLI software Vendor of device: Dream Multimedia Vendor of Software: Open...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Xw2JT_kHdgI/WLB-20…
*** Drupal Banckle Chat 7.x Access Bypass ***
---------------------------------------------
Topic: Drupal Banckle Chat 7.x Access Bypass Risk: High Text:View online: http://drupal.org/node/1916370 * Advisory ID: DRUPAL-SA-CONTRIB-2013-016 * Project: Banckle Chat [1] (thir...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/rLZXZc-YDas/WLB-20…
*** Foxit Reader Plugin URL Processing Buffer Overflow ***
---------------------------------------------
Topic: Foxit Reader Plugin URL Processing Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/_YZtyNAPpCI/WLB-20…
*** Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash ***
---------------------------------------------
Topic: Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash Risk: Medium Text:Lua for Windows (LfW) V5.1.4-46 => os.getenv ntdll.dll Crash found by: devilteam.pl contact: info(a)devilteam.pl ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/-0kYjNur224/WLB-20…
*** DirectAdmin On-Line Demo SQL Injection ***
---------------------------------------------
Topic: DirectAdmin On-Line Demo SQL Injection Risk: Medium Text:++++++++++++++++++++++++++++++++++++++ # Exploit Title :DirectAdmin On-Line Demo SQLInjection # *Vendor*:http://www.directadm...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/OL1UqRx5FGI/WLB-20…
*** Datenschutzbedenken bei Google Play Store ***
---------------------------------------------
Bei jedem Kauf in Googles App-Store werden automatisch Name, E-Mail-Adresse und Standortinformationen zum App-Entwickler übertragen, ohne, dass der Käufer dem explizit zustimmt.
---------------------------------------------
http://futurezone.at/digitallife/14096-datenschutzbedenken-bei-google-play-…
*** [webapps] - Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities ***
---------------------------------------------
Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24500
*** [papers] - A Short Guide on ARM Exploitation ***
---------------------------------------------
A Short Guide on ARM Exploitation
---------------------------------------------
http://www.exploit-db.com/download_pdf/24493
*** Unscrambling an Android Telephone With FROST ***
---------------------------------------------
Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFQuYaJ5DZU/story01.htm
*** iPhone-Lücke erlaubt Zugriff ohne Passcode ***
---------------------------------------------
Durch eine Schwachstelle kann man bei gesperrten iOS-Geräten auf Kontakte und Fotos zugreifen, ohne den Passcode einzugeben. Auch Telefonate sind dadurch möglich. Wir konnten das Problem mit einem iPhone 4 und einem iPhone 5 nachvollziehen, auf denen jeweils die aktuelle iOS-Version 6.1 installiert ist
---------------------------------------------
http://www.heise.de/newsticker/meldung/iPhone-Luecke-erlaubt-Zugriff-ohne-P…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 12-02-2013 18:00 − Mittwoch 13-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Data protection practices in EU and Asia ***
---------------------------------------------
"Research undertaken by Field Fisher Waterhouse into the existing legal framework mandating encryption of personal data in the EU and Asia. The study details legal requirements in the EU and Asia and reveals a trajectory of data protection regulation towards encryption as a compliance imperative. The litany of highly visible data breach incidents in 2012, further compounded by the steep penalties being delivered by data protection watchdogs, means that the pressure to protect the integrity
---------------------------------------------
http://www.net-security.org/secworld.php?id=14395
*** Neues Sicherheits-Update für Ruby on Rails ***
---------------------------------------------
Mit den Rails-Versionen 3.2.12 und 3.1.11 und 2.3.17 werden kritische Sicherheitslücken geschlossen. Zusätzlich sollen Nutzer das Gem für JSON auf die neuste Version aktualisieren.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287dc9e1/l/0L0Sheise0Bde0Csec…
*** Summary for February 2013 - Version: 1.1 ***
---------------------------------------------
This bulletin summary lists security bulletins released for February 2013.
With the release of the security bulletins for February 2013, this bulletin summary replaces the bulletin advance notification originally issued February 7, 2013.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb
*** RADIUS Authentication Bypass ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Remote Authentication Dial In User Service (RADIUS) authentication on adevice that is running certain versions of Cisco Internetworking OperatingSystem (IOS) and configured with a fallback method to none canbe bypassed.Systems that are configured for other authentication methods or thatare not configured with a fallback method tonone are not affected.Only the systems that are running certain versions of Cisco IOS
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=RADIUS Authentication Bypass&vs_k=1
*** How Lockheed Martins Kill Chain Stopped SecurID Attack ***
---------------------------------------------
"A few months after RSA had rocked the security world with news that it had been breached and its SecurID database exposed in a sophisticated attack, defense contractor Lockheed Martin discovered an intruder in its network using legitimate credentials."We almost missed it," says Steve Adegbite, director of cybersecurity for Lockheed Martin, of the intrusion sometime around May or early June 2011. "We thought at first it was a new person in the department ... but then it
---------------------------------------------
http://www.darkreading.com/authentication/167901072/security/attacks-breach…
*** SonicWALL Scrutinizer 9.5.2 SQL Injection ***
---------------------------------------------
Topic: SonicWALL Scrutinizer 9.5.2 SQL Injection Risk: Medium Text:Title: Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: == 2013-02-13 References: == htt...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/2p4Vvj_j1ng/WLB-20…
*** Vuln: EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability ***
---------------------------------------------
EMC NetWorker nsrindexd RPC Service Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57182
*** Zero-Day-Lücke im Adobe Reader ***
---------------------------------------------
Sicherheitsforscher haben ein speziell präpariertes PDF-Dokument entdeckt, das offenbar eine bislang unbekannte Schwachstelle im Reader ausnutzt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/288471e5/l/0L0Sheise0Bde0Csec…
*** OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability ***
---------------------------------------------
Topic: OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Risk: High Text:
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Q1XBAdgibv4/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 11-02-2013 18:00 − Dienstag 12-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Microsoft Report Examines Socio-Economic Relationships to Malware Infections ***
---------------------------------------------
"Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy. The results arent so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better
---------------------------------------------
http://threatpost.com/en_us/blogs/microsoft-report-examines-socio-economic-…
*** Bugtraq: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack ***
---------------------------------------------
Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack
---------------------------------------------
http://www.securityfocus.com/archive/1/525643
*** Feds Offer $20M For Critical Open Source Energy Network Cybersecurity Tools ***
---------------------------------------------
coondoggie writes "The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nations vulnerable energy supply. The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost." Read more of this
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9TMHc5f0eM4/story01.htm
*** Dorkbot worm lurks on Skype and MSN Messenger again ***
---------------------------------------------
"The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet. The vicious circle starts with potential victims receiving a direct message from a contact, asking "LOL is this your new profile pic? http://goo...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2408
*** Brother HL5370 Command Execution & Password Guessing ***
---------------------------------------------
Topic: Brother HL5370 Command Execution & Password Guessing Risk: High Text:Tested on Brother HL5370 latest firmware so far, confirmed working against many others by Brother documentation >From Brothe...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/x_kg5EVaYGc/WLB-20…
*** Huawei Mobile Partner Poor Permissions ***
---------------------------------------------
Topic: Huawei Mobile Partner Poor Permissions Risk: High Text:1. DESCRIPTION Huawei Mobile Partner application contains a flaw that may allow an attacker to gain access to unauthorized ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/LXaaPcg1qMI/WLB-20…
*** Windows Manage Persistent Payload Installer ***
---------------------------------------------
Topic: Windows Manage Persistent Payload Installer Risk: Low Text:## # ## This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vb4FCkPCJRg/WLB-20…
*** Wordpress newscast Theme SQL Injection ***
---------------------------------------------
Topic: Wordpress newscast Theme SQL Injection Risk: Medium Text: # # Exploit Title: wordpress newscast Theme SQL Injection # Google Dork: inurl:/wp-content/themes/newscast & inurl:"s...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Stvaf5d_Ze4/WLB-20…
*** Wordpress image news slider v3 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress image news slider v3 Plugin SQL Injection Risk: Medium Text: # # Exploit Title: wordpress image news slider v3 Plugin SQL Injection # Google Dork: inurl:/wp-content/plugins/wp-...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/KzGKRl1pfrw/WLB-20…
*** cURL auf Abwegen ***
---------------------------------------------
Ein Server kann cURL über Umwege dazu bringen, beim Abruf einer Webseite beliebigen Code auf dem System auszuführen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd2/l/0L0Sheise0Bde0Csec…
*** Microsoft will am Februar-Patchday 57 Lücken schließen ***
---------------------------------------------
Der nächste Patchday bringt zwölf Bulletins, von denen fünf kritische Lücken schließen. Abgesichert werden unter anderem sämtliche Windows-Versionen, der Internet Explorer und Exchange.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287bfbd1/l/0L0Sheise0Bde0Csec…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 08-02-2013 18:00 − Montag 11-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** ct Trojaner-Test: Die alten fangen sie alle ***
---------------------------------------------
Der Trojaner-Test der aktuellen ct attestiert den Viren-Wächtern eine hervorragende Leistung: Sie blockierten alle Trojaner, wenn diese über eine Woche alt waren. Wer seine Mail allerdings sofort öffnet, muss aufpassen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2863edd1/l/0L0Sheise0Bde0Cmel…
*** Security Firm Bit9 Hacked, Used to Spread Malware ***
---------------------------------------------
"Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. Waltham, Massachusetts-based Bit9 is a leading provider of application whitelisting services, a security technology that turns the traditional approach to fighting malware on its head.
---------------------------------------------
http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread…
*** Bots, Zeus, Web Exploits: the Most Potent Threats of 2012 ***
---------------------------------------------
"Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure claims that the second half of 2012 was really about things that rarely (if ever) come up in local and national news: botnets, ZeroAccess in particular, Java and other Web exploits, and the
---------------------------------------------
http://threatpost.com/en_us/blogs/bots-zeus-web-exploits-most-potent-threat…
*** New Whitehole exploit toolkit emerges on the underground market ***
---------------------------------------------
"A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday. Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player. Attacks that use such toolkits are called drive-by downloads
---------------------------------------------
http://www.csoonline.com/article/728509/new-whitehole-exploit-toolkit-emerg…
*** Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection ***
---------------------------------------------
Topic: Wordpress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection Risk: Medium Text:# Exploit Title: wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection # Google Dork: inurl:/wp-content...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hLRBxtv9_j0/WLB-20…
*** [dos] - Schneider Electric Accutech Manager Heap Overflow PoC ***
---------------------------------------------
Schneider Electric Accutech Manager Heap Overflow PoC
---------------------------------------------
http://www.exploit-db.com/exploits/24474
*** Wordpress post2pdf-converter v2 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress post2pdf-converter v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress post2pdf-converter v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/post2pdf-convert...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ymNXfLXFu7A/WLB-20…
*** Wordpress smart-map v2 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress smart-map v2 Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress smart-map v2 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/smart-map inurl:show-smar...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/3bHfg6PXmFU/WLB-20…
*** "Intel Packet of Death" ist kein Intel-Problem ***
---------------------------------------------
Die vermeintlichen Todespakete, mit denen man bestimmte Intel-Netzwerkinterfaces abschießen können soll, betreffen offenbar nur einen einzigen Board-Hersteller. Laut Intel hat dieser beim Programmieren des EEPROMs gepatzt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/287185f4/l/0L0Sheise0Bde0Cmel…
*** Vuln: GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability ***
---------------------------------------------
GNU glibc Dynamic Linker $ORIGIN Local Privilege Escalation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/44154
*** [papers] - Manipulating Memory for Fun & Profit ***
---------------------------------------------
Manipulating Memory for Fun & Profit
---------------------------------------------
http://www.exploit-db.com/download_pdf/24482
*** [webapps] - Linksys WRT160N - Multiple Vulnerabilities ***
---------------------------------------------
Linksys WRT160N - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24478
*** Linksys WAG200G Multiple Vulns ***
---------------------------------------------
Topic: Linksys WAG200G Multiple Vulns Risk: Medium Text:Device Name: Linksys WAG200G Vendor: Linksys/Cisco Device Description: The WAG200G is a Linksys Wireless-G A...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/QVSmcx_37s8/WLB-20…
*** Apache CXF WSS4JInInterceptor always allows HTTP Get requests ***
---------------------------------------------
Topic: Apache CXF WSS4JInInterceptor always allows HTTP Get requests Risk: High Text:CVE-2012-5633: WSS4JInInterceptor always allows HTTP Get requests from browser Severity: Critical Vendor: The Apache Soft...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/mpI-hZhtnw0/WLB-20…
*** Nach dem Java-Update ist vor dem Java-Update ***
---------------------------------------------
Oracle hat mit seinem Notfall-Update am 1. Februar schnell reagiert. Eigentlich war ein Update für den 19. Februar geplant. Dieser Termin wird nun auch eingehalten: Mit einem Update für den Notfall-Patch.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2872904c/l/0L0Sheise0Bde0Cmel…
*** Java Zero-Day Offered On Russian Dark Market For $100k ***
---------------------------------------------
"Java zero-day software flaws arent just worth tens of thousands, they can fetch hundreds of thousands, according to RSA security experts. When asked how much vulnerabilities were selling for, one cyber intelligence agent, tasked specifically with infiltrating Russian dark markets on the Web, told TechWeekEurope he had seen a Java vulnerability on sale for $100,000. The latest Java vulnerability, that went for $100,000, he said...."
---------------------------------------------
http://www.techweekeurope.co.uk/news/java-zero-day-russian-forum-sale-10000…
*** OpenSSL 1.0.1e Released with Corrected fix for CVE-2013-1069, more here: http://www.openssl.org/, (Mon, Feb 11th) ***
---------------------------------------------
-- John Bambenek bambenek \at\ gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15133&rss
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 07-02-2013 18:00 − Freitag 08-02-2013 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Viele Router-Lücken, wenig Patches ***
---------------------------------------------
Michael Messner hat nachgelegt: In seinem Blog veröffentlichte er weitere Schwachstellen in Routern von Linksys, Netgear und erneut D-Link. Die Hersteller sind seit Monaten informiert, trotzdem sind die meisten Lücken noch sperrangelweit offen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2856de6a/l/0L0Sheise0Bde0Cmel…
*** Advance Notification Service for the February 2013 Security Bulletin Release ***
---------------------------------------------
We're kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. Per our...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/02/07/advance-notification-ser…
*** Vuln: PostgreSQL enum_recv() Function Denial of Service Vulnerability ***
---------------------------------------------
PostgreSQL enum_recv() Function Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57844
*** Vuln: Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability ***
---------------------------------------------
Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57788
*** Vuln: Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability ***
---------------------------------------------
Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57787
*** Vuln: cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability ***
---------------------------------------------
cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57842
*** Is it Spam or Is it Malware?, (Fri, Feb 8th) ***
---------------------------------------------
Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pics. We are all IT security professionals here and know the preachers drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete. BUT, we are also human. We are the weakest link! So, today that one friend sends something over to us. This friend has a great knack for sending water cooler stuff that can warrant a look
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15121&rss
*** Vuln: Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability ***
---------------------------------------------
Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57778
*** VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html, (Fri, Feb 8th) ***
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15124&rss
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 06-02-2013 18:00 − Donnerstag 07-02-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Bugtraq: Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability ***
---------------------------------------------
Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525591
*** WordPress CommentLuv 2.92.3 Cross Site Scripting ***
---------------------------------------------
Topic: WordPress CommentLuv 2.92.3 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23138 Product: CommentLuv WordPress plugin Vendor: Andy Bailey Vulnerable Version(s): 2.92.3 and probably pr...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hGxikOAUsIU/WLB-20…
*** WordPress Wysija Newsletters 2.2 SQL Injection ***
---------------------------------------------
Topic: WordPress Wysija Newsletters 2.2 SQL Injection Risk: Medium Text:Advisory ID: HTB23140 Product: Wysija Newsletters WordPress plugin Vendor: Wysija Vulnerable Version(s): 2.2 and probably pr...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/XJ6UhJjgxu4/WLB-20…
*** [webapps] - Netgear DGN1000B - Multiple Vulnerabilities ***
---------------------------------------------
Netgear DGN1000B - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24464
*** [dos] - Cool PDF Reader 3.0.2.256 Buffer Overflow ***
---------------------------------------------
Cool PDF Reader 3.0.2.256 Buffer Overflow
---------------------------------------------
http://www.exploit-db.com/exploits/24463
*** Vuln: Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness ***
---------------------------------------------
Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness
---------------------------------------------
http://www.securityfocus.com/bid/57790
*** Intel Network Card (82574L) Packet of Death, (Wed, Feb 6th) ***
---------------------------------------------
An interesting blog post by Kristian Kielhofer describes how a specific SPI packet can kill an Intel Gigabit ethernet card [1]. If a card is exposed to this traffic, the system has to be physically power cycled. A reboot will not recover the system. The network card crashed whenever the value 0x32 or 0x33 was found at offset 0x47f. Kristian first noticed this happening for specific SIP packets, but in the end, it turned out that any packet with 0x32 at 0x47f caused the crash. Intel traced the
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15109&rss
*** Microsoft, Symantec Hijack 'Bamital' Botnet ***
---------------------------------------------
Microsoft and Symantec said Wednesday that have teamed up to seize control over the "Bamital" botnet, a multi-million dollar crime machine that used malicious software to hijack search results. The two companies are now using that control to alert hundreds of thousands of users whose PCs remain infected with the malware.Related Posts:Microsoft Issues Fix for Zero-Day IE FlawAdobe, Microsoft Ship Critical Security UpdatesPolish Takedown Targets 'Virut' BotnetMicrosoft
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ZnTidLd2mjU/
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 05-02-2013 18:00 − Mittwoch 06-02-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Sicherheitsalarm für D-Link-Router ***
---------------------------------------------
In den Modellen DIR-300 und DIR-600 klafft eine kritische Sicherheitslücke, durch die Angreifer beliebige Befehle mit Root-Rechten ausführen können -- bei vielen Systemen sogar aus dem Internet. Und der Hersteller will das Problem nicht beseitigen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/284304da/l/0L0Sheise0Bde0Cmel…
*** Wordpress wp-forum plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress wp-forum plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress wp-forum plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # s...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Il59FzJa50U/WLB-20…
*** Maximal 9999 Bugs: CVE-Projekt stellt Zählweise um ***
---------------------------------------------
Da in den nächsten Jahren mehr als rund 10.000 offiziell gezählte Bugs beim Common-Vulnerabilities-and-Exposures-Projekt zu erwarten sind, soll die mögliche Zahl auf 999.999 pro Jahr erhöht werden. Drei neue Zählweisen sind im Gespräch.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2848af79/l/0L0Sheise0Bde0Cmel…
*** Scheinfirma signiert Malware ***
---------------------------------------------
Trojaner sind schon an sich ein Ärgernis - ausgestattet mit gültigen Zertifikaten, können sie sich einfacher bei ihren Opfern einschleichen. Nun soll ein Fall aufgetreten sein, bei der über die Anmeldung einer Scheinfirma Zertifikate erworben wurden.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/284aaf95/l/0L0Sheise0Bde0Cmel…
*** Bugtraq: SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin ***
---------------------------------------------
SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin
---------------------------------------------
http://www.securityfocus.com/archive/1/525585
*** Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.This advisory is available at the following link:
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability&vs_k=1
*** Bugtraq: Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin ***
---------------------------------------------
Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin
---------------------------------------------
http://www.securityfocus.com/archive/1/525587
*** Kaspersky-Update legt XP-Rechner lahm ***
---------------------------------------------
In der Nacht von Montag auf Dienstag lieferte Kaspersky ein fehlerhaftes Signatur-Update aus, das zahlreiche XP-Rechner weitgehend lahmlegte. Der Fehler stellte den Web-Schutz offenbar so scharf, dass die Kaspersky-Produkte fast alle Versuche zum Aufbau interner und externer Netzverbindungen schweigend blockierten. Zudem produzierte der Virenscanner maximale Systemlast, sobald Anwender ein Browser-Fenster öffneten.
---------------------------------------------
http://www.heise.de/meldung/Kaspersky-Update-legt-XP-Rechner-lahm-1799114.h…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 04-02-2013 18:00 − Dienstag 05-02-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Unlucky for you: UK crypto-duo crack HTTPS in Lucky 13 attack ***
---------------------------------------------
OpenSSL patch to protect against TLS decryption boffinry Two scientists say they have identified a new weakness in TLS, the encryption system used to safeguard online shopping, banking and privacy. The design flaw, revealed today, could be exploited to snoop on passwords and other sensitive information sent by users to HTTPS websites.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/04/unlucky_13_…
*** Bugtraq: ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities ***
---------------------------------------------
ESA-2013-002: RSA Archer® GRC Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/525541
*** Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF ***
---------------------------------------------
Topic: Nagios XI 2012R1.5b XSS & Command Execution & SQL Injection & CSRF Risk: Medium Text:Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?w...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/4q2noPJRt1M/WLB-20…
*** [webapps] - Cisco Unity Express Multiple Vulnerabilities ***
---------------------------------------------
Cisco Unity Express Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24449
*** Vuln: Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability ***
---------------------------------------------
Oracle E-Business Suite CVE-2013-0390 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57419
*** Bugtraq: APPLE-SA-2013-02-04-1 OS X Server v2.2.1 ***
---------------------------------------------
APPLE-SA-2013-02-04-1 OS X Server v2.2.1
---------------------------------------------
http://www.securityfocus.com/archive/1/525572
*** Crooks, think your Trojan looks legit? This one has a DIGITAL CERTIFICATE ***
---------------------------------------------
CA defends issuing digital seal to Brazilian swindlers Security researchers have discovered a banking Trojan that comes with its own built-in digital certificate.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/05/digitally_s…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 01-02-2013 18:00 − Montag 04-02-2013 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** VMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html), (Fri, Feb 1st) ***
---------------------------------------------
Jim Clausing, GIAC GSE #26 jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15058&rss
*** Twitter hacked, at least 250,000 users affected: what you can do to protect yourself ***
---------------------------------------------
"Ouch. Hyperpopular microblog-type-thing Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time. Earlier this week, both the New York Times and the Wall Street Journal came out with similar revelations...."
---------------------------------------------
http://nakedsecurity.sophos.com/2013/02/02/twitter-hacked-at-least-250000-u…
*** EU: Meldepflicht für Banken bei Cyberattacken ***
---------------------------------------------
Die EU-Kommission will wichtige Infrastruktur-Netze in der Union besser gegen Cyberattacken schützen. Mehrere Branchen sollen zur Meldung von Angriffen verpflichtet werden. Betroffen sind unter anderem Banken, Energieversorger, die Verkehrsbranche und Internetanbieter. Insgesamt sollen die Auflagen für 44.000 Unternehmen gelten.
---------------------------------------------
http://futurezone.at/netzpolitik/13850-eu-meldepflicht-fuer-banken-bei-cybe…
*** EU-Sicherheitsagentur ENISA erhält mehr Befugnisse ***
---------------------------------------------
Vertreter des EU-Rats und des Parlaments haben sich auf ein neues Mandat für die Europäische Agentur für Netz- und Informationssicherheit (ENISA) geeinigt. Die auf Kreta angesiedelte Behörde soll künftig unter anderem Computer-Notfallteams (CERTs, Computer Emergency Response Teams) bereithalten, wie aus einer Mitteilung (PDF-Datei) des Ministerrats hervorgeht. Zudem können Mitgliedsstaaten demnächst gezielt Hilfe im Fall von Sicherheitsverletzungen oder beim Verdacht auf kompromittierte Systeme anfordern.
---------------------------------------------
http://www.heise.de/meldung/EU-Sicherheitsagentur-ENISA-erhaelt-mehr-Befugn…http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/trans/1351…
*** Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac ***
---------------------------------------------
An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it's worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That's not exactly good news given that this is the latest release of Apple's...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/T12UqX_DPZo/story01.htm
*** Critical Java Update Fixes 50 Security Holes ***
---------------------------------------------
Oracle Corp. has issued an update for its Java SE software that plugs at least 50 security holes in the software, including one the company said was actively being exploited in the wild.Related Posts:Correction to Java Update StoryJava Security Update Scrubs 14 FlawsOracle Ships Critical Security Update for JavaJava Patch Plugs 17 Security HolesJava 6 Update 24 Plugs 21 Security Holes...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/B737Gp7Fig8/
*** Doctor Web: 2012 Virus Activity Overview ***
---------------------------------------------
January 14, 2013 The company Doctor Web is pleased to present its 2012 virus activity overview. Above all, the past year was marked by the largest-ever epidemic of the Trojan Backdoor.Flashback.39 for Mac OS. This event shook the world community and greatly undermined consumer faith in the "invulnerability" of the Apple operating system. In addition, the number of Trojan-encoder modifications and infections increased significantly over the past twelve months. One of the largest...
---------------------------------------------
http://news.drweb.com/show/?i=3215&lng=en&c=9
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 31-01-2013 18:00 − Freitag 01-02-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Yahoo! Hack Demonstrates the Risks Posed by Third-Party Code in Cloud Computing ***
---------------------------------------------
"Security firm Imperva has published its January Hacker Intelligence Initiative Report. The study, entitled Lessons Learned from the Yahoo! Hack, underscores the dangers of third-party code in cloud computing...."
---------------------------------------------
http://news.softpedia.com/news/Yahoo-Hack-Demonstrates-the-Risks-Posed-by-T…
*** Apple blockiert Java-Plugin erneut ***
---------------------------------------------
Die jüngste Java-Version steht nun auf der Plugin-Blockierliste von OS X. Apple verweist auf eine neuere Version von Oracle, die derzeit noch nicht erhältlich ist.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2819d5fb/l/0L0Sheise0Bde0Cmel…
*** BSI warnt vor virenverseuchten ELSTER-Steuerbescheiden ***
---------------------------------------------
Cyber-Kriminelle haben eine neue Masche entdeckt, um Malware unter das Volk zu bringen.Sie behaupten, der schädliche Anhang sei vom Finanzamt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2819d5f9/l/0L0Sheise0Bde0Cmel…
*** Largest cyber security exercise "Cyber Europe 2012" report published in 23 languages ***
---------------------------------------------
"ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector (financial, telecom and Internet), for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial...."
---------------------------------------------
https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exe…
*** Wordpress simple-shout-box Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress simple-shout-box Plugin SQL Injection Risk: Medium Text:# Exploit Title: wordpress-simple-shout-box Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/wordpress-simple-shou...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zqhX_F2Yo-Y/WLB-20…
*** Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection Risk: Medium Text:# Exploit Title: Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection # Google Dork: inurl:wp-content/plugins/portfolio-...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/d9I9Cwtp2QI/WLB-20…
*** Vuln: Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability ***
---------------------------------------------
Squid cachemgr.cgi Incomplete Fix Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57646
*** FreeBSD 9.1 ftpd Remote Denial of Service ***
---------------------------------------------
Topic: FreeBSD 9.1 ftpd Remote Denial of Service Risk: Medium Text:FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/http://cxsec.org/ Public Date: 0...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/gHoxPhhFEEc/WLB-20…
*** Wordpress wp-table-reloaded plugin cross-site scripting in SWF ***
---------------------------------------------
Topic: Wordpress wp-table-reloaded plugin cross-site scripting in SWF Risk: Low Text:# Exploit Title: Wordpress wp-table-reloaded plugin cross-site scripting in SWF # Release Date: 24/01/13 # Author: hip [Insig...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Y1QTuWd0xI0/WLB-20…
*** FreeBSD/GNU ftpd remote denial of service exploit ***
---------------------------------------------
Topic: FreeBSD/GNU ftpd remote denial of service exploit Risk: Medium Text:
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/eYD2LcbgKzE/WLB-20…
*** Facebook spam leads to Exploit Kit ***
---------------------------------------------
To no wonders, the Blackhole Exploit Kit is still trying to infect users. One of the techniques commonly used is to send the victim an email from for example Facebook, Linkedin, Twitter, ... . Asking to click on a link. We'll take a small peek at those tactics. We received the following email: Hi , You [...]
---------------------------------------------
http://pandalabs.pandasecurity.com/facebook-spam-leads-to-exploit-kit/
*** Heisec-Netzwerkcheck spürt offene UPnP-Dienste auf ***
---------------------------------------------
Millionen Netzwerkgeräte wie Router antworten auf UPnP-Anfragen aus dem Internet und sind damit potenziell angreifbar. Mit dem Netzwerkcheck von heise Security überprüfen Sie, ob Ihr Equipment auch dazugehört.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2821dff3/l/0L0Sheise0Bde0Cmel…
*** Filthy! old! blog! bug! blamed! for! Yahoo! webmail! hijacks! ***
---------------------------------------------
Unpatched WordPress flaw clears way for inbox takeovers Yahoo! webmail accounts are being hijacked by hackers exploiting an eight-month-old bug in the web giants blog, security biz Bitdefender warns.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/01/yahoo_webma…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 30-01-2013 18:00 − Donnerstag 31-01-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Vuln: Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability ***
---------------------------------------------
Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57641
*** Drupal 6.x email2image Access bypass ***
---------------------------------------------
Topic: Drupal 6.x email2image Access bypass Risk: High Text:View online: http://drupal.org/node/1903264 * Advisory ID: DRUPAL-SA-CONTRIB-2013-011 * Project: email2image [1] (third...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/wQ-ZcM2RY0k/WLB-20…
*** Drupal 7.x Boxes Cross Site Scripting ***
---------------------------------------------
Topic: Drupal 7.x Boxes Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1903300 * Advisory ID: DRUPAL-SA-CONTRIB-2013-013 * Project: Boxes [1] (third-party...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/v1GnLRQwdfQ/WLB-20…
*** Wordpress RLSWordPressSearch plugin SQL Injection ***
---------------------------------------------
Topic: Wordpress RLSWordPressSearch plugin SQL Injection Risk: Medium Text: ## # Exploit Title : Wordpress RLSWordPressSearch plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Te...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/uIaAqifvqpM/WLB-20…
*** Vuln: Wireshark PER Dissector Denial of Service Vulnerability ***
---------------------------------------------
Wireshark PER Dissector Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57622
*** Vuln: Wireshark MS-MMC Dissector Denial of Service Vulnerability ***
---------------------------------------------
Wireshark MS-MMC Dissector Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57620
*** Vuln: Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability ***
---------------------------------------------
Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57618
*** Vuln: Wireshark DTLS Dissector Denial of Service Vulnerability ***
---------------------------------------------
Wireshark DTLS Dissector Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57621
*** Schadcode in Rubys Software-Archiv ***
---------------------------------------------
Gems stellen Ruby-Programmierern fertig konfektionierte Software-Pakete bereit und werden unter anderem in dem zentralen Web-Repository rubygems.org verwaltet. Vor kurzem wurde dort ein bösartiges Gem eingeschleust, das vier Konfigurationsdateien des Systems auf einen öffentlich zugänglichen Server kopiert. Betroffen ist unter anderem das Messwerkzeug Librato. Der Schadcode könne durch einen kürzlich behobenen Fehler im YAML-Parser eingeschleust werden, für den des mehrere Exploits gibt, schreiben die Betreiber des Gem-Repositorys New Relic.
---------------------------------------------
http://www.heise.de/meldung/Schadcode-in-Rubys-Software-Archiv-1794663.html…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 29-01-2013 18:00 − Mittwoch 30-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Warnung - Erpresser-Virus fordert wieder 100 Euro von Nutzern ***
---------------------------------------------
Schädling gibt vor, dass Rechner zur Verbreitung illegaler Inhalte genutzt wurde
---------------------------------------------
http://text.derstandard.at/1358305035077/Erpresser-Virus-fordert-wieder-100…
*** Millionen Geräte über UPnP angreifbar ***
---------------------------------------------
Die Sicherheitsfirma Rapid7 hat bei einem IP-Scan unzählige netzwerkfähige Geräte gefunden, die über UPnP antworten und durch kritische Lücken angreifbar sein sollen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/28067031/l/0L0Sheise0Bde0Cmel…
*** Internet-facing printers remain a huge risk ***
---------------------------------------------
"Despite repeated warnings about office and home devices being accessible from the Internet when there is no good reason for them to be, every now and then someone gets the idea of using Google Search to sniff out just how many of them are there. The latest in this line is Adam Howard, a UK-based software engineer who searched for publicly accessible HP printers by using a sequence that matches with an often-used pattern for printing documents on an office or home network:He found
---------------------------------------------
http://www.net-security.org/secworld.php?id=14322
*** Hintergrund: Passwort-Schutz für jeden ***
---------------------------------------------
Wer den wohl gemeinten Tipps folgt und für jeden Dienst ein eigenes Passwort verwendet, braucht entweder ein fotografisches Gedächtnis oder die richtigen Tricks, um das scheinbare Chaos in den Griff zu bekommen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/280ca451/l/0L0Sheise0Bde0Csec…
*** Opera-Update schließt Sicherheitslücken ***
---------------------------------------------
Version 12.13 des Desktop-Browsers beseitigt einige SIcherheitsrisiken. Benutzer berichten jedoch von Abstürzen beim Update.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/280df642/l/0L0Sheise0Bde0Cmel…
*** Aktuelle VLC-Version mit kritischer Lücke ***
---------------------------------------------
Durch einen Fehler im ASF-Muxer kann Schadcode auf den Rechner gelangen. Nicht nur durch das öffnen verseuchter Mediendateien, sondern auch beim Surfen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/280eb6db/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 28-01-2013 18:00 − Dienstag 29-01-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** After silence on Java flaws, Oracle now says it cares ***
---------------------------------------------
"Oracle wants to you to know it is on the job when it comes to Java security. Two weeks after the U.S. government told users to disable Java in their browsers (and Apple did so automatically for Mac users) because of serious security flaws, the company is now reaching out to developers and users about this embarrassing problem. In recent blog posts and during a conference with JUG (Java User Group) leaders on Friday, Oracle has tried to convey the message that it cares about Java
---------------------------------------------
http://www.infoworld.com/t/java-programming/after-silence-java-flaws-oracle…
*** iOS 6.1 Released, (Mon, Jan 28th) ***
---------------------------------------------
Apple today released iOS 6.1 as well as an update for Apple TV (5.2). No details about the security content have been posted yet, but we expect it to show up in a day or so at the usual location [1]. There appears to be however one interesting security related change: As in other upgrades, after upgrading to iOS 6.1, you will be asked to activate your device again by logging into your Apple iCloud account. This time around however, you will be asked to setup password recovery questions unless
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15022&rss
*** Browser-hijacking malware talks to attackers using SPF email validation protocol ***
---------------------------------------------
"A new Trojan program that displays rogue advertisements during browsing sessions uses a DNS-based email validation protocol called the Sender Policy Framework (SPF) in order to receive instructions from attackers without being detected, according to security researchers from Symantec. The new malware is called Trojan. Spachanel and its purpose is to inject malicious JavaScript code into every Web page opened on infected computers, Symantec researcher Takashi Katsuki said Friday in a blog
---------------------------------------------
http://www.computerworld.com.au/article/452057/browser-hijacking_malware_ta…
*** Vuln: ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities ***
---------------------------------------------
ZoneMinder Remote Multiple Arbitrary Command Execution Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/57544
*** Fortinet FortiMail IBE Appliance Application Filter Bypass ***
---------------------------------------------
Topic: Fortinet FortiMail IBE Appliance Application Filter Bypass Risk: Medium Text:Title: Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities Date: == 2013-01-23 References: == http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/UZi8QdV4Kiw/WLB-20…
*** Weitere kritische Lücke in Ruby on Rails geschlossen ***
---------------------------------------------
Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Wer einen Server mit RoR betreibt, sollte umgehend handeln, da bereits passende Exploits kursieren.
Betroffen sind die RoR-Versionen 2.3 und 3.0; Abhilfe schafft ein Update auf 3.0.20 und 2.3.16. Außerdem gibt es Patches.
---------------------------------------------
http://www.heise.de/meldung/Weitere-kritische-Luecke-in-Ruby-on-Rails-gesch…
*** Bugtraq: [SE-2012-01] An issue with new Java SE 7 security features ***
---------------------------------------------
[SE-2012-01] An issue with new Java SE 7 security features
---------------------------------------------
http://www.securityfocus.com/archive/1/525469
*** [dos] - Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read ***
---------------------------------------------
Apple Quick Time Player (Windows) Version 7.7.3 Out of Bound Read
---------------------------------------------
http://www.exploit-db.com/exploits/24437
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 25-01-2013 18:00 − Montag 28-01-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Trojanized SSH Daemon In the Wild, Sending Passwords To Iceland ***
---------------------------------------------
An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland." Read
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/FyP3h7-iIkU/story01.htm
*** GitHubs new search reveals passwords and private keys ***
---------------------------------------------
"GitHub, the popular online source code repository, has unveiled on Wednesday a new search infrastructure that should help coders find specific code within the millions of the individual repositories GitHub hosts. But, as helpful as this tool promises to be, it can still be misused. And unfortunately, it didnt take long to prove that, as only hours later a number of individuals realized that quite a few careless coders inadvertently published their private encryption keys or their
---------------------------------------------
http://www.net-security.org/secworld.php?id=14305
*** WordPress SolveMedia 1.1.0 Cross Site Request Forgery ***
---------------------------------------------
Topic: WordPress SolveMedia 1.1.0 Cross Site Request Forgery Risk: Low Text:# Exploit Title: WordPress SolveMedia 1.1.0 CSRF Vulnerability # Release Date: 24/01/13 # Author: Junaid Hussain - [ illSecur...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ofsYN2kHetM/WLB-20…
*** Common Sense Guide to Mitigating Insider Threats - Best Practice 11 (of 19) ***
---------------------------------------------
"Hello, this is Todd Lewellen, Cybersecurity Threat and Incident Analyst for the CERT Program, with the eleventh of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats. The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the
---------------------------------------------
http://www.cert.org/blogs/insider_threat/2013/01/common_sense_guide_to_miti…
*** 34th IEEE Symposium on Security & Privacy ***
---------------------------------------------
"The 2013 Symposium will mark the 34th annual meeting of this flagship conference. Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The Symposium will be held on May 19-22 2013 in San Francisco, California...."
---------------------------------------------
http://www.ieee-security.org/TC/SP2013/
*** HP JetDirect Vulnerabilities Discussed, (Sun, Jan 27th) ***
---------------------------------------------
On a slow day in the cyber security world here at ISC I wanted to open a discussion of the recent review of vulnerabilities in the HP JetDirect software by researcher Sebastin Guerrero (English translation is available here). I have performed audits in highly monitored environments, where change control and secure baselines were the law of the land, and still find known and documented vulnerabilities in the printer environment. Even in highly developed enterprise security groups the printer
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15016&rss
*** Vuln: JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability ***
---------------------------------------------
JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54915
*** Vuln: JBoss twiddle.sh Local Information Disclosure Vulnerability ***
---------------------------------------------
JBoss twiddle.sh Local Information Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54631
*** Vuln: JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability ***
---------------------------------------------
JBoss Enterprise BRMS Platform JGroups Diagnostics Service Information Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54183
*** [TYPO3-announce]
Security issues in several third party TYPO3 extensions ***
---------------------------------------------
Several vulnerabilities have been found in the following third party TYPO3
extensions:
Attac Calendar (attacalendar)
Attac Petition (attacpetition)
Subscription (eu_subscribe)
Exinit job offer (exinit_joboffer)
Frontend File Browser (fefilebrowser)
Javascript and Css Optimizer (js_css_optimizer)
>From a csv-file to a html-table (kk_csv2table)
SEO Pack for tt_news (lonewsseo)
MySQL to JSON (mn_mysql2json)
---------------------------------------------
http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins…
*** Awareness is not enough, says EU Commissioner Kroes days before introducing EU Cybersecurity Strategy ***
---------------------------------------------
"The WEF affirmed that in the next 10 years there is a 10% likelihood of a major Critical Information Infrastructure breakdown with possible economic damages of over $250 billion. Incidents and attacks are on the rise. The big message was that cybersecurity is a matter that cannot be left to the technical people...."
---------------------------------------------
http://www.diplonews.com/feeds/free/27_January_2013_62.php
*** PC-Welt.de als Virenschleuder missbraucht ***
---------------------------------------------
Mindestens am Freitag und Samstag vergangener Woche haben Unbekannte Malware über die Website des Magazins PC-Welt verbreitet. Nach Angaben der Betreiber ist die Site inzwischen wieder sauber.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27fb5a7e/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 24-01-2013 18:00 − Freitag 25-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Web server hackers install rogue Apache modules and SSH backdoors, researchers say ***
---------------------------------------------
"A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users. The hackers are replacing all of the SSH binary files on the compromised servers with backdoored versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from Web security firm Sucuri
---------------------------------------------
http://www.computerworld.com.au/article/451689/web_server_hackers_install_r…
*** Playing chess with APTs ***
---------------------------------------------
During a briefing from the top security analyst at one of the
Washington-area cyber centers, I got the idea that resisting targeted
attacks from sophisticated adversaries (so-called advanced persistent
threats, or APTs) is a bit like playing chess at the grand master level.
---------------------------------------------
http://blogs.gartner.com/dan-blum/2012/12/28/playing-chess-with-apts-2/
*** Silly gits upload private crypto keys to public GitHub projects ***
---------------------------------------------
Amazing what you can find searching for BEGIN RSA PRIVATE KEY Scores of programmers uploaded their private cryptographic keys to public source-code repositories on GitHub, exposing their login credentials to world+dog. The discovery was made just before the website hit the kill switch on its search engine or, more likely, the service collapsed under the weight of curious users trawling for the sensitive data.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/25/github_ssh_…
*** Are Cyber Criminals Using Plus-Sized Malware To Fool AV? ***
---------------------------------------------
"Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well. After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that theyre seeing just the opposite: simple malware wrapped within obscenely large executables in one case, over 200 megabytes...."
---------------------------------------------
http://securityledger.com/are-cyber-criminals-using-plus-sized-malware-to-f…
*** Identifying People from their Writing Style ***
---------------------------------------------
"Its called stylometry, and its based on the analysis of things like word choice, sentence structure, syntax and punctuation. In one experiment, researchers were able to identify 80% of users with a 5,000-word writing sample. More Information: -http://www...."
---------------------------------------------
http://www.schneier.com/blog/archives/2013/01/identifying_peo_3.html
*** Vulnerability Scans via Search Engines (Request for Logs) ***
---------------------------------------------
We had a reader this week submit the following web log to us: GET /geography/slide.php?image_name=Free+gay+black+moviesslide_file= script%E2%84%91_id=0+union+select+0x3f736372aca074200372 HTTP/1.1 The request, as you can probably tell, is an attempt to detect SQL Injection and likely XSS vulnerabilities. As such, it isnt really all that special. What makes this more interesting is the fact that it came from Microsoft +http://www.bing.com/bingbot.html) Client IP Address: 157.55.52.58 This
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15010&rss
*** Inside the Gozi Bulletproof Hosting Facility ***
---------------------------------------------
Nate Anderson at Ars Technica has a good story about how investigators tracked down "Virus," the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, Ive been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had.Related Posts:Three Charged in Connection with Gozi
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/u48Al_9RZnE/
*** China Accused Of Java, IE Zero Day Attacks ***
---------------------------------------------
"Recently disclosed vulnerabilities in Java and Internet Explorer have been used in targeted attacks that appear to be aimed at critics of the Chinese government. Tuesday, Jindrich Kubec, director of threat intelligence for Prague-based antivirus software developer Avast, reported that multiple websites had been compromised by attackers and used to infect visitors via JavaScript drive-by attacks. If successful, the attacks infected PCs with a remote access Trojan (RAT), thus giving
---------------------------------------------
http://www.informationweek.com/security/attacks/china-accused-of-java-ie-ze…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 23-01-2013 18:00 − Donnerstag 24-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Cisco Prime LAN Management Solution Command Execution Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Prime LAN Management Solution (LMS) Virtual Appliancecontains a vulnerability that could allow an unauthenticated, remoteattacker to execute arbitrary commands with the privileges of the root user. Thevulnerability is due to improper validation of authentication andauthorization commands sent to certain TCP ports. An attackercould exploit this vulnerability by connecting to the affected systemand sending
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Prime LAN Management Solution Command Execution Vulnerability&vs_k=1
*** Phisher missbrauchen URL-Weiterleitung der Arbeitsagentur ***
---------------------------------------------
PayPal-Phishing ist ein alter Hut. Neu ist, dass die Phishing-Links auf Arbeitsagentur.de zeigen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27d32215/l/0L0Sheise0Bde0Cmel…
*** Megas erster Krypto-Fauxpas ***
---------------------------------------------
Ein eigentlich cleveres Konzept zum Nachladen von Code entpuppt sich als potentielle Hintertür, weil dabei ungeeignete Krypto-Funktionen zum Einsatz kommen. So könnten Dritte Teile des Mega-Codes manipulieren.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27d24431/l/0L0Sheise0Bde0Cmel…
*** DNS attacks increase by 170% ***
---------------------------------------------
"Radware identified a number of new attack methods representative of todays increasingly sophisticated and severe DDoS threat. Their latest report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. While security organizations have focused their efforts and attention on the pre and post-phases of defense, attackers now launch prolonged attacks that last days or weeks...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14285
*** Most exploit kits originated in Russia, say researchers ***
---------------------------------------------
"58 percent of the vulnerabilities targeted by the most popular exploit kits in Q4 were more than two years old and 70 percent of exploit kits reviewed were released or developed in Russia, reveals Solutionary SERTs Q4 2012 Quarterly Research Report. In reviewing 26 commonly used exploit kits, SERT identified exploit code dating as far back as 2004, serving as evidence that old vulnerabilities continue to prove fruitful for cyber criminals. The fact that 58 percent of the vulnerabilities
---------------------------------------------
http://www.net-security.org/secworld.php?id=14286
*** Most US banks were DDoSed last year - survey ***
---------------------------------------------
One in 10 banking IT bods say budget constraints an issue Nearly two-thirds of retail banks experienced at least one distributed denial of service (DDoS) attack in the past year, according to a new survey.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/24/ddos_survey…
*** Malware - USA sind Botnet-Standort Nummer Eins ***
---------------------------------------------
Mehr Zombie-Rechner-Netzwerke als in China und Russland zusammen.
---------------------------------------------
http://derstandard.at/1358304537265/USA-sind-Botnet-Standort-Nummer-Eins
*** Spammer entdecken WhatsApp ***
---------------------------------------------
Spammer missbrauchen den beliebten Messaging-Dienst WhatsApp derzeit offenbar verstärkt als Transportmittel für ihre dubiosen Werbebotschaften.
---------------------------------------------
http://www.heise.de/meldung/Spammer-entdecken-WhatsApp-1790526.html/from/at…
*** New Trojan fakes search results ***
---------------------------------------------
January 15, 2013 Russian anti-virus company Doctor Web is warning users about a malicious program dubbed BackDoor.Finder which fakes search result pages and redirects browsers to bogus websites. When launched in an infected system, BackDoor.Finder creates a copy of itself in the current users % APPDATA% folder and makes corresponding changes in the branch of the Windows registry responsible for application startup. After that this malware injects its code into all running processes. If it
---------------------------------------------
http://news.drweb.com/show/?i=3218&lng=en&c=9
*** Backdoors Found in Barracuda Networks Gear ***
---------------------------------------------
A broad variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.Related Posts:Amnesty International Site Serving Java ExploitNew
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/OyYLL3kGjlo/
*** Update-Probleme mit Microsofts Gratis-Virenscanner ***
---------------------------------------------
Auf einigen Systemen aktualisieren die Microsoft Security Essentials seit einigen Tagen ihre Signatur nicht mehr selbstständig. Abhilfe schafft das manuelle Einspielen eines Signaturpakets.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27dc0058/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 22-01-2013 18:00 − Mittwoch 23-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Have a Wi-Fi-Enabled Phone? Stores Are Tracking You ***
---------------------------------------------
jfruh writes "Call it Google Analytics for physical storefronts: if youve got a phone with wi-fi, stores can detect your MAC address and track your comings and goings, determining which aisles you go to and whether youre a repeat customer. The creator of one of the most popular tracking software packages says that the addresses are hashed and not personally identifiable, but it might make you think twice about leaving your phone on when you head to the mall." Read more of this
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RGkVUafw2-M/story01.htm
*** Skype becomes a malware minefield ***
---------------------------------------------
"Skype users should be careful when using the service these days. First CSIS researchers unearthed a campaign misusing Skype to replicate and spread the Shylock banking Trojan with a plugin called msg. gsm that, when it was first spotted five days ago, was detected by none of the AV solutions used by VirusTotal...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2383
*** Red October spy ring also used "Rhino" Java exploit ***
---------------------------------------------
"A cyber espionage campaign that was recently unearthed by researchersused a now-patched vulnerability in Java software as another tool to exploit victims machines. Security firm Seculert published a blog post Tuesday saying that the "Red October" spy campaign, in addition to leveraging weaknesses in Microsoft Office, also spread malware by taking advantage of a Java flaw in the Rhino Script Engine, CVE-2011- 3544, fixed in October 2011. After investigating the
---------------------------------------------
http://cyberwarzone.com/red-october-spy-ring-also-used-rhino-java-exploit
*** Paypal.com Blind SQL Injection ***
---------------------------------------------
Topic: Paypal.com Blind SQL Injection Risk: Medium Text:Title: Paypal Bug Bounty #18 - Blind SQL Injection Vulnerability Date: == 2013-01-22 References: == http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/7mPYfOLfMHQ/WLB-20…
*** DDoS Attacks as Constitutional Problem: Germanys Experience ***
---------------------------------------------
"A distributed denial of service (DDoS) attack targets a computer systems resources by flooding it with requests beyond its capacity in hopes of negatively impacting its functionality. Does society consider DDoS attacks a legitimate form of protest? When an anonymously posted petition appeared on the White Houses We the People page and advocated the legalization of DDoS attacks most commentators didnt look to kindly at the idea...."
---------------------------------------------
http://blog.cyveillance.com/general-cyberintel/right-to-bear-low-orbit-ion-…
*** SCADA Password-Cracking Tool For Siemens S7 PLCs Released ***
---------------------------------------------
FROM: Matthias Fraidl <fraidl(a)cert.at>
http://www.darkreading.com/vulnerability-management/167901026/security/vuln…
---------------------------------------------
/taranis/mod_assess/show_mail.pl?id=2361
*** Beware of fake Java updates ***
---------------------------------------------
"Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime. The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11. jar" that contains two
---------------------------------------------
http://reviews.cnet.com/8301-13727_7-57565035-263/beware-of-fake-java-updat…
*** Twitter flaw gave private message access to third-party apps, researcher says ***
---------------------------------------------
"Users who signed into third-party Web or mobile applications using their Twitter accounts might have given those applications access to their Twitter private "direct" messages without knowing it, according to Cesar Cerrudo, the chief technology officer of security consultancy firm IOActive. The issue is the result of a flaw in Twitters API (application programming interface) that led to users not being properly informed about what permissions an application will have on their
---------------------------------------------
http://www.computerworld.com/s/article/9236024/Twitter_flaw_gave_private_me…
*** Multiple Vulnerabilities in Cisco Wireless LAN Controllers ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by the following four vulnerabilities: Cisco Wireless LAN Controllers Wireless Intrusion Prevention System (wIPS) Denial of Service Vulnerability Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service Vulnerability Cisco Wireless LAN Controllers HTTP Profiling Remote Code Execution Vulnerability Cisco Wireless LAN
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Multiple Vulnerabilities in Cisco Wireless LAN Controllers&vs_k=1
*** Three Men Charged in Connection with Gozi Trojan ***
---------------------------------------------
Federal investigators are expected to announce today criminal charges against three men alleged to be responsible for creating and distributing the Gozi Trojan, an extremely sophisticated strain of malicious software that was sold to cyber crooks and was tailor-made to attack specific financial institutions targeted by each buyer. According to charging documents filed in the U.S. [...]Related Posts:New Findings Lend Credence to Project BlitzkriegU.S. Charges 37 Alleged Money Mules19 Arrested in
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/2TTqn06NSJo/
*** Summary for January 2013 - Version: 3.0 ***
---------------------------------------------
With the release of the security bulletins for January 2013, this bulletin summary replaces the bulletin advance notification originally issued January 3, 2013 and the out-of-band advance notification issued January 13, 2013.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
*** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57416
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 21-01-2013 23:28 − Dienstag 22-01-2013 23:28
Handler: L. Aaron Kaplan
Co-Handler: Christian Wojner
*** Vuln: libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability ***
---------------------------------------------
libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54270
*** First Google wants to know all about you, now it wants a RING on your finger ***
---------------------------------------------
For those whove always wanted to give the web giant the finger Top Google bods are mulling over using cryptographic finger-ring gadgets and other ways for users to securely log into websites and other services.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/21/google_pass…
*** Linksys WRT54GL CSRF Attacke ***
---------------------------------------------
Linksys WRT54GL CSRF Attacke21. Jänner 2013Wir bitten um Beachtung folgender CSRF Attacke gegen den allseits beliebten und weit verbreiteten Linksys WRT54GL:http://www.securityfocus.com/archive/1/525368/30/0/threadedWir haben in Oesterreich derzeit laut Shodan mindestens 1065 betroffene Linksysen, die direkt via Internet ansprechbar sind (also mit Admin Interface auf einer public IP). Der WRT54GL ist ein Dauerrenner bei WLAN Routern und durchaus weit verbreitet. (quelle:
---------------------------------------------
http://www.cert.at/services/blog/20130121222847-705.html
*** The LulzSec Press Twitter Account Hacked And Exposed By Indonesian Hacker Hmei7 ***
---------------------------------------------
"Indonesian hacker going by the name of Hmei7 published a document on pastebin,exposing @TheLulzSecPress, by stating they they have been stealing others hack. The document has been well organised,giving an introduction section followed by Hacking Incidents analysis,where comparison was made between original hacks of some genuine hackers and the stolen hacks by thelulzsecpress. A total of 5 issues were compared which hmei7 has been naming as FAIL NO...."
---------------------------------------------
http://riduan-anonymous.blogspot.in/2013/01/the-lulzsec-press-twitter-accou…
*** [SECURITY] [DSA 2611-1] movabletype-opensource security update ***
Debian Security Advisory DSA-2611-1 security(a)debian.org
http://www.debian.org/security/ Yves-Alexis Perez
January 22, 2013 http://www.debian.org/security/faq
*** Operation Red October Attackers Wielded Spear Phishing ***
---------------------------------------------
"The Red October malware network is one of the most advanced online espionage operations thats ever been discovered. Thats the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October--"Rocra" for short--in October 2012."The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North
---------------------------------------------
http://www.informationweek.com/security/attacks/operation-red-october-attac…
*** DHS: Industrial control systems subject to 200 attacks in 2012 ***
---------------------------------------------
"A DHS report released last week revealed that industrial control systems, which are used to monitor and control critical infrastructure facilities, were hit with 198 documented cyberattacks in 2012, and that many of these attacks were serious. Forty percent of those attacks were on energy firms, according to the Industrial Control Systems (ICS) and Cyber Emergency Response Team (CERT), which reviewed every incident. Water utilities came in second, with 15 percent of the attacks focused on
---------------------------------------------
http://www.homelandsecuritynewswire.com/dr20130114-dhs-industrial-control-s…
*** Google bezahlt für Daten-Traffic an Orange ***
---------------------------------------------
Der französische Mobilfunkbetreiber Orange hat mit Google einen Vertrag darüber geschlossen, wonach Google für den Transport der Daten des Video-Portals YouTube zahlt. Das französische Regierung will mit Google zudem über eine "Internet-Steuer" für die Sammlung persönlicher Daten verhandeln.
---------------------------------------------
http://futurezone.at/b2b/13616-google-bezahlt-fuer-daten-traffic-an-orange.…
*** Vuln: Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability ***
---------------------------------------------
Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57483
*** Spent Fuel Pool ***
---------------------------------------------
Spent Fuel Pool What if I took a swim in a typical spent nuclear fuel pool? Would I need to dive to actually experience a fatal amount of radiation? How long could I stay safely at the surface? Assuming you're a reasonably good swimmer, you could probably survive treading water anywhere from 10 to 40 hours. At that point, you would black out from fatigue and drown. This is also true for a pool without nuclear fuel in the bottom.Spent fuel from nuclear
---------------------------------------------
http://what-if.xkcd.com/29/
*** iOS 6 jailbreak nearly there, say iPhone hackers ***
---------------------------------------------
"Two iPhone hackers hinted theyre making progress towards developing a new jailbreak for the latest version of Apples mobile operating system. One of the hackers, who goes by "@pod2g" on Twitter, said yesterday that they found two "new vulnerabilities in a day," but whats missing is an "initial code execution" for a public jailbreak. Pod2g is working with David Wang, known as "@planetbeing" on Twitter, to develop a way to remotely exploit iOS 6,
---------------------------------------------
http://news.techworld.com/security/3421528/ios-6-jailbreak-nearly-there-say…
*** Security researchers cripple Virut botnet ***
---------------------------------------------
"Many of the domain names used by a cybercriminal gang to control computers infected with the Virut malware were disabled last week in a coordinated takedown effort, Spamhaus, an organization dedicated to fighting spam, announced Saturday. The Virut malware spreads by inserting malicious code into clean executable files and by copying itself to fixed, attached and shared network drives. Some variants also infects HTML, ASP and PHP files with rogue code that distributes the threat...."
---------------------------------------------
http://www.computerworld.com/s/article/9235991/Security_researchers_cripple…
*** SOL14138: XML External Entity Injection (XXE) from authenticated source CVE-2012-2997 ***
---------------------------------------------
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html
---------------------------------------------
*** Netzpolitik - Deutschland plant Firmen-Meldepflicht für Cyber-Angriffe ***
---------------------------------------------
Neuer Gesetzentwurf sieht Prüfung der Sicherheitsstandards vor
---------------------------------------------
http://derstandard.at/1358304341673/Deutschland-plant-Firmen-Meldepflicht-f…
*** Bugtraq: [SECURITY] [DSA 2611-1] movabletype-opensource security update ***
---------------------------------------------
[SECURITY] [DSA 2611-1] movabletype-opensource security update
---------------------------------------------
http://www.securityfocus.com/archive/1/525380
*** Red October closes as Kaspersky publishes more details ***
---------------------------------------------
"Almost as soon as Kaspersky began publishing details about the Red October cyberespionage network, the command and control systems behind the apparently five-year-old digital spying ring began closing down. According to a posting on Kasperskys threatpost, the researchers who exposed the network on Monday say that "not only [are] the registrars killing the domains and the hosting providers killing the command-and-control servers but perhaps the attackers shutting down the whole
---------------------------------------------
http://www.h-online.com/security/news/item/Red-October-closes-as-Kaspersky-…
*** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57416
=======================
= End-of-Shift report =
=======================
Timeframe: Samstag 19-01-2013 18:18 − Montag 21-01-2013 18:18
Handler: L. Aaron Kaplan
Co-Handler: Christian Wojner
*** Android Botnet Infects 1 Million Plus Phones ***
---------------------------------------------
Trailrunner7 writes "Up to a million Android users in China could be part of a large mobile botnet, according to research unveiled by Kingsoft Security, a Hong Kong-based security company, this week. The botnet has spread across phones running the Android operating system via Android.Troj.mdk, a Trojan that researchers said exists in upwards of 7,000 applications available from non-Google app marketplaces, including the popular Temple Run and Fishing Joy games." Update: 01/19 12:54
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QL1JqKgnwOU/story01.htm
*** In Syria, the Cyberwar Intensifies ***
---------------------------------------------
"The front pages have been dominated for more than a year by photos of young Syrian rebel fighters, armed and proud, battling an increasingly isolated Syrian military. But amid the shooting, the atrocities and the bombings, there is a parallel war a sophisticated cyber insurgency battling a shadowy team working on behalf of the Assad regime. The Syrians online conflict may be the most active cyberwar in recent memory, with extraordinary efforts by both sides to sabotage, disrupt and
---------------------------------------------
http://www.defensenews.com/article/20130118/C4ISR01/301180018/In-Syria-Cybe…
*** Malware shuts down US power company ***
---------------------------------------------
"A computer virus attacked a turbine control system at a US power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a US government website. The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident...."
---------------------------------------------
http://articles.timesofindia.indiatimes.com/2013-01-17/security/36393196_1_…
*** Vuln: Oracle MySQL Server Heap Overflow Vulnerability ***
---------------------------------------------
Oracle MySQL Server Heap Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56768
*** Beware: malware masquerading as Java patch ***
---------------------------------------------
"Opportunist hackers are capitalising on fears over Java vulnerabilities by spreading malware posing as patches for the under fire computer platform. Oracle has endured a torrid week over Javas security, having already issued Update 11 to fix critical flaw CVE-2013-0422 a threat deemed serious enough for the US Department of Homeland Security to recommend that users completely disable Java from their computers...."
---------------------------------------------
http://www.itproportal.com/2013/01/18/beware-malware-masquerading-java-patc…
*** Hackers Leak 1.7 GB of Data from Azerbaijans Special State Protection Service ***
---------------------------------------------
"The information leaked by the hacktivists doesnt belong only to the Special State Protection Service, but also to other organizations linked to it, including ING Geneva, Sumato Energy, BNP Paribas, Taurus Petroleum and even security solutions provider Prolexic. The hackers say the files contain passport scans, reports, confidential shareholder documents, account statements, letters of credit, and details of oil drilling technologies. At the beginning of January, the hackers leaked
---------------------------------------------
http://news.softpedia.com/news/Hackers-Leak-1-7-GB-of-Data-from-Azerbaijan-…
*** Google zahlt Durchleitungsentgelte an Orange ***
---------------------------------------------
http://www.heise.de/meldung/Google-zahlt-Durchleitungsentgelte-an-Orange-17…
*** Google will Passwörter durch Ring ersetzen ***
---------------------------------------------
Google testet derzeit Möglichkeiten die klassische Passworteingabe durch Hardware abzulösen. So könnte man sich zukünftig per USB-Stick in sein Google-Konto anmelden. Auch eine NFC-Lösung mittels Ring am Finger wäre für Google denkbar.
---------------------------------------------
http://futurezone.at/future/13609-google-will-passwoerter-durch-ring-ersetz…
*** Netzpolitik - Webadresse von Kärntner Jugendreferat führte zu Pornoseite ***
---------------------------------------------
Hackerangriff vermutet - Problem mittlerweile behoben
---------------------------------------------
http://derstandard.at/1358304202191/Webadresse-von-Kaerntner-Jugendreferat-…
*** Shylock banking malware spreads via Skype ***
---------------------------------------------
"The banking Trojan known as Shylock has been updated with new functionality, including the ability to spread over Skype. The program was discovered in 2011 that steals online banking credentials and other financial information from infected computers. Shylock, named after a character from Shakespeares "The Merchant of Venice"...."
---------------------------------------------
http://thehackernews.com/2013/01/shylock-banking-malware-spreads-via.html?u…
*** Arguing Against Voluntary Standards - CEOs See Provisions over Infosec Standards as Distraction ***
---------------------------------------------
"The idea of the U.S. federal government and industry jointly developing IT security best practices will do little to help critical infrastructure operators defend against cyber-risk, says Business Roundtable Vice President Liz Gasster. "It makes an underlying assumption that the point of best practices will, in fact, be effective in addressing cybersecurity risk," Gasster says in an interview with Information Security Media Group. "And that while best practices are a useful
---------------------------------------------
http://www.healthcareinfosecurity.com/interviews/arguing-against-voluntary-…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 17-01-2013 18:00 − Freitag 18-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Linksys vuln: Cisco responds ***
---------------------------------------------
Working on fix for WRT54GL router Cisco has identified the Linksys router affected by the vulnerability published by DefenseCode on January 14...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/17/cisco_respo…
*** Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting ***
---------------------------------------------
Topic: Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting Risk: Low Text:: + Vendor info Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting (CWE-79) http://sourceforge.net/projects/assp/ ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/l6FeQIUUAbY/WLB-20…
*** Vuln: Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability ***
---------------------------------------------
Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57445
*** Outbank 2 mit Passwort-Leck ***
---------------------------------------------
Die Mac-Version der neuen Banking-Software legt das Programmkennwort in einer Standard-Logdatei ab – unverschlüsselt. Ein Update steht noch aus.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27a7a138/l/0L0Sheise0Bde0Cmel…
*** Why the Java threat rang every alarm ***
---------------------------------------------
"If the IT industry had a color-coded threat-level advisory system, the alerts would have spiked to red this week -- and in a way they did when the Department of Homeland Security, no less, urged users to disable or uninstall Java because of a serious security vulnerability. Judging by the ensuing avalanche of ink (mea culpa for adding to the pileup), you might think this attack took the industry by surprise. Far from it -- as Twitter engineer and security expert Charlie Miller told...
---------------------------------------------
http://www.infoworld.com/t/security/why-the-java-threat-rang-every-alarm-21…
*** Bugtraq: CVE-2012-6452 Axway Secure Messenger Username Disclosure ***
---------------------------------------------
CVE-2012-6452 Axway Secure Messenger Username Disclosure
---------------------------------------------
http://www.securityfocus.com/archive/1/525346
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 16-01-2013 18:00 − Donnerstag 17-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Vuln: HP PKI ActiveX Control Denial of Service Vulnerability ***
---------------------------------------------
HP PKI ActiveX Control Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51341
*** Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass ***
---------------------------------------------
Topic: Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass Risk: High Text:View online: http://drupal.org/SA-CORE-2013-001 * Advisory ID: DRUPAL-SA-CORE-2013-001 * Project: Drupal core [1] * ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Vol8aq1w-iY/WLB-20…
*** Yet ANOTHER Java zero-day claimed - but this time youre laughing, right? ***
---------------------------------------------
"Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit. This one, it seems, targets an exploitable vulnerability even in Oracles most recent release, Version 7 Update 11, also known as 7u11. Details of the exploit are sketchy, because the underworld is playing this one very close to its chest...."
---------------------------------------------
http://nakedsecurity.sophos.com/2013/01/17/yet-another-java-zero-day-claime…
*** Heads-Up - Security Researchers Expose X-ray Machine Bug ***
---------------------------------------------
"A pair of researchers best known for poking holes in industrial control systems (ICS) products found that medical devices suffer similar security woes after they were able to easily hack into a Philips x-ray machine. Terry McCorkle and Billy Rios, both of Cylance, here today demonstrated how a rudimentary fuzzer they wrote basically gave them privileged user status on the XPER x-ray machine. The machine has inherently weak remote authentication...."
---------------------------------------------
http://www.darkreading.com/vulnerability-management/167901026/security/atta…
*** Novell schließt gefährliche Lücke in eDirectory-Server ***
---------------------------------------------
Novell hat einen Patch für seinen eDirectory-Server bereitgestellt, der einen möglichen Pufferüberlauf beseitigt. Angreifern hätte die Lücke das Erlangen von Administrator-Rechten auf dem Zielrechner ermöglicht...
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/279f3d9d/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 15-01-2013 18:00 − Mittwoch 16-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** When Disabling IE6 (or Java, or whatever) is not an Option..., (Tue, Jan 15th) ***
---------------------------------------------
Were getting a whole lot of bad advice regarding the latest crop of vulnerabilities. Folks are saying things like disable Java, or Migrate away from IE6/7/8, or even Migrate to IE10 or Firefox. While these will certainly mitigate the current vulnerability, its often not a practical way to go. If you pick the right week, almost anything could be your target disable that component - everyone has a zero day at one time or another. Specific to this weeks issues, there are lots of business...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14947&rss
*** January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck ***
---------------------------------------------
Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/01/15/january-2013-out-of-band…
*** Bugtraq: Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability ***
---------------------------------------------
Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525317
*** Oracles Januar-Patches schließen 86 Lücken ***
---------------------------------------------
Mit dem jetzt veröffentlichten regulären Critical Patch Update behebt Oracle unter anderem 24 Sicherheitslücken in seinen Datenbankprodukten, davon 18 in MySQL. Einige davon ließen sich übers Netz ohne Anmeldung ausnutzen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27929ccc/l/0L0Sheise0Bde0Cmel…
*** Security hotfix released for ColdFusion (APSB13-03) ***
---------------------------------------------
Today, a Security Bulletin (APSB13-03) has been posted in regards to a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the security bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2013/01/security-hotfix-released-for-coldfusio…
*** Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled.Cisco has released free software updates that address this vulnerability.This advisory is posted at the following...
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 14-01-2013 18:00 − Dienstag 15-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Bugtraq: Updated - CA20121018-01: Security Notice for CA ARCserve Backup ***
---------------------------------------------
Updated - CA20121018-01: Security Notice for CA ARCserve Backup
---------------------------------------------
http://www.securityfocus.com/archive/1/525303
*** Cyber Security Bulletin (SB13-014) - Vulnerability Summary for the Week of January 7, 2013 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB13-014.html
*** DefenseCode turns up Linksys zero-day ***
---------------------------------------------
World awaits patch With more than 70 million home networking devices in service, a zero-day for Linksys has a very wide reach. According to DefenseCode, an information security consultancy that’s just what turned up in a recent product evaluation for a client.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/14/cisco_links…
*** Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow ***
---------------------------------------------
Topic: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow Risk: High Text: Title: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow. Author: David Klein (davi...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013010133
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 11-01-2013 18:00 − Montag 14-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header ***
---------------------------------------------
Topic: Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header Risk: High Text:Summary = Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013010107
*** Java SE 5/6/7 critical security issue ***
---------------------------------------------
Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2012090223
*** Sysinternals Updates, (Sun, Jan 13th) ***
---------------------------------------------
A handlers shift usually doesnt go by without Roseman writing in telling us that Microsoft have released another Sysinternals update and today is one of those days. A couple of days has passed since Microsoft announced: Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12: This Procdump update fixes a bug introduced in v5.11...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14926&rss
*** ICS-CERT berichtet von Viren-Infektionen bei US-Stromversorgern ***
---------------------------------------------
Über USB-Sticks werden die industriellen Steuerungssysteme eines US-Stromversorgers und eines Elektrizitätswerks mit Schadsoftware infiziert. Das ICS-CERT begrenzt den Schaden. Das "Project Shine" kann auf Schwachstellen aufmerksam machen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/277bb6fc/l/0L0Sheise0Bde0Cmel…
*** Microsoft to release emergency Internet Explorer patch on Monday ***
---------------------------------------------
"Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem. The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victims computer if the person merely visits the website...."
---------------------------------------------
http://www.computerworld.com.au/article/446389/microsoft_release_emergency_…
*** Vuln: Qt QSslSocket::sslErrors() Certificate Validation Security Weakness ***
---------------------------------------------
Qt QSslSocket::sslErrors() Certificate Validation Security Weakness
---------------------------------------------
http://www.securityfocus.com/bid/57162
*** Heads-Up - Oracle Critical Patch Update Pre-Release Announcement - January 2013 ***
---------------------------------------------
"DescriptionThis Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2013, which will be released on Tuesday, January 15, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities...."
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
*** Emergency patch for Java fails to fix cybercrime holes, warn experts ***
---------------------------------------------
ORACLE released an emergency update to its Java software for surfing the
Web last night, but security experts said the update fails to protect
PCs from attack by hackers intent on committing cyber crimes.
---------------------------------------------
http://www.independent.ie/business/technology/emergency-patch-for-java-fail…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 10-01-2013 18:00 − Freitag 11-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** European Cybercrime Centre opens for business ***
---------------------------------------------
"The European Cybercrime Centre (EC3) will officially start operating on 11 January with a mission to protect European citizens and businesses from cybercrime. "Cybercriminals are smart and quick in using new technologies for criminal purposes; the EC3 will help us become even smarter and quicker to help prevent and fight their crimes" said European Commissioner for Home Affairs Cecilia Malmstrm at the launch of the EC3 project ahead of the official opening of the centre at...
---------------------------------------------
http://www.h-online.com/security/news/item/European-Cybercrime-Centre-opens…
*** Bugtraq: DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit ***
---------------------------------------------
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit
---------------------------------------------
http://www.securityfocus.com/archive/1/525269
*** Bugtraq: Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) ***
---------------------------------------------
Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee)
---------------------------------------------
http://www.securityfocus.com/archive/1/525268
*** What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!, (Thu, Jan 10th) ***
---------------------------------------------
As a side note to todays iSeries / Mainframe story, and a follow-up to one I wrote last year (https://isc.sans.edu/diary/12103), another thing Im seeing is more and more on telnets (tcp port 992 - https://isc.sans.edu/port.html?port=992) is voice gateway and videoconferencing unit problems. Specifically, when scanning for port tcp/992, you will likely run across more videoconferencing systems than mainframes. Theyll often show up with less fingerprinting than the SNA platforms we discussed,...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14902&rss
*** HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS) ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03621178
*** TYPO3-EXT-SA-2013-001: Several vulnerabilities in third party extensions ***
---------------------------------------------
Several vulnerabilities have been found in the following third-party
TYPO3 extensions: news, onetimeaccount, phpunit, div2007, t3mootools,
t3jquery, oneclicklogin
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-…
*** .NET-Update beeinträchtigt Windows Server 2012 ***
---------------------------------------------
Ein seit Dienstag ausgeliefertes Update für die .NET-Laufzeitumgebung 4.5 führt unter Windows Server 2012 zu Problemen mit dem Failover Cluster Manager. Microsoft hat das Problem bereits bestätigt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/276e67d9/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 09-01-2013 18:00 − Donnerstag 10-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability ***
---------------------------------------------
GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57188
*** Police Arrest Alleged ZeuS Botmaster “bx1″ ***
---------------------------------------------
A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed "bx1," a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/D_NUNHSTfy8/
*** Zero-Day Java Exploit Debuts in Crimeware ***
---------------------------------------------
The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/x8J2sRZ5128/
*** Vuln: Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability ***
---------------------------------------------
Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57113
*** Web Application Vulnerability Statistics of 2012 ***
---------------------------------------------
"With years of experience and valuable insights from our cloud based application security testing, we thought of conducting a study to discover the prevailing website vulnerability trends. The study is based on our original research on more than 5000 tests covering 300+ customers distributed globally. How was the study conducted?..."
---------------------------------------------
http://www.ivizsecurity.com/blog/penetration-testing/web-application-vulner…
*** Exploit für Ruby on Rails im Umlauf ***
---------------------------------------------
Die Sicherheitslücke in Ruby-On-Rails erweist sich als akut gefährlich; erste Exploits sind im Umlauf und Berichte über gekaperte Web-Server laufen ein. Administratoren sollten dringend handeln.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2763d32a/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 08-01-2013 18:00 − Mittwoch 09-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Serious Password Reset Hole In Accellion Secure FTP ***
---------------------------------------------
chicksdaddy writes "A security researcher who was looking for vulnerabilities in Facebooks platform instead stumbled on a much larger hole that could affect scores of firms who rely on a secure file transfer platform from Accellion. Writing on his blog on Monday, Israeli researcher Nir Goldshlager said he discovered the password reset vulnerability while analyzing a Accellion deployment that is used, internally, by Facebook employees. Goldshlager used public knowledge of the Accellion...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/BpSzZxCpN3k/story01.htm
*** Microsoft Updates for Multiple Vulnerabilities ***
---------------------------------------------
The Microsoft Security Bulletin Summary for January 2013 describes
multiple vulnerabilities in Microsoft software. Microsoft has
released updates to address the vulnerabilities.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
*** Adobe Security Bulletins Posted ***
---------------------------------------------
Today, we released the following Security Bulletins: APSB13-01 Security updates available for Adobe Flash Player APSB13-02 Security updates available for Adobe Reader and Acrobat Customers of the affected products should consult the relevant Security Bulletin(s) for details. This posting is provided "AS IS" with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2013/01/adobe-security-bulletins-posted-4.html
*** Experts Identify, Analyze Botnet Used to Launch DDOS Attacks Against US Banks ***
---------------------------------------------
"Researchers have been constantly analyzing the distributed denial-of-service (DDOS) attacks launched by Izz ad-Din al-Qassam Cyber Fighters against United States financial institutions but, up until now, little was known about the resources used by the hacktivists. Incapsula, a cloud-based security and acceleration service provider, has uncovered some interesting details about the cyberattacks and the botnet that powers them after noticing that the website of a new customer was...
---------------------------------------------
http://news.softpedia.com/news/Experts-Identify-Analyze-Botnet-Used-to-Laun…
*** Mobile Browser Security: Problem Exists Between Device and Chair ***
---------------------------------------------
"Last month, a Georgia Tech study found that mobile browsers frequently left even expert users insufficient information to judge if a site was potentially dangerous, because of user interface limitations. The item that is most problematic is how SSL information is displayed. Compared to desktops, mobile browsers have far more limited ways to show if a site is using SSL...."
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-browser-s…
*** Kritische Lücken in Firefox, Thunderbird und SeaMonkey geschlossen ***
---------------------------------------------
Mit den jüngsten Updates haben die Entwickler zahlreiche Schwachstellen in den Mozilla-Programmen beseitigt. Man sollte daher sicherstellen, dass man jeweils die aktuelle Version nutzt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2758df0f/l/0L0Sheise0Bde0Cmel…
*** First confirmed hard victim of Ruby on Rails Zero-Day Dutch DigiD Government Service. All services ***
---------------------------------------------
"After having alerted on a new SQL Injection Vulnerability in Ruby on rails on 3 january, Bricade alerted on a second, even more serious, Zero Day on 8 January. The Dutch Government DigiD Service reported today 9th of January on their website that the DigiD service was not available today. See https://www...."
---------------------------------------------
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-1…
*** Aktuelle Foxit-Reader-Version führt Schadcode aus ***
---------------------------------------------
In Browser-Plug-in des PDF-Anzeigeprogramms klafft eine hochkritische Sicherheitslücke, weshalb man es umgehend abschalten sollte.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/275a0b01/l/0L0Sheise0Bde0Cmel…
*** Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability ***
---------------------------------------------
Advisory ID: cisco-sa-20130109-lms
---------------------------------------------
Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a
vulnerability that could allow an unauthenticated, remote attacker to
execute arbitrary commands with the privileges of the root user.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 07-01-2013 18:00 − Dienstag 08-01-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Bugtraq: Chrome for Android - Cookie theft from Chrome by malicious Android app ***
---------------------------------------------
Chrome for Android - Cookie theft from Chrome by malicious Android app
---------------------------------------------
http://www.securityfocus.com/archive/1/525222
*** Bugtraq: Chrome for Android - Android APIs exposed to JavaScript ***
---------------------------------------------
Chrome for Android - Android APIs exposed to JavaScript
---------------------------------------------
http://www.securityfocus.com/archive/1/525220
*** Foxit Reader <= 5.4.4.1128 npFoxitReaderPlugin.dll Stack Buffer Overflow ***
---------------------------------------------
Topic: Foxit Reader
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/mNx5SSGJYF4/WLB-20…
*** Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities ***
---------------------------------------------
Topic: Drupal 6.x->7.18 getimagesize()
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/2AwbWS10dFQ/WLB-20…
*** Bugtraq: Facebook for Android - Information Diclosure Vulnerability ***
---------------------------------------------
Facebook for Android - Information Diclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525223
*** Symantec plays down PGP hole ***
---------------------------------------------
"Symantec has quenched fears about a vulnerability in its PGP technology. According to a Pastebin statement, the pgpwded. sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability in the handling of IOCTL 0x80022058...."
---------------------------------------------
http://news.hitb.org/content/symantec-plays-down-pgp-hole
*** ‘Value of a Hacked PC’ Graphic Goes Global ***
---------------------------------------------
The Value of a Hacked PC graphic, which I published on this blog a few months ago to explain bad guy uses for your PC, is getting a makeover. I’m honored to say that the SANS Institute, a security training group, has taken the idea and run with it as an educational tool, and is in [...]
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ehmnqBEd8q0/
*** Abgeschottetes Android für Unternehmen ***
---------------------------------------------
Eine speziell angepasste Version des Mobilbetriebssystems überwacht, was der User mit seinem Gerät tun kann – basierend auf der jeweiligen Nutzungssituation.
---------------------------------------------
http://www.heise.de/meldung/Abgeschottetes-Android-fuer-Unternehmen-1767696…
*** Vuln: OpenIPMI ipmievd Daemon PID Files Insecure File Permissions Vulnerability ***
---------------------------------------------
OpenIPMI ipmievd Daemon PID Files Insecure File Permissions Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51036
*** Vuln: PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities ***
---------------------------------------------
PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/27163
*** ENISA Names Drive-By Exploits as Biggest Emerging Threat of 2012 ***
---------------------------------------------
"The European Network and Information Security Agency (ENISA) has released its Cyber Threat Landscape analysis of 2012. The study, based on over 120 threat reports, highlights the top threats and their trends. According to the report, drive-by exploits malicious code injects used to exploit web browser vulnerabilities are the number one threat...."
---------------------------------------------
http://news.softpedia.com/news/ENISA-Names-Drive-By-Exploits-as-Biggest-Eme…
*** [webapps] - Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability ***
---------------------------------------------
Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/23968
*** Wichtiges Sicherheitsupdate für MoinMoin-Wiki ***
---------------------------------------------
Das Update auf Version 1.9.6 behebt unter anderem eine kritische Schwachstelle, die bereit aktiv von Cyber-Kriminellen ausgenutzt wird.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/274e0d0f/l/0L0Sheise0Bde0Cmel…
*** Payment Card Fraud in the European Union ***
---------------------------------------------
"The criminal market of payment card fraud (PCF) within the European Union (EU) is dominated by well structured and globally active organised crime groups (OCGs). Criminal networks have managed to affect non-cash payments in the EU to the extent that protection measures are very expensive and need to be implemented on a global level. Consequently, the use of payment cards can be inconvenient and no longer fully secure for EU cardholders...."
---------------------------------------------
https://www.europol.europa.eu/sites/default/files/publications/1public_full…
*** Angriffe auf ungepatchte ColdFusion-Lücken ***
---------------------------------------------
Adobe warnt davor, dass Cyber-Kriminelle durch bislang nicht geschlossene Sicherheitslöcher in ColdFusion-Server einsteigen. Ein passender Patch ist frühestens in einer Woche fertig.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/274f87d4/l/0L0Sheise0Bde0Cmel…
*** Bugtraq: ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability ***
---------------------------------------------
ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525229
*** [webapps] - WordPress Plugin Google Document Embedder Arbitrary File Disclosure ***
---------------------------------------------
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
---------------------------------------------
http://www.exploit-db.com/exploits/23970
*** Kritische Schwachstellen in Asterisk ***
---------------------------------------------
Digium hat einige kritische Schwachstellen in der quelloffenen Telefonanlagen-Software Asterisk geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Bei den Lücken handelt es sich um Pufferüberläufe auf dem Stack, die über die Protokolle HTTP, SIP und XMPP ausgenutzt werden können. Nur bei XMPP ist hierzu eine aktive Sitzung nötig.
---------------------------------------------
http://www.heise.de/meldung/Kritische-Schwachstellen-in-Asterisk-1779526.ht…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 04-01-2013 18:00 − Montag 07-01-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Patch for IE Zero Day Wont Be Among Microsoft Security Updates Next Week ***
---------------------------------------------
"Microsoft plans to release a pair of critical bulletins on Tuesday for its first round of 2013 monthly security updates, but still has no announcement regarding a patch for the zero day vulnerability and exploit in Internet Explorer reported over the Christmas holiday. Users are urged to apply a Fix It released Dec. 31 for the vulnerability in IE 6, 7 and 8 that was at the heart of an attack on the Council on Foreign Relations website as well as that of energy manufacturer Capstone...
---------------------------------------------
http://threatpost.com/en_us/blogs/patch-ie-zero-day-wont-be-among-microsoft…
*** Dutch Government Aims to Shape Ethical Hackers Disclosure Practices ***
---------------------------------------------
"The Dutch governments cyber security center has published guidelines that it hopes will encourage ethical hackers to disclose security vulnerabilities in a responsible way."Persons who report an IT vulnerability have an important social responsibility," the Dutch ministry of Security and Justice said on Thursday, announcing guidelines for ethical hacking that were published by the countrys National Cyber Security Center (NCSC). White-hat hackers and security researchers play an...
---------------------------------------------
http://www.cio.com/article/725400/Dutch_Government_Aims_to_Shape_Ethical_Ha…
*** FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection ***
---------------------------------------------
Topic: FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection Risk: Medium Text:# Exploit Title: SQL injection in FreePBX 2.7.0.3 / Elastix 2.3.0 # Google Dork: N/A # Date: 05/01/2013 # Exploit Author: S...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/DfqeYKHkuXM/WLB-20…
*** pfSense 2.0.1 XSS & CSRF & Command Execution ***
---------------------------------------------
Topic: pfSense 2.0.1 XSS & CSRF & Command Execution Risk: High Text: # # Exploit Title: pfSense 2.0.1 XSS & CSRF Remote root Access # Date: 04/01/2013 # Author: Yann CAM ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/1o3q8BIwTZs/WLB-20…
*** MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection ***
---------------------------------------------
Topic: MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection Risk: Medium Text:# Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS # Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/lZtyzTcL-Tc/WLB-20…
*** BSI release Draft Cyber Security standard - PAS 555\ ***
---------------------------------------------
"This PAS specifies a framework for the governance and management of cyber security risk. The requirements of this PAS define the overall outcomes of effective cyber security, and include technical, physical, cultural and behavioural measures alongside effective leadership and governance. While there are many standards and guidelines available that can help tackle cyber security risk, they tend to define good practice as to how elements of effective cyber security might be...
---------------------------------------------
http://drafts.bsigroup.com/Home/Details/49890
*** Adobe ColdFusion Security Advisory, (Sat, Jan 5th) ***
---------------------------------------------
Adobe released a security advisory which identifies three vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631) affecting ColdFusion for Windows, Macintosh and Unix. They have received reports that these vulnerabilities are actively being exploited. Adobe is currently planning to release a fix for January 15, 2013. Additional information and mitigations options available here. [1] http://www.adobe.com/support/security/advisories/apsa13-01.html ----------- Guy Bruneau IPSS Inc.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14827&rss
*** Neuer Exploit für Lücke im Internet Explorer ***
---------------------------------------------
Einer Sicherheitsfirma gelang es nach eigenen Angaben, Microsofts provisorischen Patch für die kritische IE-Lücke auszutricksen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2738e1e8/l/0L0Sheise0Bde0Cmel…
*** Malware targets Java HTTP servers ***
---------------------------------------------
"A malware that strikes at Java HTTP servers and allows attackers to gain control on underlying systems has been spotted by security researchers of anti-virus vendor Trend Micro Inc. Using a password cracking tool, cybercriminals are able to login and gain manager/administrative rights allowing the deployment of Web application archive (WAR) file packages with the backdoor to the server, according to a post last Thursday on the Trend Labs. & Once done, the backdoor can now browse,
---------------------------------------------
http://www.itworldcanada.com/news/malware-targets-java-http-servers/146535
*** Symantec links latest Microsoft zero-day with skilled hacker gang ***
---------------------------------------------
"Symantec is crediting a hacker group with an impressive track record as responsible for finding the latest as yet unpatched vulnerability in older versions of Microsofts Internet Explorer browser. A gang Symantec calls the Elderwood group appears to have found the latest zero-day vulnerability in IE, which can allow a malicious website to automatically infect a persons computer.[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to...
---------------------------------------------
http://www.infoworld.com/d/security/symantec-links-latest-microsoft-zero-da…
*** Crimeware Author Funds Exploit Buying Spree ***
---------------------------------------------
"The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes. An...
---------------------------------------------
http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-sp…
*** Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
Topic: Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability Risk: Low Text: ## # # Exploit Title : Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability # # Author : IrI...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ESFCnSJbmkU/WLB-20…
*** Wordpress wilderness SQL injection ***
---------------------------------------------
Topic: Wordpress wilderness SQL injection Risk: Medium Text:# Exploit Title: Wordpress wilderness SQL injection # Google Dork: inurl:/wp-content/themes/wilderness/gallery.php # Date: 20...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/6WtYRSMSzoI/WLB-20…
*** Vuln: CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability ***
---------------------------------------------
CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56494
*** Sicherheit - Ubisofts Spieleplattform Uplay gehackt ***
---------------------------------------------
Spielehersteller arbeitet bereits an Lösung und ruft zu besseren Passwörtern auf
---------------------------------------------
http://derstandard.at/1356426935498/Ubisofts-Spieleplattform-Uplay-gehackt
*** Google, Yahoo, Microsoft und Amazon anfällig für Clickjacking ***
---------------------------------------------
Ein Sicherheitsforscher demonstriert an populären Webseiten wie Amazon, Google, Yahoo und Microsoft Live, dass viele Webseiten immer noch schlecht gegen Clickjacking geschützt sind.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/274546ad/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 03-01-2013 18:00 − Freitag 04-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Apache Malware Installs Zeus ***
---------------------------------------------
"The worlds most widely used web server, Apache, is a conduit to inject malicious content into web pages served by an infected Linux server, without the knowledge of the website owner. Those are the results of an analysis of a malicious Apache module, detected by ESET. They called the malware Linux/Chapro.A. Although the malware can serve practically any type of content, in this specific case it installs a variant of Win32/Zbot, malware designed to steal information from online banking
---------------------------------------------
http://www.isssource.com/apache-malware-installs-zeus/
*** Bugtraq: Aastra IP Telephone encrypted .tuz configuration file leakage ***
---------------------------------------------
Aastra IP Telephone encrypted .tuz configuration file leakage
---------------------------------------------
http://www.securityfocus.com/archive/1/525190
*** Browser vendors rush to block fake google.com site cert ***
---------------------------------------------
Turkish authoritys goof could compromise data Google and other browser vendors have taken steps to block an unauthorized digital certificate for the " *.google.com" domain that fraudsters could have used to impersonate the search giants online services.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/04/turkish_fak…
*** Holey code, Batman! Microsoft to patch 12 vulns on Tuesday ***
---------------------------------------------
Christmas zero-day flaw not included Microsoft has issued its pre Patch Tuesday report, saying it will issue seven patches fixing 12 code flaws next week but it wont provide a permanent fix for the exploit discovered during the recent holidays that is already being used in the wild.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/04/microsoft_p…
*** Canadian Government Acknowledges Security Breach ***
---------------------------------------------
"An employee of Human Resources and Skills Development Canada (HRSDC) recently misplaced an unencrypted USB drive containing sensitive data on approximately 5,000 Canadian citizens."The lost data, which was reported to the HRSDC on Nov. 17, included names, Social Insurance Numbers (similar to Social Security numbers) and other information criminals could use to defraud victims," writes TechNewsDailys Ben Weitzenkorn."The department, which handles a variety of files including
---------------------------------------------
http://www.esecurityplanet.com/network-security/canadian-government-acknowl…
*** Nicht zimperlich - DDoS-Attacken, gestohlene Daten: Harte Bandagen bei Lieferservices ***
---------------------------------------------
Strafbefehle gegen sieben Führungskräfte von Lieferheld wegen entwendeter Datenbank eines Konkurrenten
---------------------------------------------
http://derstandard.at/1356426716898/DDoS-Attacken-gestohlene-Daten-Harte-Ba…
*** Over 18,000 PayPal Phishing Websites Identified in December 2012 ***
---------------------------------------------
"Phishing websites, ones created by cybercriminals to harvest sensitive information from unsuspecting users, have become highly problematic lately. Because theyre so effective, crooks have launched a considerable number of sites that replicate popular companies. For instance, according to a study performed by Trend Micro for December 2012, a total of 18,947 phishing websites have been found to replicate PayPal...."
---------------------------------------------
http://news.softpedia.com/news/Over-18-000-PayPal-Phishing-Websites-Identif…
*** Major global Facebook Botnet taken down ***
---------------------------------------------
"A fraud ring worth around 525 million has been taken out of action by the joint efforts of Facebooks own security team and local police forces in the UK, Peru, the US and a number of other countries. The gang managed to steal the massive sum from Facebook users by secretly planting spyware on victims computers that would steal credit and bank card details. Along with financial details, personal information with worth on the black market was also lifted...."
---------------------------------------------
http://www.journalism.co.uk/press-releases/major-global-facebook-botnet-tak…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-01-2013 18:00 − Donnerstag 03-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** BSI warnt vor Sicherheitslücke im VLC Media Player ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik rät Nutzern der populären quelloffenen Videoabspielsoftware, auf die aktuelle Version 2.0.5 umzusteigen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27218c1d/l/0L0Sheise0Bde0Cmel…
*** Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack ***
---------------------------------------------
"This weeks watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturers website has been serving malware related to the attack since September. Researcher Eric Romang said that Capstone Turbine Corp., which builds power generation equipment for utilities, has been infected with malware exploiting CVE 2012-4969 for four months and the latest IE
---------------------------------------------
http://threatpost.com/en_us/blogs/energy-manufacturer-also-victimized-ie-ze…
*** 6 Big cyber security predictions for 2013 ***
---------------------------------------------
"If there is any weakness in security, you can guarantee the criminals will try to exploit it. And if a cyber criminal discovers a weakness in one community, it wont be long before that isolated crime turns into a trend. The commercialization of malware is rapidly becoming a well-organized and highly lucrative business...."
---------------------------------------------
http://venturebeat.com/2013/01/02/6-big-cyber-security-predictions-for-2013/
*** Malware SNEAK dons cunning disguise, opens creaky back door to servers ***
---------------------------------------------
Java-based exploit targets web-hosting servers A malicious backdoor designed to infect web servers poses a severe threat, Trend Micro warns.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/03/web_server_…
*** A New Way of Detecting Cybersecurity Attacks ***
---------------------------------------------
"Rajeev Bhargava is an acknowledged pioneer in the networking and software industry, and CEO of Toronto-based Decision Zone Inc. His career spans more than 30 years within the engineering and IT industry, and he has been closely associated with many of its major developments. Rajeev has advised many of North Americas largest organizations within the telecom, financial, high tech, military, retail, aerospace and government industries. He is the inventor of an anomaly detection solution used
---------------------------------------------
http://www.digitalcommunities.com/articles/A-New-Way-of-Detecting-Cyber-Sec…
*** Lücke in Ruby on Rails erlaubt SQL-Injections ***
---------------------------------------------
Alle aktuellen Versionen des Fameworks Ruby on Rails sind von einer Sicherheitslücke betroffen, die das Einschleusen von beliebigem SQL-Code ermöglicht. Nutzer sollten ihre Software möglichst schnell aktualisieren.
---------------------------------------------
http://www.heise.de/meldung/Luecke-in-Ruby-on-Rails-erlaubt-SQL-Injections-…
*** Virenverseuchte Dia-Scanner bei Tchibo verkauft ***
---------------------------------------------
Der Kaffeeröster Tchibo hat in der Vorweihnachtszeit des vergangenen Jahres einen virenverseuchten Dia-Scanner verkauft. Das Gerät wurde ab dem 11. Dezember 2012 für 60 Euro über die Filialen und den Tchibo-Onlineshop angeboten.
---------------------------------------------
http://www.heise.de/meldung/Virenverseuchte-Dia-Scanner-bei-Tchibo-verkauft…
*** Invasion of the Botnets ***
---------------------------------------------
"Millions and millions of PCs have been silently infiltrated with bot malware, creating massive bot armies, poised to steal and inflict maximum damage when triggered by their Bot Commander. There are several botnets each comprising millions of compromised PCs, such as Zeus, Conficker, Mariposa, ZeroAccess and BredoLab, waiting for the next command from their Bot Commander, so that they can spring into action and obediently carry out their strike orders like a well-disciplined and
---------------------------------------------
http://dwaterson.com/2013/01/02/invasion-of-the-botnets/
*** Cloud security to be most disruptive technology of 2013 ***
---------------------------------------------
"The Security for Business Innovation Council, comprised of IT security professionals from 19 companies worldwide, called cloud computing the main disruptive force for 2013. In its report, "Information Security Shake-Up," the group said it was evident many organizations are preparing to move more business processes to the cloud. This year, it will even be "mission-critical apps and regulated data" consigned to the cloud...."
---------------------------------------------
http://www.networkworld.com/news/2013/010313-cloud-security-265437.html
*** Facebook-Lücke erlaubte unbemerkte Webcam-Aufnahmen ***
---------------------------------------------
Rund vier Monate nachdem zwei Sicherheitsforscher eine Schwachstelle in Facebooks Video-Upload-Funktion meldeten, soll de Lücke geschlossen worden sein. Die Entdecker sind überrascht über die Höhe der von Facebook gezahlten Belohnung.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2729d37e/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 28-12-2012 18:00 − Mittwoch 02-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Microsoft Warns of New Gaming Malware ***
---------------------------------------------
"According to a recent report by Marianne Mallen of the Microsoft Malware Protection Center (MMPC), Microsoft researchers recently came across three new Trojans that specifically target Korean gamers."According to the ... MMPC, whoever is responsible for these pieces of malware is attempting to pilfer user login credentials, credit card information that is used to pay for in-game money and assorted upgrades, Korean ID numbers (a sort of Korean-variety Social Security number often
---------------------------------------------
http://www.esecurityplanet.com/malware/microsoft-warns-of-new-gaming-malwar…
*** Microsoft - Windows XP wird zum Sicherheitsrisiko ***
---------------------------------------------
Die Zeitschrift ct warnt: "Ab 2014 kann man einen XP-Rechner nur noch in völliger Isolation betreiben"
---------------------------------------------
http://text.derstandard.at/1356426331198/Windows-XP-wird-zum-Sicherheitsris…
*** 29C3 - erfolgreicher Angriff auf verschlüsselnde Festplatten ***
---------------------------------------------
Auch bei automatisch verschlüsselnden Festplatten (Self-Encrypting Drives, SED) können Angreifer die Daten mit wenigen Handgriffen auslesen: Der Informatiker Tilo Müller demonstrierte am Freitag auf dem 29. Hacker-Kongress des Chaos Computer Clubs (29C3) in Hamburg, wie sich die Hardware-Verschlüsselung von Desktop-Computern oder Laptops angreifen lässt.
---------------------------------------------
http://www.heise.de/meldung/29C3-erfolgreicher-Angriff-auf-verschluesselnde…
*** Windows 8 Will Be Harder to Hack - Security Expert ***
---------------------------------------------
"Windows 8 has already been attacked by hackers who wanted to activate the operating system at no cost, but theres no doubt its one of the most secure Windows iterations released so far. And Microsoft uses this argument to promote Windows 8 with every single occasion, while security companies across the globe confirm that its harder to attack the new OS. McAfee said in its 2013 predictions report that Windows 8 may become hackers next big target, but Rapid7 CISO and Metasploit founder HD...
---------------------------------------------
http://news.softpedia.com/news/Windows-8-Will-Be-Harder-to-Hack-Security-Ex…
*** Bugtraq: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption ***
---------------------------------------------
GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
---------------------------------------------
http://www.securityfocus.com/archive/1/525167
*** Worst email scams of 2012 ***
---------------------------------------------
"The scammers have continued to flood us with dodgy emails this year. Here are some of the worst ones weve spotted. Identity fraud and theft continues to be a big issue in the UK...."
---------------------------------------------
http://www.lovemoney.com/news/scams-and-rip-offs/scams/18904/worst-email-sc…
*** Provisorischer Fix für kritische Lücke im Internet Explorer ***
---------------------------------------------
Im Internet Explorer bis einschließlich Version 8 klafft eine kritische Sicherheitslücke. Microsoft hat nun ein Fix-It-Tool herausgegeben, mit dem sich Nutzer der betroffenen IE-Versionen schützen können, bis ein Patch fertig ist.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27194e91/l/0L0Sheise0Bde0Cmel…
*** Piraterie - Gecrackte Apps: Neue Dienste kapern iOS auch ohne Jailbreak ***
---------------------------------------------
Nachfolger von Installous könnten wesentlich mehr User erreichen
---------------------------------------------
http://derstandard.at/1356426557392/Gecrackte-Apps-Neue-Dienste-kapern-iOS-…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 27-12-2012 18:00 − Freitag 28-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** ICS-CERT Closes-out Two Alerts ***
---------------------------------------------
"Today the folks at DHS ICS-CERT published two advisories for different systems that were based upon uncoordinated disclosures reported earlier by ICS-CERT. Actually ICS-CERT only notes that one is based upon an earlier alert, but records show that both were. The affected systems are from RuggecCom and Carlo Gavazzi Automation...."
---------------------------------------------
http://chemical-facility-security-news.blogspot.nl/2012/12/ics-cert-closes-…
*** RealPlayer RealMedia File Handling Buffer Overflow ***
---------------------------------------------
Topic: RealPlayer RealMedia File Handling Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bi_N1sR5TgU/WLB-20…
*** Joomla bch and Content Shell Upload ***
---------------------------------------------
Topic: Joomla bch and Content Shell Upload Risk: High Text: [ Joomla com_content Shell Upload Vulnerability] [x] Author : Agd_Scorp [x] Home : www.turkguvenligi.info ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vUggqlfFDmw/WLB-20…
*** Vuln: Real Networks RealPlayer Multiple Security Vulnerabilities ***
---------------------------------------------
Real Networks RealPlayer Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56956
Next End-of-Shift report on 2013-01-02
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 21-12-2012 18:00 − Donnerstag 27-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Vuln: Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability ***
---------------------------------------------
Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55465
*** Java 7 update offers more security options ***
---------------------------------------------
"A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox. The plethora of security attacks that exploit flaws in the Java platform means that disallowing Java from browsers has long been recommended by security...
---------------------------------------------
http://www.fiercecio.com/techwatch/story/java-7-update-offers-more-security…
*** India Developing Its Own Secure Operating System ***
---------------------------------------------
"According to The Times of India, 150 engineers from all across the country have already been working on the project for over one year and a half, but it will take another three before the operating systems can be rolled out. The director general of the DRDO has explained that India needs its own operating system to strengthen cyber security. He has emphasized that the current operating systems used in India, regardless whether theyre Windows or Linux-based, contain numerous security...
---------------------------------------------
http://news.softpedia.com/news/India-Developing-Its-Own-Secure-Operating-Sy…
*** Vuln: WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability ***
---------------------------------------------
WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56988
*** Hook Analyser Malware Tool 2.2 ***
---------------------------------------------
"Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes: The UI and modules of the project have been re-written...."
---------------------------------------------
http://packetstormsecurity.org/files/119087
*** PHP-CGI Argument Injection Remote Code Execution ***
---------------------------------------------
Topic: PHP-CGI Argument Injection Remote Code Execution Risk: High Text:#!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution T...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/HMIGwX9uCpo/WLB-20…
*** [remote] - IBM Lotus Notes Client URL Handler Command Injection ***
---------------------------------------------
IBM Lotus Notes Client URL Handler Command Injection
---------------------------------------------
http://www.exploit-db.com/exploits/23650
*** [remote] - Microsoft SQL Server Database Link Crawling Command Execution ***
---------------------------------------------
Microsoft SQL Server Database Link Crawling Command Execution
---------------------------------------------
http://www.exploit-db.com/exploits/23649
*** NVidia Display Driver Service (nvvsvc.exe) Exploit ***
---------------------------------------------
Topic: NVidia Display Driver Service (nvvsvc.exe) Exploit Risk: High Text:/* NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE = (@...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/RWnidJO9giU/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout ***
---------------------------------------------
Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/m7FLRoPAp58/WLB-20…
*** HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03577598
*** Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability ***
---------------------------------------------
Squid cachemgr.cgi Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56957
*** QNAP-NAS anfällig für cross-site-scripting (XSS) ***
---------------------------------------------
Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird.
So ist z.B. die Photostation und die TVStation anfällig für XSS.
---------------------------------------------
http://sdcybercom.wordpress.com/
*** CA20121220-01: Security Notice for CA IdentityMinder ***
---------------------------------------------
CA Technologies Support is alerting customers to two potential risks in
CA IdentityMinder (formerly known as CA Identity Manager). Two
vulnerabilities exist that can allow a remote attacker to execute
arbitrary commands, manipulate data, or gain elevated access. CA
Technologies has issued patches to address the vulnerability.
---------------------------------------------
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B…
*** VMWare posts some updates, (Fri, Dec 21st) ***
---------------------------------------------
Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that).... .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch! -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14740&rss
Next End-of-Shift report on 2012-12-27
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 19-12-2012 18:00 − Donnerstag 20-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Sweet Orange Exploit Kit Offers Customers Higher Infection Rates ***
---------------------------------------------
"The newly emerging Sweet Orange Exploit Kit boasts a 10 to 25 percent infection rate and is promising to drive 150,000 unique visitors per day to the websites of its customers, according to Jeff Doty and Chris Larsen of Blue Coat Security. If the claims of Sweet Oranges authors reflect reality, it means that users of the kit can expect to add anywhere between 15,000 and 37,500 machines to their botnet per day. Sweet Orange has 45 dedicated IP addresses and 267 unique domains, which Doty...
---------------------------------------------
http://threatpost.com/en_us/blogs/sweet-orange-exploit-kit-offers-customers…
*** MyBB MyYoutube Cross Site Scripting ***
---------------------------------------------
Topic: MyBB MyYoutube Cross Site Scripting Risk: Low Text:# Exploit Title: MyYoutube MyBB Stored XSS # Date: 17.12.2012 # Exploit Author: limb0 # Vendor Homepage: http://www.mybb-es....
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/C8aZDfreDmo/WLB-20…
*** MyBB Xbox Live ID Cross Site Scripting ***
---------------------------------------------
Topic: MyBB Xbox Live ID Cross Site Scripting Risk: Low Text:# Exploit Title: Xbox Live ID MyBB Plugin Stored XSS # Date: 13/12/2012 # Exploit Author: limb0 # Vendor Homepage: http://ww...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/qUghUFk2MwE/WLB-20…
*** Vuln: Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities ***
---------------------------------------------
Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56906
*** Bugtraq: EMC Avamar: World writable cache files ***
---------------------------------------------
EMC Avamar: World writable cache files
---------------------------------------------
http://www.securityfocus.com/archive/1/525095
*** Apache plug-in doles out Zeus attack ***
---------------------------------------------
Points victims to Sweet Orange exploit server, slurps banking credentials Anti-virus outfit Eset has discovered a malicious Apache module in the wild that serves up malware designed to steal banking credentials.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/apache_dang…
*** SurgeFTP Remote Command Execution ***
---------------------------------------------
Topic: SurgeFTP Remote Command Execution Risk: High Text:require msf/core class Metasploit3
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/iwcAssIZcxo/WLB-20…
*** Drupal Core 6.x & 7.x Access Bypass & Code Execution ***
---------------------------------------------
Topic: Drupal Core 6.x & 7.x Access Bypass & Code Execution Risk: High Text:View online: http://drupal.org/SA-CORE-2012-004 * Advisory ID: DRUPAL-SA-CORE-2012-004 * Project: Drupal core [1] * ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bLFpBaVeTdc/WLB-20…
*** ENISA on Smart Grids: a Risk-Based Approach Is Key to Secure Implementation ***
---------------------------------------------
"The European Network and Information Security Agency (ENISA) has released a new report to help smart grid providers properly secure their infrastructures against cyberattacks. The European Union hopes to achieve a 20% increase in renewable energy, a 20% reduction in CO2 emissions, and a 20% increase in energy efficiency by 2020. Smart grids can help a lot in achieving these goals, but they must be rolled out in a secure way...."
---------------------------------------------
http://news.softpedia.com/news/ENISA-on-Smart-Grids-a-Risk-Based-Approach-I…
*** Vuln: Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities ***
---------------------------------------------
Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56982
*** PGP, TrueCrypt-encrypted files CRACKED by £300 tool ***
---------------------------------------------
Plod at the door? Better yank out that power cable ElcomSoft has built a utility that forages for encryption keys in snapshots of a PCs memory to decrypt PGP and TrueCrypt-protected data.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/elcomsoft_t…
*** Sicherheitslücke in AMDs Catalyst-Control-Center ***
---------------------------------------------
Eigentlich soll das Catalyst-Control-Center von AMD helfen die Treiber für Grafikkarten so aktuell wie möglich zu halten - über ein Ausnutzen der Update-Benachrichtigung kann vermutlich ein manipulierter Treiber untergejubelt werden.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/26cbb061/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 18-12-2012 18:00 − Mittwoch 19-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** The Only 2013 Cybersecurity Predictions List You Need to Read ***
---------------------------------------------
"Please, allow me to save you some time reading all of those Top 10 Cybersecurity Threats of 2013 lists from journalists, bloggers, analysts, vendors and other crackpots. Nearly all of them will include the 10 following threats, in varying orders:The Cloud Lots of vulnerabilities out there. BYOD/Mobile malware Its a problem dealing with all these devices...."
---------------------------------------------
http://blogs.cio.com/security/17647/only-2013-cybersecurity-predictions-lis…
*** 1-15 December 2012 Cyber Attacks Timeline ***
---------------------------------------------
"Christmas is coming quickly, we have just passed the first half of December, and hence its time for the first update of the Cyber Attacks Timeline for December. The Team GhostShell has decided to close the year with a clamorous Cyber Attack, and hence,as part of the project ProjectWhiteFox, has leaked 1. 6 million of accounts from several organizations all over the world...."
---------------------------------------------
http://hackmageddon.com/2012/12/17/1-15-december-2012-cyber-attack-timeline/
*** Enterpriser16 LB 7.1 Cross Site Scripting ***
---------------------------------------------
Topic: Enterpriser16 LB 7.1 Cross Site Scripting Risk: Low Text:Title: Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: == 2012-12-12 References: == http://ww...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Pv935OaGGFY/WLB-20…
*** [webapps] - SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability ***
---------------------------------------------
SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/23498
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 17-12-2012 18:00 − Dienstag 18-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56846
*** Vuln: Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56847
*** Vuln: TWiki Multiple Security Vulnerabilities ***
---------------------------------------------
TWiki Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56950
*** Reminder: Java 6 end-of-live February 2013 , (Mon, Dec 17th) ***
---------------------------------------------
Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here: http://www.oracle.com/technetwork/java/javase/eol-135779.html ---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14719&rss
*** Bugtraq: IPv6 Neighbor Discovery security (new documents) ***
---------------------------------------------
IPv6 Neighbor Discovery security (new documents)
---------------------------------------------
http://www.securityfocus.com/archive/1/525063
*** Cyber Security Bulletin (SB12-352) - Vulnerability Summary for the Week of December 10, 2012 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability...
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB12-352.html
*** Carberp-in-the-Mobile found on Google Play ***
---------------------------------------------
"Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play cant be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps. Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2362
*** Lookout Predicts 18 Million Android Malware Infections by End of 2013 ***
---------------------------------------------
"Lookout Mobile Security recently published its mobile threat predictions for 2013, anticipating that 18 million Android users will encounter mobile malware between the beginning of 2012 and the end of 2013."The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0. 20 percent in Japan to 0. 40 percent in the US and as high as 34...."
---------------------------------------------
http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-…
*** Trojan Upclicker malware infecting PCs via mouse input ***
---------------------------------------------
"Windows PC owners be warned theres a new strain of malware out there that befuddles users into helping it accomplish its dirty deeds via mouse clicks. Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors. FireEye researchers Abhishek Singh and Yasir Khalid noted that Trojan Upclicker is a variant...
---------------------------------------------
http://www.itproportal.com/2012/12/17/trojan-upclicker-malware-infecting-pc…
*** EU to propose mandatory reporting of cyber incidents ***
---------------------------------------------
"The European Union may force companies operating critical infrastructure in areas such as banking, energy and stock exchanges to report major online attacks and reveal security breaches, according to draft report by the European Commission. The European Commission is due to present a proposal on cybersecurity in February once it has received feedback from the European Parliament and EU countries. The proposal was initially announced in May for the third quarter this year but has been...
---------------------------------------------
http://www.euractiv.com/infosociety/eu-propose-mandatory-reporting-c-news-5…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 14-12-2012 18:00 − Montag 17-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: MyBB DyMy User Agent Plugin SQL Injection Vulnerability ***
---------------------------------------------
MyBB DyMy User Agent Plugin SQL Injection Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56931
*** Bugtraq: Wordpress Pingback Port Scanner ***
---------------------------------------------
Wordpress Pingback Port Scanner
---------------------------------------------
http://www.securityfocus.com/archive/1/525045
*** Bugtraq: DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) ***
---------------------------------------------
DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)
---------------------------------------------
http://www.securityfocus.com/archive/1/525044
*** ENISA - Introduction to Return on Security Investment ***
---------------------------------------------
"As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention...."
---------------------------------------------
http://www.enisa.europa.eu/activities/cert/other-work/introduction-to-retur…
*** Foswiki Remote code execution and other vulnerabilities in MAKETEXT ***
---------------------------------------------
Topic: Foswiki Remote code execution and other vulnerabilities in MAKETEXT Risk: High Text: + Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/8WkKh9Nz_ZM/WLB-20…
*** Eurograbber: A Smart Trojan Attack - Hackers Methods Reveal Banking Know-How ***
---------------------------------------------
"The Eurograbber banking Trojan is an all-in-one hit, researchers say. It successfully compromises desktops and mobile devices, and has gotten around commonly used two-factor authentication practices in Europe. How can banking institutions defend themselves and their customers against this super-Trojan attack?..."
---------------------------------------------
http://www.bankinfosecurity.com/eurograbber-smart-trojan-attack-a-5359?rf=2…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-12-2012 18:00 − Freitag 14-12-2012 18:00
Handler: Christian Wojner
Co-Handler: n/a
*** Internet Explorer rats out the mouse - Update ***
---------------------------------------------
"Company Spider. io warns that Internet Explorer allows a users mouse position to be determined even if the mouse cursor is located outside of the browser window or the browser window isnt being displayed at all either because it is minimised or the user has switched to view another tab or window. This is potentially dangerous because it enables web pages to intercept sensitive data that is being entered via virtual keyboards and virtual keypads, say the researchers...."
---------------------------------------------
http://www.h-online.com/security/news/item/Internet-Explorer-rats-out-the-m…
*** Bugtraq: Addressbook v8.1.24.1 Group Name XSS ***
---------------------------------------------
Addressbook v8.1.24.1 Group Name XSS
---------------------------------------------
http://www.securityfocus.com/archive/1/525027
*** New Trojan attempts SMS fraud on OS X users ***
---------------------------------------------
"The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud. The new malware is a Trojan horse, dubbed "Trojan. SMSSend...."
---------------------------------------------
http://news.cnet.com/8301-1009_3-57558780-83/new-trojan-attempts-sms-fraud-…
*** Apple updates OS X malware definitions for new fake-installer/SMS trojan ***
---------------------------------------------
"MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as TrojanSMSSend...."
---------------------------------------------
http://9to5mac.com/2012/12/13/apple-updates-os-x-malware-definitions-for-ne…
*** Backdoor Found at NDIS Level ***
---------------------------------------------
"It is one thing to have a piece of malware that can focus on targeted attacks, but it is quite another to have it also be nearly invisible. That is just what a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel. A, is able to do, said researchers at Microsofts Malware Protection Center...."
---------------------------------------------
http://www.isssource.com/backdoor-found-at-ndis-level/
*** New Attacks from Gameover Gang ***
---------------------------------------------
"Millions of emails, which pose as coming from major U.S. banks, are spamming out, according to Dell SecureWorks Counter Threat Unit. The fake but convincing-looking emails appeal to a more security-minded banking customer: You have received a new encrypted message or a secure message from [XYZ] Bank, one of the email campaigns said, noting the bank has set up a secure email exchange for its customers as a way to allay privacy and security concerns. The message includes an infected
---------------------------------------------
http://www.isssource.com/new-attacks-from-gameover-gang/
*** Yet another eavesdrop vulnerability in Cisco phones ***
---------------------------------------------
Security groundhog day A university student presenting at the Amphion Forum has demonstrated turning a Cisco VoIP phone into a listening device, even when it's on the hook.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/13/cisco_voip_…
*** Dexter malware targets point of sale systems worldwide ***
---------------------------------------------
"You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems. First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking providers...."
---------------------------------------------
http://www.theregister.co.uk/2012/12/14/dexter_malware_targets_pos_systems/
*** Top 7 security predictions for 2013 ***
---------------------------------------------
"A seismic shift in who controls the Internet? Another Mac malware outbreak? Your smart TV being highjacked for a DDoS attack?..."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14120
*** [DNB] Joomla, WordPress Sites Hit by IFrame Injection Attacks ***
---------------------------------------------
'....Users of the popular Joomla content management system are being
urged by security experts to upgrade to the latest version after
reports of exploits being used to compromise websites built on the
platform......'
---------------------------------------------
https://threatpost.com/en_us/blogs/joomla-wordpress-sites-hit-iframe-inject…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 12-12-2012 18:00 − Donnerstag 13-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Researchers uncover Tor-powered Skynet botnet ***
---------------------------------------------
"Rapid7 researchers have recently unearthed an unusual piece of malware that turned out to be crucial to the formation of an elusive botnet - dubbed Skynet by the researchers - whose existence has been documented in a very popular Reddit "I Am A" thread. The Trojan in question has DDoS and Bitcoin-mining capabilities, but its main function is to steal banking credentials. The botnet operator spreads the malware via the Usenet discussion forum, which is also a popular platform for...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2357
*** "Dexter" malware steals credit card data from point-of-sale terminals ***
---------------------------------------------
"A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30...
---------------------------------------------
http://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-d…
*** New Findings Lend Credence to Project Blitzkrieg ***
---------------------------------------------
"Project Blitzkrieg," a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2013, was met with skepticism from some in the security community after news of the scheme came to light in October. Many assumed it was a law enforcement sting, or merely the ramblings of a wannabe criminal mastermind. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/RgJgMJ51mKo/
*** Cybersecurity company using hackers own devices against them ***
---------------------------------------------
"A California cybersecurity start-up, marketing itself as a private cyber intelligence agency, works to identify foreign attackers who are attempting to steal corporate secrets; it does so by using the attackers own techniques and vulnerabilities against them; the company also collects data on hackers and tricks intruders into stealing false information Shawn Henry, the head of the FBI cyber crimes division, this year left agency after twenty-four years to become the president CrowdStrike,...
---------------------------------------------
http://www.homelandsecuritynewswire.com/dr20121213-cybersecurity-company-us…
*** Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10 ***
---------------------------------------------
"Facebooks security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions. The arrests were carried out yesterday in the U.S., U.K., the Balkans, South America and New Zealand in connection with spreading the Yahos malware on Facebook from 2010 to this October. Yahos compromised more than 11 million computers, the FBI said...."
---------------------------------------------
http://threatpost.com/en_us/blogs/facebook-security-fbi-take-down-butterfly…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 11-12-2012 18:00 − Mittwoch 12-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** First fake-installer Trojan for Mac OS ***
---------------------------------------------
December 11, 2012 Russian anti-virus company Doctor Web informs users about a new Trojan for Mac OS X dubbed Trojan.SMSSend.3666. The malicious scheme used to spread this Trojan is notorious among many Windows users but until now it hasnt been employed to deceive owners of Macs. Trojan.SMSSend is a fake installer which can be downloaded from various sites under the guise of useful software. Trojan.SMSSend programs are found in large numbers on the Internet. These are fake installers available
---------------------------------------------
http://news.drweb.com/show/?i=3138&lng=en&c=9
*** Web-Seiten identifizieren Besucher über deren soziale Netze ***
---------------------------------------------
Der New Yorker Sumit Suman staunte nicht schlecht. Nach seinem Besuch der Web-Seiten von UberVu bekam er am nächsten Tag eine persönliche E-Mail mit Werbeangeboten der Firma.
---------------------------------------------
http://www.heise.de/security/meldung/Web-Seiten-identifizieren-Besucher-ueb…
*** Dezember-Patchday bei Microsoft und Adobe ***
---------------------------------------------
Microsoft und Adobe haben ihre Dezember-Patchdays abgehalten und dabei zahlreiche kritische Lücke geschlossen. Während Microsoft die meisten Windows-Versionen, den Internet Explorer, Word und einige Server-Produkte abgesichert hat, gab es von Adobe Patches für den Flash Player, AIR und ColdFusion.
---------------------------------------------
http://www.heise.de/security/meldung/Dezember-Patchday-bei-Microsoft-und-Ad…
*** Microsoft Internet Explorer 610 Mouse Tracking ***
---------------------------------------------
Topic: Microsoft Internet Explorer 610 Mouse Tracking Risk: Medium Text:Summary: Unprivileged attackers can track your system-wide mouse movements from any IE page, even when the page is unfocused o...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/GTaeIyspNpM/WLB-20…
*** Samsungs smart TVs wide open to exploits ***
---------------------------------------------
The downside to being more like a PC Samsungs Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/smart_tv_pw…
*** Russian space research org targeted by mystery malware attack ***
---------------------------------------------
Korean message forum becomes cyber-espionage hub Security researchers have discovered a targeted attack against Russian hi-tech firm that appears to originate in Korea.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/russian_cyb…
*** North America and Europe Most Threatened by Money-Stealing Android Trojans ***
---------------------------------------------
"If youre living in Europe or North America and if youre an Android user, the mobile malware that targets you is most likely designed to steal your money. On the other hand, if you live in Asia, youre more likely to be bombarded with aggressive adware and annoying ads. These are the results of a study performed by security firm Bitdefender with the aid of its mobile security solution, between January 1 and December 1, 2012...."
---------------------------------------------
http://news.softpedia.com/news/North-America-and-Europe-Most-Threatened-by-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 10-12-2012 18:00 − Dienstag 11-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Beware of Bitcoin miner posing as Trend Micro AV ***
---------------------------------------------
"Malware almost always comes in disguise, but some malware peddlers try to do a better job than others. Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself off as "Trend Micro AntiVirus Plus AntiSpyware" (click on the screenshot to enlarge it):Unfortunately for whose who get fooled, the software in question is a Trojan that creates the process svchost. exe and downloads additional malicious components such as a Bitcoin miner application
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2349
*** Multipurpose Necurs Trojan infects over 83,000 computers ***
---------------------------------------------
"The polivalent Necurs malware family has been wreaking havoc in November by infecting over 83,000 unique computers - and that are only the ones detected by Microsofts solutions! The Necurs Trojan is capable of:Modifying the computers registry in order to make itself start after every reboot. Dropping additional components that prevents a large number of security applications from functioning correctly, including the ones manufactured by Avira, Kaspersky Lab, Symantec and
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2350
*** 200,000 new malicious programs detected every day ***
---------------------------------------------
"Kaspersky Lab released its annual Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2012. The report revealed significant growth of Mac-specific malware and an explosive growth in the number of threats targeting the Android platform. Overall, Kaspersky Lab detected and blocked more than 1...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2352
*** Necurs Rootkit Infections Way Up ***
---------------------------------------------
"Infections from a nasty bit of malware, generally delivered by the Black Hole Exploit Kit, surged in November, hitting more than 83,000 machines. Microsofts Malware Protection Center rates the Necurs rootkit threat as severe. Dubbed a rootkit by Kaspersky Lab, Necurs has many dimensions to it...."
---------------------------------------------
http://threatpost.com/en_us/blogs/necurs-rootkit-infections-way-120712?
*** Joomla (and WordPress) Bulk Exploit Going on, (Mon, Dec 10th) ***
---------------------------------------------
Weve gotten some reports and discussion around many Joomla (and some WordPress) sites exploited and hosting IFRAMES pointing to bad places. Well get to the downloaded in a second, but the interesting thing to note is that it doesnt seem to be a scanner exploiting one vulnerability but some tool thats basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. Wed like PCAPs or weblogs if youre seeing something similar in your environment.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14677&rss
*** Russian ransomware strikes Queensland doctor ***
---------------------------------------------
Seven years of patients files encrypted by crooks. A medical practice in the Australian state of Queensland, the Miami Family Medical Centre, has been hit by ransomware said to originate in Russia.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/queensland_…
*** Unzuverlässige Trojaner-Warnungen durch Android 4.2 ***
---------------------------------------------
Nur 15 Prozent der in einer Analyse eingesetzten Schadsoftware hat der mit Googles Betriebssystem Jelly Bean (Android 4.2) kommende App Verification Service entdeckt.
---------------------------------------------
http://www.heise.de/security/meldung/Unzuverlaessige-Trojaner-Warnungen-dur…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 07-12-2012 18:00 − Montag 10-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Sophos Security Threat Report 2013, today... tomorrow ***
---------------------------------------------
"Sophos was one of the first security firms that has published a report, Sophos Security Threat Report 2013, on current status of security landscape making predictions for incoming year. The document propose an interesting overview on most common and dangerous cyber threats attempting to determine the level of penetration by different countries. The factors that have primary contributed to the diffusion of new cyber threats are the increasing in use of social networks platforms and
---------------------------------------------
http://www.infosecisland.com/blogview/22771-Sophos-Security-Threat-Report-2…
*** Onlinebanking lieber per Althandy ***
---------------------------------------------
Derzeit droht Nutzern von Internet-Banking-Diensten Gefahr durch den Trojaner Eurograbber, der Geld von mehr als 30 000 Bankkonten erbeutet haben soll. Er greift Online-Banking-Teilnehmer, die PC und Smartphone kombiniert einsetzen, gezielt an und fängt durch geschickte Fragen sowohl Kontodaten als auch Transaktionsnummern seiner Opfer ab. Internetnutzer können sich jedoch mit ein paar Tricks schützen.
---------------------------------------------
http://www.heise.de/security/meldung/Onlinebanking-lieber-per-Althandy-1764…
*** My Little Pronny: Autorun worms continue to turn ***
---------------------------------------------
"Malware activity exploiting Autorun on Windows computers has been generating quite a few calls to ESET support lines lately, reminding us that old infection techniques seldom die and USB flash drives can still be an effective means of getting malicious code onto a computer. USB drives can be used to infect computers that automatically execute files on removable media when that media is inserted. On Windows machines this is known as the Autorun feature (referred to as Autoplay in Windows
---------------------------------------------
http://blog.eset.com/2012/12/07/autorun-worm-continues-to-turn
*** 16-30 November 2012 Cyber Attacks Timeline ***
---------------------------------------------
"November has gone and its time to review this months cyber landscape. From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the
---------------------------------------------
http://hackmageddon.com/category/security/cyber-attacks-timeline/
*** That square QR barcode on the poster? Check its not a sticker ***
---------------------------------------------
Crooks slap on duff codes leading to evil sites Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/10/qr_code_sti…
*** Trojans spread from compromised Dalai Lama website ***
---------------------------------------------
December 5, 2012 Russian anti-virus company Doctor Web is informing users that several Trojans are being spread from compromised websites. In particular, malware is being downloaded from the official site of the Dalai Lama. Mac OS X systems are in danger as well as Windows PCs. Several days ago Doctor Web was informed that the official site of Tibet's spiritual leader, the Dalai Lama, had been compromised. Doctor Webs analysts discovered that when loading a page from the site in a
---------------------------------------------
http://news.drweb.com/show/?i=3124&lng=en&c=9
*** DDoS Attacks: Lessons Learned - 4 Thought Leaders Share Insights About Bank Attacks ***
---------------------------------------------
"Distributed-denial-of-service attacks waged against leading U.S. banks between mid-September and mid-October led to improved information sharing about threats. And that exchange proved effective in minimizing disruptions. Inter-bank and industry communication helped financial institutions targeted later in the DDoS campaign suffer less severe outages than those targeted earlier, says Mike Smith, a DDoS specialist at Web security vendor Akamai Technologies...."
---------------------------------------------
http://www.bankinfosecurity.com/ddos-attacks-lessons-learned-a-5343?rf=2012…
*** The "hidden" backdoor - VirTool:WinNT/Exforel.A ***
---------------------------------------------
Recently we discovered an advanced backdoor sample -
VirTool:WinNT/Exforel.A. Unlike traditional backdoor samples, this
backdoor is implemented at the NDIS (Network Driver Interface
Specification) level.
https://blogs.technet.com/b/mmpc/archive/2012/12/09/the-quot-hidden-quot-ba…
*** Vuln: TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities ***
---------------------------------------------
TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56602
*** VLC Media Player 2.0.4 Buffer Overflow ***
---------------------------------------------
Topic: VLC Media Player 2.0.4 Buffer Overflow Risk: High Text:Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : http:/...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JsOQvc6gSeY/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-12-2012 18:00 − Freitag 07-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Sieben Microsoft-Patches auf einen Streich am Patchday ***
---------------------------------------------
Microsoft kündigte an, anlässlich seines Dezember-Patchdays am kommenden Dienstag sieben Patch-Pakete (Bulletins) herauszugeben, die insgesamt elf Sicherheitslücken schließen. Fünf der Patch-Pakete stuft das Unternehmen als kritisch ein; sie schließen Lücken, die das Einschleusen von Schadcode aus der Ferne erlauben.
---------------------------------------------
http://www.heise.de/security/meldung/Sieben-Microsoft-Patches-auf-einen-Str…
*** Viele beliebte Windows-Programme unzureichend gesichert ***
---------------------------------------------
Der Autor der Software SlopFinder beschreibt, dass viele beliebte Windows-Programme selbst grundlegende Schutzmechanismen nicht verwenden. So soll bei DEP (Data Execution Prevention) der Prozessor über ein Flag (NX-Bit) die Ausführung von eingeschleustem Schadcode im Datenbereich verhindern.
---------------------------------------------
http://www.heise.de/security/meldung/Viele-beliebte-Windows-Programme-unzur…
*** RSA boss predicts "catastrophic" cyber attack ***
---------------------------------------------
"A large-scale attack on critical infrastructure will soon become a reality, according to RSA chief executive Art Coviello. The security boss said that poor government security protections combined with increasingly sophisticated attack techniques has left critical infrastructure at risk for attacks which could cause widespread damage."I abhor the phrase Cyber Pearl Harbor because I think it is a poor metaphor to describe the state I believe we are in," Coviello
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2229201/rsa-boss-art-coviello-predicts-catas…
*** Skynet, a Tor-powered botnet straight from Reddit ***
---------------------------------------------
FROM: Matthias Fraidl <fraidl(a)cert.at>
Following is an overview of this malware labelled by the creator as
Skynet: a Tor-powered trojan with DDoS, Bitcoin mining and Banking
capabilities, that we observed spreading through the veins of Usenet.
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor…
---------------------------------------------
/taranis/mod_assess/show_mail.pl?id=1826
*** BlackHole Exploit Kit Has Difficulties in Infecting Chrome Users, Experts Say ***
---------------------------------------------
"The notorious BlackHole exploit kit has been around for quite some time now, with new iterations being released periodically. While it can be considered one of the most efficient cybercriminal tools, BlackHole doesnt like it when its victims utilize Googles Chrome web browser. According to experts from Blue Coat, when potential victims are tricked into clicking on links that point to BlackHole-infested websites, theyre presented with a loading or a please wait message, while in the
---------------------------------------------
http://news.softpedia.com/news/BlackHole-Exploit-Kit-Has-Difficulties-in-In…
*** New Trojan Exploits Mobile Channel - Eurograbber Defeats Two-Factor Authentication ***
---------------------------------------------
"Eurograbber is more than just another banking Trojan. Its an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Points Darrell Burkey. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks...."
---------------------------------------------
http://www.bankinfosecurity.com/interviews/new-trojan-exploits-mobile-chann…
*** WhatsApp schließt Lücke erneut, aber nicht überall ***
---------------------------------------------
Das Katz-und-Maus-Spiel um die Sicherheit von WhatsApp geht in die nächste Runde: Nachdem heise Security vor rund einer Woche demonstriert hatte, dass die Android-Version nach wie vor anfällig für Account-Hijacking ist, bietet der Betreiber nun WhatsApp-Version 2.8.8968 über Google Play an, die eine verbesserte Rufnummern-Verifikation verspricht.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-schliesst-Luecke-erneut-aber-…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-12-2012 18:00 − Mittwoch 05-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** SHA1-Schwäche begünstigt Passwortknacker ***
---------------------------------------------
Jens Steube, einer der Autoren des populären Passwortknackers Hashcat, hat eine "Schwäche im kryptografischen Hash-Verfahren SHA1" (PDF-Datei) ausgemacht, die es ihm erlaubt, das Knacken von Passwörtern um etwa 20 Prozent zu beschleunigen.
---------------------------------------------
http://www.heise.de/security/meldung/SHA1-Schwaeche-beguenstigt-Passwortkna…
*** ATM Thieves Swap Security Camera for Keyboard ***
---------------------------------------------
This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like childs play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/kPS5w9ExcfQ/
*** Twitter’s deathless spoofing bug gets the heart-stake again ***
---------------------------------------------
Facebook, Venmo also plug SMS vuln Twitter says it has plugged its years-old SMS spoofing vulnerability after yet-another disclosure, this time by security consultant Jonathan Rudenberg. Facebook and social payments outfit Venmo have also blocked the vulnerability.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/05/twitter_dum…
*** Security Patch released for BIND 9.9.2, (Wed, Dec 5th) ***
---------------------------------------------
A security patch was released for BIND 9.9.2. The patch addresses 26 different bugs and/or security issues. Update your bind DNS server to version 9.9.2-P1. Updates can be downloaded here: http://www.isc.org/downloads/all More information is available here: https://kb.isc.org/article/AA-0082 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14641&rss
*** Apache Tomcat CSRF Prevention Filter Bypass ***
---------------------------------------------
Topic: Apache Tomcat CSRF Prevention Filter Bypass Risk: Low Text:CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/llUlhAAXXjo/WLB-20…
*** Apache Tomcat Security Bypass ***
---------------------------------------------
Topic: Apache Tomcat Security Bypass Risk: Medium Text:CVE-2012-3546 Apache Tomcat Bypass of security constraints Severity: Important Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bHs7rEreGXQ/WLB-20…
*** HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03464042
*** HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS) ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03556108
*** HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
*** Sophos Security Threat Report 2013: Norway Is the Safest Country ***
---------------------------------------------
"Sophos has just released its Security Threat Report 2013. The study focuses on topics such as Mac malware, targeted attacks, polymorphic attacks, ransomware, Android threats, Java attacks, and the BlackHole exploit kit. An interesting part of the report is the one which details the 10 riskiest and the 10 safest countries in the world...."
---------------------------------------------
http://news.softpedia.com/news/Sophos-Security-Threat-Report-2013-Norway-Is…
*** New 25-GPU Monster Devours Strong Passwords In Minutes ***
---------------------------------------------
chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cC50oUE-O1A/story01.htm
*** The Citadel crimeware kit - under the microscope ***
---------------------------------------------
Ever since the source code of the Zeus crimeware kit, also known as
Zbot, was leaked onto the internet in May 2011, many new variants have
appeared. These have typically added new features and improved on the
old code. One particularly prevalent example is Citadel.
---------------------------------------------
http://nakedsecurity.sophos.com/2012/12/05/the-citadel-crimeware-kit-under-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-12-2012 18:00 − Dienstag 04-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Instagram-App anfällig für Account-Hijacking ***
---------------------------------------------
Der Netzwerkverkehr der Instagram-App ist offenbar unzureichend geschützt: Wie der Sicherheitsexperte Carlos Reventlov berichtet, kommuniziert die App der Fotogemeinde unverschlüsselt über HTTP mit dem Instagram-Server. Ein Angreifer kann beim Belauschen des Datenverkehrs laut Reventlov ein Session-Cookie stehlen und damit im Kontext des Belauschten auf den Nutzerbereich von instagram.com zugreifen.
---------------------------------------------
http://www.heise.de/security/meldung/Instagram-App-anfaellig-fuer-Account-H…
*** Bugtraq: FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability ***
---------------------------------------------
FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524894
*** Bugtraq: ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities ***
---------------------------------------------
ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524892
*** Vuln: OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability ***
---------------------------------------------
OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56726
*** Vuln: OpenStack Token Expiration Security Bypass Vulnerability ***
---------------------------------------------
OpenStack Token Expiration Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56727
*** Vrublevsky Sues Kaspersky ***
---------------------------------------------
The co-founder and owner of ChronoPay, one of Russias largest e-payment providers, is suing Russian security firm Kaspersky Lab, alleging that the latter published defamatory blog posts about him in connection with his ongoing cybercrime trial.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/7qcGBLXbf74/
*** Vuln: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability ***
---------------------------------------------
Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56692
*** Bugtraq: SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion ***
---------------------------------------------
SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion
---------------------------------------------
http://www.securityfocus.com/archive/1/524903
*** Snort-2.9.4 has been released, (Mon, Dec 3rd) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14629&rss
*** Vuln: Oracle MySQL acl_get() Buffer Overflow Vulnerability ***
---------------------------------------------
Oracle MySQL acl_get() Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56769
*** Bug Hunter Finds Blended Threat Targeting Yahoo Web Site ***
---------------------------------------------
"A Romanian bug hunter has discovered a "blended threat" targeting Yahoos Developer Network Web site that allows unauthorized access to Yahoo users emails and private profile data. At a security conference Sunday, Sergiu Dragos Bogdan demonstrated an abbreviated version of an attack using the YQL console on developer. yahoo...."
---------------------------------------------
http://threatpost.com/en_us/blogs/bug-hunter-finds-blended-threat-targeting…
*** Rumble in the Tumblr: Troll-worm infected thousands of blogs ***
---------------------------------------------
Infamous crew unleashed JavaScript nasty on trendy journals A worm spread like wildfire across Tumblr on Monday, defacing pages on the blogging website with an abusive message penned by a notorious trolling crew.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/04/tumblr_java…
*** Post aus der Vergangenheit: Security-Fix nach 8 Jahren ***
---------------------------------------------
Das Advisory von Januar 2005 war eines von hunderten, ähnlich gearteten dieser Zeit: Eine PHP-Applikation überprüft die Parameter einer Datenbankabfrage nicht und als Resultat kann ein Angreifer mit speziellen URLs beliebige Datenbankbefehle einschleusen. Das besondere an diesem Bug-Report zu PHP Gift Registry: Nach über 7 Jahren hat sich der Autor der Software die Mühe gemacht, dann doch noch zu antworten.
---------------------------------------------
http://www.heise.de/security/meldung/Post-aus-der-Vergangenheit-Security-Fi…
*** Schnelles Passwort-Knacken bei MySQL ***
---------------------------------------------
Der Hacker mit dem Pseudonym KingCope hat erneut eine Sicherheitsproblematik der beliebten MySQL-Datenbank veröffentlicht. Durch eine bereits bekannte Eigenart der Benutzerverwaltung ist es möglich, die Geschwindigkeit einer BruteForce-Attacke signifikant zu erhöhen. Beim sogenannten "Brute Forcing" wird einfach eine Vielzahl möglicher Passwörter durchprobiert, um so das tatsächliche Passwort des angegriffenen Kontos zu erraten.
---------------------------------------------
http://www.heise.de/security/meldung/Schnelles-Passwort-Knacken-bei-MySQL-1…
*** Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling ***
---------------------------------------------
Topic: Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling Risk: Medium Text:Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in /tmp. I...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/6ZYCFcfGM0w/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 30-11-2012 18:00 − Montag 03-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Bugtraq: NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator ***
---------------------------------------------
NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator
---------------------------------------------
http://www.securityfocus.com/archive/1/524879
*** Schöne Bescherung - Hacker veröffentlicht Exploits für MySQL und SSH ***
---------------------------------------------
Der berüchtigte Hacker mit dem Pseudonym KingCope hat offenbar seine Altbestände ausgemistet und zum ersten Advent eine ganze Reihe von Exploits veröffentlicht, die zum Teil schon aus dem Jahr 2011 stammen. Primäres Ziel ist die mittlerweile von Oracle übernommene Open-Source-Datenbank MySQL; aber auch die SSH-Server der Firma SSH und FreeSSHd/FreeFTPd sind akut gefährdet.
---------------------------------------------
http://www.heise.de/security/meldung/Schoene-Bescherung-Hacker-veroeffentli…
*** The top 25 computing coding errors that lead to 85% of criminal internet activity ***
---------------------------------------------
"The list is being hailed as a major breakthrough that should gradually make theInternet much safer. "When consumers see that most vulnerabilities are caused by amere 25 weaknesses, a new standard for due diligence is likely to emerge," saysKonrad Vesey, a member of the National Security Agencys Information AssuranceDirectorate...."
---------------------------------------------
http://www.sans.org/top25-software-errors/#s4
*** OurWebFTP 5.3.5 Cross Site Scripting ***
---------------------------------------------
Topic: OurWebFTP 5.3.5 Cross Site Scripting Risk: Low Text:HTTPCS Advisory : HTTPCS112 Product : OurWebFTP Version : 5.3.5 Page : /index.php Variables : mwb_control2=Enter&mw...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Z9CTYZ5_rmc/WLB-20…
*** Libsyn Cross Site Scripting ***
---------------------------------------------
Topic: Libsyn Cross Site Scripting Risk: Low Text:As you can see from my publications for last five years, I like holes which are placed at hundreds or millions of web sites. S...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/xmo2Up5J5oE/WLB-20…
*** FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities ***
---------------------------------------------
Topic: FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities Risk: Low Text:Title: FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: == 2012-12-01 References: == http://...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/WC5HCX-SaKI/WLB-20…
*** Critical infrastructure systems should never have moved online, warn security experts ***
---------------------------------------------
"UK businesses linked to critical infrastructure areas have opened themselves up to cyber attacks by prematurely moving key systems online, according to prominent security experts. Co-founder of information security site The Jericho Forum, Paul Simmonds, highlighted the fact that the desire to cut costs by moving systems online has left firms vulnerable to cyber attacks."Im worried were rushing headlong into connecting parts of critical infrastructure items to the internet," ...
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2228538/critical-infrastructure-systems-shou…
*** Blogger demonstrieren gewieften Passwortklau ***
---------------------------------------------
Mitarbeitern der Firma Neophasis haben herausgefunden, dass mit relativ einfachen Mitteln Passwörter und andere Nutzerdaten per JavaScript-Modifikationen aus Web-Browsern abgegriffen werden können. Dass der Diebstahl über eine oft genutzte Tastenkombination funktioniert, macht die Schwachstelle gefährlich.
---------------------------------------------
http://www.heise.de/security/meldung/Blogger-demonstrieren-gewieften-Passwo…
*** Opera Web Browser 12.11 WriteAV Vulnerability ***
---------------------------------------------
Topic: Opera Web Browser 12.11 WriteAV Vulnerability Risk: Medium Text:Title : Opera Web Browser 12.11 WriteAV Vulnerability Version : 12.11 Build 1661 and 12.12 Date : 2012-12-03 Vend...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bY9KoqQu62A/WLB-20…
*** Safety First: That Means Mobile Banking ***
---------------------------------------------
"The answer surprises; here is the question: Is it safer to bank using a desktop computer or an app on a mobile phone? The answer is that, all considered, you are vastly safer with that mobile banking app."Fraudsters go after the low-hanging fruit, and that is PC-based banking," said Andreas Baumhof, chief technology officer at ThreatMetrix, in an interview. There is substantially more traffic over online banking channels than there is mobile, and thus the keener interest of ...
---------------------------------------------
http://www.themobilityhub.com/author.asp?section_id=2262&doc_id=254931
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 29-11-2012 18:00 − Freitag 30-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Server der Atombehörde IAEA erneut attackiert ***
---------------------------------------------
Die Internationale Atombehörde IAEA wurde zum zweiten Mal binnen weniger Tage attackiert. Dabei sollen Hacker geheime Daten gestohlen haben. Über die Herkunft der Hacker ist nichts bekannt, bei den zweiten Angreifern könnte es sich allerdings um Mitglieder von Anonymous handeln.
---------------------------------------------
http://futurezone.at/netzpolitik/12741-server-der-atombehoerde-iaea-erneut-…
*** Virtualization Security: Protecting Virtualized Environments ***
---------------------------------------------
"Virtualization changes the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, and changes in IT architecture and deployment life cycles. Whats more, the technologies, best practices, and strategies used for securing physical environments do not provide sufficient protection for virtual environments...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14030
*** Sprachtwittern für Syrer ***
---------------------------------------------
Nachdem Syrien seit Donnerstag nahezu komplett vom Internet abgeschnitten ist haben Google und Twitter den Dienst "speak2tweet" wieder aufgenommen. Der Dienst nimmt Sprachnachrichten unter vier internationalen Rufnummern an, legt sie auf Google-Servern ab und veröffentlicht die Links auf Twitter (siehe da auch #SyriaBlackout).
---------------------------------------------
http://www.heise.de/security/meldung/Sprachtwittern-fuer-Syrer-1760015.html…
*** Mail hackt Router ***
---------------------------------------------
Eine ganze Reihe von Routern von Arcor, Asus und TP-Link sind anfällig für eine ungewollte Fernkonfiguration. Der Sicherheitsforscher Bogdan Calin demonstriert in seinem Blog eindrucksvoll, dass im Netz der Router schon das Anzeigen einer Mail weitreichende Konsequenzen haben kann: Seine speziell präparierte Testmail konfiguriert beim Öffnen den WLAN-Router so um, dass der Internet-Datenverkehr umgeleitet wird.
---------------------------------------------
http://www.heise.de/security/meldung/Mail-hackt-Router-1759354.html/from/at…
*** Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html, (Fri, Nov 30th) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14599&rss
*** Microsoft Security Essentials Loses AV-Test Certificate ***
---------------------------------------------
helix2301 writes "Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didnt pass the test to achieve certification. Although that may not sound that impressive, Microsofts program was the only one which didnt receive AV-Tests certificate. For comparison, the other free antivirus software, including Avast, AVG
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/jXCBvPS16VQ/story01.htm
*** Hotel-Einbrecher werden zu Arduino-Tüftlern ***
---------------------------------------------
Der auf der diesjährigen Hackerkonferenz BlackHat demonstrierte Angriff auf die elektronischen Türschlösser der Marke Onity HT wurde weiter perfektioniert und möglicherweise auch schon von Einbrechern eingesetzt. Inzwischen gibt es im Netz eine Vielzahl detaillierter Anleitungen und Videos über das Aushebeln der Türsperre.
---------------------------------------------
http://www.heise.de/security/meldung/Hotel-Einbrecher-werden-zu-Arduino-Tue…
*** Crooks inject malicious Java applet into FOREX trading website ***
---------------------------------------------
VXers wouldnt give a XXXX for anything else A FOREX trading website has been contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/30/forex_tradi…
*** Latest phishing security test shows Chrome is the best, followed by IE10, Safari, and then Firefox ***
---------------------------------------------
"Phishing scams are becoming more and more prevalent, but thankfully browser makers have also stepped up their game: the average phishing URL catch rate in the top four browsers has jumped from 46 percent in 2009 to 92 percent in 2012 and the average time it took to block a new phishing URL also improved from 16. 43 hours to 4. 87 hours...."
---------------------------------------------
http://thenextweb.com/apps/2012/11/28/latest-phishing-security-test-shows-c…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 28-11-2012 18:00 − Donnerstag 29-11-2012 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** New version of wireshark is available (1.8.4), some security fixes included. , (Wed, Nov 28th) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14587&rss
*** Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime ***
---------------------------------------------
"In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been launched, including stock takings of legal and operational obstacles that prevent collaboration, advice resulting from that, workshops that brought together members of both communities, consultation with members of both communities, etc. It was soon
---------------------------------------------
http://www.enisa.europa.eu/activities/cert/support/fight-against-cybercrime…
*** Vuln: OpenDNSSEC cURL API Security Bypass Vulnerability ***
---------------------------------------------
OpenDNSSEC cURL API Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56679
*** How to Minimize Medical Device Risks - Ethical Hacker Offers Action Items ***
---------------------------------------------
"Malware and hackers present potential security threats to wireless medical devices and safety risks to the patients who use them. But healthcare organizations and device manufacturers can take several steps to curtail those risks, says an ethical hacker who has demonstrated the vulnerability of various devices. Barnaby Jack, director of embedded device security at services firm IOActive, recently demonstrated how an implanted wireless heart defibrillator can be hacked from 50 feet away to
---------------------------------------------
http://www.healthcareinfosecurity.com/how-to-minimize-medical-device-risks-…
*** [webapps] - Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities ***
---------------------------------------------
Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/23004
*** Bugtraq: Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability ***
---------------------------------------------
Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524863
*** WhatsApp: Schwere Sicherheitslücke entdeckt ***
---------------------------------------------
Über die Handynummer sowie die Seriennummer kann relativ einfach das WhatsApp-Passwort erzeugt und so ein fremder Accounts übernommen werden. Das hat das deutsche Online-Portal heise Security aufgedeckt. Die Entwickler von WhatsApp wollen aber offenbar nichts von der Lücke wissen.
---------------------------------------------
http://futurezone.at/produkte/12738-whatsapp-schwere-sicherheitsluecke-entd…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 27-11-2012 18:00 − Mittwoch 28-11-2012 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Java Zero-Day Exploit on Sale for ‘Five Digits’ ***
---------------------------------------------
Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracles Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/P9epzhQazQ0/
*** Cooperation is key for Europes cyber security - Conclusion of ENISA Brussels event ***
---------------------------------------------
"A high-level event organised by Europes cyber security agency, ENISA, recognised closer cyber cooperation and mutual support as key factors for boosting cyber security for Europes citizens, governments and businesses. The meeting, held today (27th November) in Brussels, was led by ENISAs Executive Director, Professor Udo Helmbrecht, and brought together key figures from the European Parliament, European Commission and the computer industry. Participants included Ms Amelia Andersdotter,
---------------------------------------------
http://mb.cision.com/Main/119/9341197/71035.pdf
*** Sysadmin creates tool to scour web for hacked data ***
---------------------------------------------
"A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards. Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin. Or it could scour Stack Exchange for intellectual property code
---------------------------------------------
http://www.itnews.com.au/News/324176,sysadmin-creates-tool-to-scour-web-for…
*** Vuln: Tor Remote Denial of Service Vulnerability ***
---------------------------------------------
Tor Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56675
*** Yahoo zero day exploit goes on sale for $700 ***
---------------------------------------------
"A hacker has begun selling what they claim is a zero-day exploit that will let criminals hijack control of Yahoo Mail users accounts. The hacker, who goes by the moniker TheHell, posted a video marketing a $700 exploit kit on the secretive Darkode cybercrime market on Monday. The video was later spotted and re-posted onto YouTube by security blogger Brian Krebs."Im selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers...."
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2227722/yahoo-zero-day-exploit-goes-on-sale-…
*** DNS servers filled with wrong Kool-Aid, big names waylaid in Romania ***
---------------------------------------------
Microsoft, Yahoo!, Google, PayPal all graffitid A hacker today redirected web surfers looking for Yahoo, Microsoft or Google to a page showing a TV test card by apparently poisoning Googles public DNS system.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/28/google_roma…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 26-11-2012 18:00 − Dienstag 27-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Call for Entries: RSA Conference 2013 Innovation Sandbox ***
---------------------------------------------
"RSA Conference (www. rsaconference. com), the worlds leading information security conferences and expositions, today announced its annual Innovation Sandbox program has opened a call for submissions to name the Most Innovative Company at RSA Conference 2013...."
---------------------------------------------
http://www.virtual-strategy.com/2012/11/26/call-entries-rsa%C2%AE-conferenc…
*** Hintertür in Traffic-Analyse-Software Piwik ***
---------------------------------------------
Über eine nachträglich eingefügte Hintertür in der Web-Server-Analyse-Software Piwik können Angreifer die volle Kontrolle über das System erlangen. Wer Piwik in den vergangenen Wochen vom Server des Open-Source-Projekts geladen und installiert hat, sollte seine Server sofort überprüfen.
---------------------------------------------
http://www.heise.de/security/meldung/Hintertuer-in-Traffic-Analyse-Software…
*** CyberCity allows government hackers to train for attacks ***
---------------------------------------------
"CyberCity has all the makings of a regular town. Theres a bank, a hospital and a power plant. A train station operates near a water tower...."
---------------------------------------------
http://www.washingtonpost.com/investigations/cybercity-allows-government-ha…
*** Go Daddy Resets Passwords of Customers Whose Sites Are Used to Spread Malware ***
---------------------------------------------
"Last week, researchers found that cybercriminals were altering the DNS records of Go Daddy websites in an effort to redirect their visitors to their own malware-spreading domains. Go Daddy reveals that the attackers compromised the accounts by phishing out the affected customers credentials. Go Daddy representatives have told The Next Web that theyve begun identifying the affected accounts...."
---------------------------------------------
http://news.softpedia.com/news/Go-Daddy-Resets-Passwords-of-Customers-Whose…
*** Yahoo! email! hijack! exploit!... Yours! for! $700! ***
---------------------------------------------
Cybercrook: Its a bargain, guys... They usually cost way more A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts, according to a hacker who is offering to sell an alleged zero-day vulnerability exploit for $700.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/27/yahoo_email…
*** Samsung-Netzwerkdrucker mit Hintertür ***
---------------------------------------------
Das US-CERT warnt vor einem fest einprogrammierten Administrator-Account in Samsung-Druckern, der die volle Kontrolle über die Geräte ermöglicht.
---------------------------------------------
http://www.heise.de/security/meldung/Samsung-Netzwerkdrucker-mit-Hintertuer…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 23-11-2012 18:00 − Montag 26-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Mystery Chrome 0-day exploit to be unveiled in India on Saturday ***
---------------------------------------------
I dont want $60k, I want FAME? A Georgian security researcher is due to present details of an unpatched vulnerability in Googles Chrome browser at the Malcon security conference in India over the weekend.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/23/mystery_chr…
*** eBay schließt kritische Sicherheitslöcher ***
---------------------------------------------
Das Online-Auktionshaus hat unter anderem eine Lücke geschlossen, durch die man lesend und schreibend auf eine seiner Datenbanken zugreifen konnte.
---------------------------------------------
http://www.heise.de/security/meldung/eBay-schliesst-kritische-Sicherheitslo…
*** Dreamhost Breached, Server & client information leaked ***
---------------------------------------------
A pastebin user using the handle Syst3mswt has posted a a dump of server information which appears to come from the well known and popular web hosting service Dream Host (http://www.dreamhost.com).
---------------------------------------------
http://www.cyberwarnews.info/2012/11/24/dreamhost-breached-server-client-in…
*** Digitally signed ransomware lurking in the wild ***
---------------------------------------------
"Trend Micro researchers have spotted two ransomware variants bearing the same (probably stolen) digital signature in order to fool users into running the files. Other than that, the malware acts like any other ransomware: it blocks the victims computer and shows messages that seem to come either from the FBI or the UKs Police Central e-crime Unit:"Users may encounter these files by visiting malicious sites or sites exploiting a Java vulnerability," say the researchers...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2331
*** Symantec Warns of New Malware Targeting SQL Databases ***
---------------------------------------------
"Symantec is warning of a new bit of malware that appears to be modifying corporate databases, particularly in the Middle East, though its showing up elsewhere in the world too. W32. Narilam, first discovered Nov. 15, follows a similar pattern of other worms by copying itself onto infected machines, adding registry keys and propogating through removable drives and network shares...."
---------------------------------------------
http://threatpost.com/en_us/blogs/symantec-warns-new-malware-targeting-sql-…
*** Google.com.pk and 284 Other .PK Domains Hacked ***
---------------------------------------------
ryzvonusef writes with news that hackers have taken down the local Pakistan versions of many popular websites, including google.com.pk, apple.pk, microsoft.pk and yahoo.pk. 284 sites were affected in total. Many of the sites were defaced, and a group called Eboz is taking credit for the hack. According to TechCrunch, "The root of today's attack, it seems, came via a breach of Pakistan's TLD operator, PKNIC, which administers and registers all .pk domains. Looking at affected
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/iiSda5ExrUk/story01.htm
*** New Cyber Security challenges take on Stuxnet and Malware ***
---------------------------------------------
"The Cyber Security Challenge UK has launched four new cyber challenges for budding information security experts. Professional teams from Orange, Prodrive, (ISC)2, the SANS Institute, QiniteQ and Sophos will be testing over 100 amatuer cyber defenders who will qualify via the first-round virtual contest. The challengers will have the opportunity to compete in one of four competitions:The Orange and Prodrive Risk Analysis Candidates will have to develop a complex security architecture to
---------------------------------------------
http://www.info4security.com/story.asp?sectioncode=9&storycode=4129799&c=1
*** 1-15 November 2012 Cyber Attacks Statistics ***
---------------------------------------------
"This November 2012 seems really to be endless from an Information Security Perspective. We have assisted so far to a remarkable number of Cyber Attacks. As usual is it time to provide the partial snapshot of November taken from the corresponding Cyber Attack Timeline and covering the first half of the month...."
---------------------------------------------
http://hackmageddon.com/2012/11/23/1-15-november-2012-cyber-attacks-statist…
*** EU plant Meldepflicht für Cyber-Attacken ***
---------------------------------------------
Zum besseren Schutz vor Cyber-Attacken denkt die EU auch über eine Meldepflicht von Cyberattacken für Unternehmen nach. "Ich bin ein großer Befürworter von Selbstregulierung, aber in diesem Fall fürchte ich, dass wir damit nicht weiterkommen", sagte die für die Digitale Agenda zuständige EU-Kommissarin Neelie Kroes der Süddeutschen Zeitung.
---------------------------------------------
http://www.heise.de/newsticker/meldung/EU-plant-Meldepflicht-fuer-Cyber-Att…
*** Phishing-Mail bittet um fotografierte TAN-Liste ***
---------------------------------------------
Die Ideen gehen den Phishern nicht aus: Eine neue Phishing-Mail bittet Kunden der Deutschen Bank AG, ihre TAN-Liste zu fotografieren oder einzuscannen und über eine präparierte Seite hochzuladen.
---------------------------------------------
http://www.heise.de/security/meldung/Phishing-Mail-bittet-um-fotografierte-…
*** Websense Proxy Filter Bypass ***
---------------------------------------------
Topic: Websense Proxy Filter Bypass Risk: Low Text:Websense Proxy Filter Bypass 1. Advisory Information Date published: 2012-11-25 Vendors contacted: Websense Release mo...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/OpLiRLavk6Y/WLB-20…
*** Vuln: ModSecurity POST Parameters Security Bypass Vulnerability ***
---------------------------------------------
ModSecurity POST Parameters Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56096
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 22-11-2012 18:00 − Freitag 23-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** PASSTEAL Malware Lurking on File Sharing Sites ***
---------------------------------------------
"Variants of the PASSTEAL malware are propagating by masquerading as key generators for paid applications, popular e-books, and other software on file sharing services, according Alvin John Nieto, a threat response engineer at TrendMicros TrendLabs. PASSTEAL, as its name suggests, is a piece of malware that uses various password recovery tools to steal passwords stored in the browsers of its victims. Nieto claims PASSTEAL is novel in its deviation from keyloggers that simply log...
---------------------------------------------
http://threatpost.com/en_us/blogs/passteal-malware-lurking-file-sharing-sit…
*** Infographic of the week: Why ignoring information security is lethal ***
---------------------------------------------
"Infographic of the week: Why ignoring information security is lethal...."
---------------------------------------------
http://www.londonlovesbusiness.com/3978.article
*** New report by EU Agency ENISA on digital trap honeypots to detect cyber-attacks creates a buzz ***
---------------------------------------------
"The EU cyber security Agency ENISA is launching an in-depth study on 30 different digital traps or honeypots that can be used by Computer Emergency Response Teams (CERT)s and National/Government CERTs to proactively detect cyber-attacks. The study reveals barriers to understanding basic honeypot concepts and presents recommendations on which honeypot to use. An increasing number of complex cyber-attacks demand better early warning detection capabilities for CERTs...."
---------------------------------------------
http://www.cisionwire.com/enisa---european-network-and-information-security…
*** Netherlands - One in Five pay Police Virus ransom - Free tool to fix available ***
---------------------------------------------
"Comment Bricade: one of the Bricade Research Analysts, Arjen de Landgraaf, is also on this Dutch Zembla television program, where he is commenting on the new Gozi Prinimalka banking trojan, amongst others. Translated Article:According to the Dutch Team High Tech Crime (THTC) of the KLPD, one in five victims of the police ransomware scam is actually paying the 100 Euros ransom. Team Leader Pim Takkenberg says (Zembla, tonight on Dutch television, 21...."
---------------------------------------------
http://copsincyberspace.wordpress.com/2012/11/23/een-op-vijf-slachtoffers-b…
*** Wurm manipuliert Datenbanken im Iran ***
---------------------------------------------
Das Sicherheitsunternehmen Symantec hat einen spezialisierten Wurm namens W32.Narilam entdeckt, der SQL-Datenbanken kompromittieren kann. Wie Symantec schreibt, "spricht" die Schadsoftware Persisch und Arabisch und scheint sich vor allem gegen Unternehmen im Iran zu richten.
---------------------------------------------
http://www.heise.de/security/meldung/Wurm-manipuliert-Datenbanken-im-Iran-1…
*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-12:07.hostapd ***
---------------------------------------------
FreeBSD Security Advisory FreeBSD-SA-12:07.hostapd
---------------------------------------------
http://www.securityfocus.com/archive/1/524811
*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-12:06.bind ***
---------------------------------------------
FreeBSD Security Advisory FreeBSD-SA-12:06.bind
---------------------------------------------
http://www.securityfocus.com/archive/1/524810
*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-12:08.linux ***
---------------------------------------------
FreeBSD Security Advisory FreeBSD-SA-12:08.linux
---------------------------------------------
http://www.securityfocus.com/archive/1/524813
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 21-11-2012 18:00 − Donnerstag 22-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Researcher Claims To Have Chrome Zero-Day, Google Says "Prove It" ***
---------------------------------------------
chicksdaddy writes "Googles been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isnt interested in selling it, eyebrows get raised. And thats just whats happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Rd8KcBlxVgQ/story01.htm
*** Vuln: NetIQ Privileged User Manager ldapagnt_eval() Remote Code Execution Vulnerability ***
---------------------------------------------
NetIQ Privileged User Manager ldapagnt_eval() Remote Code Execution Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56539
*** Bug-Jäger entdeckt SCADA-Lücken – und verkauft sie ***
---------------------------------------------
Der Schwachstellen-Händler ReVuln rührt weiter die Werbetrommeln und hat ein Video veröffentlicht, das Sicherheitslücken in weit verbreiteten SCADA-Industriesteueranlagen zeigen soll. Insgesamt will das Unternehmen neun Zero-Day-Lücken in SCADA-Produkten von Eaton, General Electric, Kaskad, Rockwell Automation, Schneider Electric und Siemens gefunden haben. Welche Produkte im einzelnen lückenhaft sind, gab ReVuln jedoch nicht an.
---------------------------------------------
http://www.heise.de/security/meldung/Bug-Jaeger-entdeckt-SCADA-Luecken-und-…
*** lighttpd 1.4.31 DOS POC ***
---------------------------------------------
Topic: lighttpd 1.4.31 DOS POC Risk: High Text:#!/bin/bash # simple lighttpd 1.4.31 DOS POC # CVE-2012-5533 # http://www.lighttpd.net/2012/11/21/1-4-32/ # http://download...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/oPnZGgMtSWc/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 20-11-2012 18:00 − Mittwoch 21-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Hosting Provider Automatically Fixes Vulnerabilities In Customers Websites ***
---------------------------------------------
An anonymous reader writes "Dutch hosting provider Antagonist announced their in-house developed technology that automatically detects and fixes vulnerabilities in their customers websites. The service is aimed at popular software such as WordPress, Drupal and Joomla. As soon as a vulnerability is detected, we inform the customer. We also explain how the customer can resolve the issue. In case the customer does not respond to our first notice within the next two weeks, we automatically
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VJkhR6QbCeA/story01.htm
*** PGP Zimmermann teams with Navy SEALs, SAS techies in London ***
---------------------------------------------
Offers Silent Phone crypto to biz, aid workers Encryption guru Phil Zimmermann is going after security conscious users with his new venture Silent Circle, a security start-up offering ultra-secure VoIP and texting services.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/21/silent_circ…
*** Vuln: Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability ***
---------------------------------------------
Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56484
*** Profi-Banking-Trojaner unterstützt SEPA-Überweisungen ***
---------------------------------------------
Cyber-Ganoven versuchen Geld von den Konten deutscher Online-Banking-Kunden über SEPA-Transaktionen abzubuchen, wie die zu Intel gehörende Sicherheitsfirma McAfee berichtet. Durch SEPA werden Transaktionen innerhalb der EU unkomplizierter, da nicht mehr zwischen inländischen und grenzüberschreitenden Vorgängen unterschieden wird.
---------------------------------------------
http://www.heise.de/security/meldung/Profi-Banking-Trojaner-unterstuetzt-SE…
*** HTTP Strict Transport Security als Internet-Standard ***
---------------------------------------------
Die Internet Engineering Task Force (IETF) hat die HTTPS-Sicherung HTTP Strict Transport Security (HSTS) als Internet-Standard im RFC 6797 veröffentlicht. Mit HSTS können einerseits (HTTP-)Server vorgeben, dass man die angebotenen Dienste ausschließlich über sichere, etwa per TLS verschlüsselte Verbindungen erreicht. Andererseits zwingt HSTS auch Anwendungsprogramme (User Agents) dazu, die Kommunikation mit Websites nur über verschlüsselte Verbindungen abzuwickeln.
---------------------------------------------
http://www.heise.de/security/meldung/HTTP-Strict-Transport-Security-als-Int…
*** Bugtraq: ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities ***
---------------------------------------------
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524794
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 19-11-2012 18:00 − Dienstag 20-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Bugtraq: CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers ***
---------------------------------------------
CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers
---------------------------------------------
http://www.securityfocus.com/archive/1/524767
*** Hotfix für ColdFusion 10 ***
---------------------------------------------
Das Update schließt eine DoS-Lücke in der Windows-Version von Adobes Anwendungsserver.
---------------------------------------------
http://www.heise.de/security/meldung/Hotfix-fuer-ColdFusion-10-1752975.html…
*** Vuln: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities ***
---------------------------------------------
Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56581
*** An Android Malware Analysis: DroidKungFu ***
---------------------------------------------
"Few users are aware of how Android malware works. Few understand their complexity or the amount of data they can pillage from handsets. As such, we decided to come up with a short series of articles to take apart some of the most common and potentially dangerous Android malware strands that wreak havoc on smartphones...."
---------------------------------------------
http://www.hotforsecurity.com/blog/an-android-malware-analysis-droidkungfu-…
*** Nintendo fixes Wii U network after claims of accidental hack ***
---------------------------------------------
"Just hours after the US launch of Nintendos latest game console, the Wii U, a video game fan claims that he accidentally "hacked" into the consoles online component - the Miiverse. A Wii U user called "Trike" posted on NeoGAF that he had stumbled across a secret debug menu in the Miiverse that gave him access to a Japanese language list of administrators, with seemingly the ability to regenerate passwords and delete the access rights of admins."At first it asked...
---------------------------------------------
http://nakedsecurity.sophos.com/2012/11/19/nintendos-wii-u-network-hack/
*** Malware made which can share a smartcard over the internet ***
---------------------------------------------
Use a bank or ID card as though you had it with you Security researchers have developed proof-of-concept malware that allows attackers to obtain remote access to smart card readers attached to compromised Windows PCs.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/20/smart_card_…
*** Raiffeisen Introduces PhotoTAN to Protect Customer Transactions Against Malware ***
---------------------------------------------
"European banks, which are said to have implemented far more advanced security mechanisms to protect their customers than the ones from the US, are trying to live up to their reputation. Swiss bank Raiffeisen has introduced a new security feature that relies on Crontos Visual Transaction Signing Solution. Available for customers in Switzerland starting today, the CrontoSign is designed to protect online transactions against cyberattacks that rely on clever information-stealing Trojans such...
---------------------------------------------
http://news.softpedia.com/news/Raiffeisen-Introduces-PhotoTAN-to-Protect-Cu…
*** WhatsApp stopft Sicherheitsloch – und verlangt Abo-Gebühren ***
---------------------------------------------
Der Betreiber der beliebten SMS-Alternative WhatsApp hat heimlich Änderungen an seinem Dienst vorgenommen, um eine seit längerer Zeit bekannte Schwachstelle zu stopfen. Auf viele Nutzer wartete jedoch gleich die nächste böse Überraschung: Die WhatsApp-Nutzung kostet auf den meisten Smartphone-Plattformen ab sofort Geld.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-stopft-Sicherheitsloch-und-ve…
*** Bugtraq: OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures ***
---------------------------------------------
OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures
---------------------------------------------
http://www.securityfocus.com/archive/1/524779
*** Bugtraq: SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities ***
---------------------------------------------
SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524777
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 16-11-2012 18:00 − Montag 19-11-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Bugtraq: [SE-2012-01] Security vulnerabilities in Java SE (details released) ***
---------------------------------------------
[SE-2012-01] Security vulnerabilities in Java SE (details released)
---------------------------------------------
http://www.securityfocus.com/archive/1/524746
*** Bugtraq: DC4420 - London DEFCON - November meet - Tuesday 20th November ***
---------------------------------------------
DC4420 - London DEFCON - November meet - Tuesday 20th November
---------------------------------------------
http://www.securityfocus.com/archive/1/524745
*** Stealing VM Keys from the Hardware Cache ***
---------------------------------------------
"This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the...
---------------------------------------------
http://www.schneier.com/blog/archives/2012/11/stealing_vm_key.html
*** Whats stopping your company from implementing full disk encryption? ***
---------------------------------------------
"You may have heard about the stolen NASA laptop, with its large amount of personally identifiable information of at least 10,000 NASA employees and contractors. The surprising question here, of course, has to do with the glaring absence of encryption. NASA says that that the laptop in question is scheduled to get encryption, though it would seem that not all laptops will get the same treatment...."
---------------------------------------------
http://www.fiercecio.com/techwatch/story/whats-stopping-your-company-implem…
*** perl-CGI Newline injection in Set-Cookie and P3P headers ***
---------------------------------------------
Topic: perl-CGI Newline injection in Set-Cookie and P3P headers Risk: Low Text:header() can generate Set-Cookie and P3P headers which contain invalid newlines. use CGI qw/header/; print header( -c...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/CF3xwRXWBfs/WLB-20…
*** NFR Agent FSFUI Record File Upload RCE ***
---------------------------------------------
Topic: NFR Agent FSFUI Record File Upload RCE Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zr0GNt7G1z0/WLB-20…
*** FreeBSD Project Discloses Security Breach Via Stolen SSH Key ***
---------------------------------------------
An anonymous reader writes "Following recent compromises of the Linux kernel.org and Sourceforge, the FreeBSD Project is now reporting that several machines have been broken into. After a brief outage, ftp.FreeBSD.org and other services appear to be back. The project announcement states that some deprecated services (e.g., cvsup) may be removed rather than restored. Users are advised to check for packages downloaded between certain dates and replace them, although not because known trojans...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KpcXI-S6fFw/freebsd-project…
*** Hackers Hate MVIS Security Center - the New WordPress Security Plugin ***
---------------------------------------------
"SEC Consult launches the beta phase of MVIS Security Center, an enterprise-grade security plugin for WordPress, the worlds most widely used content management system (CMS). WordPress attracts millions of users from around the world, and these users are facing increasing attacks from hackers. Even more alarming, these attacks occur on all types of websites, big or small which makes security an indispensable part of creating websites...."
---------------------------------------------
http://news.yahoo.com/hackers-hate-mvis-security-center-wordpress-security-…
*** Trojaner benutzt Google Docs als Kommunikationskanal ***
---------------------------------------------
Ein neue entdeckter Trojaner verwendet die Viewer-Funktion von Googles Office-Anwendung, um Verbindung mit seinem Kontrollrechner aufzunehmen. Google könnte das mit einer Firewall unterbinden.
---------------------------------------------
http://www.heise.de/security/meldung/Trojaner-benutzt-Google-Docs-als-Kommu…
*** Why smart people do dumb things online ***
---------------------------------------------
"David Petraeus is probably the last person you might have expected to wreck his career with an email scandal. Petraeus is smart: He graduated in the top five percent of his class at West Point and went on to earn a Ph.D. Petraeus has self-control: His self-discipline was " legendary," according to Time Magazine...."
---------------------------------------------
http://computerworld.co.nz/news.nsf/news/why-smart-people-do-dumb-things-on…
*** Active XSS flaw discovered on eBay ***
---------------------------------------------
"According to XSSed, Indian security researcher Shubham Upadhyay has discovered an active XSS flaw affecting Ebay. com. The potential attacker would need an Ebay seller account, where he would put XSS code into the HTML...."
---------------------------------------------
http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/
*** German Police Warn Mobile Phone Users of ZeuS Malware ***
---------------------------------------------
"Germanys Berlin Police Department has issued a warning after numerous bank customers have reported fraudulent cash withdrawals. All the victims own Android smartphones and they all rely on mTAN (mobile transaction authentication numbers) when performing banking transactions. F-Secure experts reveal that the malware involved in these incidents is most likely the mobile version of ZeuS, also known as ZeuS-in-the-Mobile or Zitmo...."
---------------------------------------------
http://news.softpedia.com/news/German-Police-Warns-Mobile-Phone-Users-of-Ze…
*** How Malware survives to Malware detection mechanisms ***
---------------------------------------------
Today I'd like to share some basic techniques that Malware(s) use to
protect themselves from being detected. Some of the most used approaches
to detect Maware could be described as follows:
1. Virtualize the environment in where Malware(s) run.
2. Attach a debugger to Malware processes and
3. Sandbox the execution of the analyzed Malware.
It comes straight forward that Malware writers need new techniques to...
---------------------------------------------
http://marcoramilli.blogspot.nl/2012/11/how-malware-survives-to-malware.html
*** Vuln: IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities ***
---------------------------------------------
IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56583
*** Vuln: Moodle Multiple Security Vulnerabilities ***
---------------------------------------------
Moodle Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56505
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 15-11-2012 18:00 − Freitag 16-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Google Chrome mit Sandbox für OS X ***
---------------------------------------------
Google Chrome sperrt das Flash-Plug-in mit dem aktuellen Stable-Release 23 auch unter OS X in eine Sandbox, wie die Entwickler in ihrem Blog berichten.
---------------------------------------------
http://www.heise.de/security/meldung/Google-Chrome-mit-Sandbox-fuer-OS-X-17…
*** Antivirus startup linked to infamous Chinese hacker ***
---------------------------------------------
"Anvisoft, a Chinese antivirus startup, has been linked to an infamous hacker suspected of developing sophisticated malware used to siphon sensitive information from Defense Department contractors in 2006. Through some high-tech sleuthing on the Web, Brian Krebs, author of the KrebsonSecurity blog, found Anvisoft-connected IP addresses connected Anvisoft to registered to "tandailin" in Gaoxingu, China. Tan Dailin, a.k.a. Withered Rose, was the subject of Verisigns 2007 iDefense
---------------------------------------------
http://www.csoonline.com/article/721678/antivirus-startup-linked-to-infamou…
*** Proof-of-concept malware can share USB smart card readers with attackers over Internet ***
---------------------------------------------
"A team of researchers have created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer over the Internet. The malware installs a special driver on the infected computer which allows for the USB devices connected to it to be shared over the Internet with the attackers computer. In the case of USB smart card readers, the attacker can use the middleware software provided by the smart card manufacturer to
---------------------------------------------
http://www.cio.com.au/article/442216/proof-of-concept_malware_can_share_usb…
*** Password Reset Zero-Day Reported to Skype Since October (Updated) ***
---------------------------------------------
"The details of a zero-day vulnerability that allows attackers to change the password of any Skype user have been posted on a Russian hacking forum. A similar security hole was identified by Vulnerability Lab researchers and it was reported to Skype at the beginning of October. The Next Web, which was the first to publicly reveal the existence of the flaw, reports that its details have been posted on the forum some two months ago...."
---------------------------------------------
http://news.softpedia.com/news/Skype-Password-Reset-Zero-Day-Reported-to-Sk…
*** Trojan.Gapz.1 infecting Windows in a new manner ***
---------------------------------------------
November 12, 2012 The anti-virus lab of Doctor Web - the Russian IT security vendor - has been informed of another piece of bootkit malware that is capable of concealing itself in an infected system. This application, added into virus databases under the name Trojan.Gapz.1, employs fairly interesting mechanisms to infect user computers. One of the rootkit´s purposes in an infected PC is to create an environment for loading its core modules which feature various functions.
---------------------------------------------
http://news.drweb.com/show/?i=2979&lng=en&c=9
*** How to report a computer crime: SQL injection website attack ***
---------------------------------------------
"Do you know how to report a computer crime? Or even who you would report it to? So far, weve looked at unauthorised email account access and malware in our series of articles on how to report a computer crime...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/11/15/computer-crime-sql-injection/
*** [papers] - Guidelines for Pentesting a Joomla Based Site ***
---------------------------------------------
Guidelines for Pentesting a Joomla Based Site
---------------------------------------------
http://www.exploit-db.com/download_pdf/22763
*** VMware security updates for vSphere API and ESX Service Console ***
---------------------------------------------
VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2012-0016.html
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 14-11-2012 18:00 − Donnerstag 15-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Battery-Powered Transmitter Could Crash A Citys 4G Network ***
---------------------------------------------
DavidGilbert99 writes "With a £400 transmitter, a laptop and a little knowledge you could bring down an entire citys high-speed 4G network. This information comes from research carried out in the U.S. into the possibility of using LTE networks as the basis for a next-generation emergency response communications system. Jeff Reed, director of the wireless research group at Virginia Tech, along with research assistant Marc Lichtman, described the vulnerabilities to the National
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RXIyRXl8838/story01.htm
*** Hacker Grabs 150k Adobe User Accounts Via SQL Injection ***
---------------------------------------------
CowboyRobot writes "Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do, he
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xRkFposRNps/story01.htm
*** Free hacking tool kits fuel cyber arms race ***
---------------------------------------------
"Ryan Linns hacks into corporate networks have become almost a matter of routine. On one recent morning, he woke up at his home near the Research Triangle in eastern North Carolina and walked down to an extra bedroom that he uses as an office. He sat at a workbench laden with computers, signed on to one of them and loaded a program called Metasploit...."
---------------------------------------------
http://www.smh.com.au/it-pro/security-it/free-hacking-tool-kits-fuel-cyber-…
*** Top 25 passwords of 2012 revealed ***
---------------------------------------------
"Just under a year ago we published a blog about the most popular passwords on the web as announced by security app company SplashData. The ranking is based on password information from compromised accounts posted by hackers online. This year, the list is back!..."
---------------------------------------------
http://blogs.avg.com/consumer/top-25-passwords-2012-revealed/?utm_source=AV…
*** Obama segnet angeblich Direktive zur Cyber-Sicherheit ab ***
---------------------------------------------
US-Präsident Obama hat vor einigen Wochen eine geheime Anweisung unterzeichnet, die die Operationen der USA im Cyberspace neu regeln soll. Das berichtete die Washington Post und beruft sich auf mehrere Quellen, die sich jedoch nicht öffentlich dazu äußern dürften.
---------------------------------------------
http://www.heise.de/security/meldung/Obama-segnet-angeblich-Direktive-zur-C…
*** NASA To Encrypt All of Its Laptops ***
---------------------------------------------
pev writes "After losing another laptop containing personal information, NASA wants to have all of its laptops encrypted within a months time with an intermediate ban of laptops containing sensitive information leaving its facilities. Between April 2009 and April 2011 it lost or had stolen 48 mobile computing devices. I wonder how it will be before other large organisations start following suit as a sensible precaution?" Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/vvQZvrqrp34/story01.htm
*** Opera site served Blackhole malvertising, says antivirus firm ***
---------------------------------------------
No need to issue a press release, firm tells press Opera has suspended ad-serving on its portal as a precaution while it investigates reports that surfers were being exposed to malware simply by visiting the Norwegian browser firms home page.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/15/opera_black…
*** Sicherheitsupdate für Mac Office 2008 und 2011 ***
---------------------------------------------
Microsoft hat in der Nacht zum Donnerstag für zwei Versionen seines Büropakets größere Aktualisierungen online gestellt. Laut Aussage des Konzerns beheben das Office 2008 for Mac 12.3.5 Update sowie Office for Mac 2011 14.2.5 signifikante Sicherheitslücken.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-Mac-Office-2008…
*** Bugzilla Informartion Leak & Cross Site Scripting ***
---------------------------------------------
Topic: Bugzilla Informartion Leak & Cross Site Scripting Risk: Medium Text:Summary = Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following securit...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/IoQFDSoFWoc/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 13-11-2012 18:00 − Mittwoch 14-11-2012 18:21
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Skype Disables Password Resets After Huge Security Hole Discovered ***
---------------------------------------------
another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)" concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XnPnK6MWZdY/story01.htm
*** Wichtige Updates für alle Windows-Nutzer ***
---------------------------------------------
An seinem November-Patchday hat Microsoft kritische Lücken in allen noch unterstützen Windows-Versionen geschlossen - von Windows XP SP3 bis hin zu dem gerade erst veröffentlichten Windows 8.
---------------------------------------------
http://www.heise.de/security/meldung/Wichtige-Updates-fuer-alle-Windows-Nut…
*** Lockheed Martin: dramatischer Anstieg von Cyber-Angriffen ***
---------------------------------------------
Die Anzahl der Attacken auf das Firmennetzwerk des US-Rüstungskonzerns Lockheed Martin haben sich in den letzten Jahren deutlich verstärkt. Das erklärte die Lockheed-Vizepräsidentin Chandra McMahon, wie die BBC berichtete.
---------------------------------------------
http://www.heise.de/security/meldung/Lockheed-Martin-dramatischer-Anstieg-v…
*** Trojan Horses, Malware and Other Cyber Attack Tools are Just a Click Away ***
---------------------------------------------
"Ryan Linns hacks into corporate networks have become almost a matter of routine. On one recent morning, he woke up at his home near the Research Triangle in eastern North Carolina and walked down to an extra bedroom that he uses as an office. He sat at a workbench laden with computers, signed on to one of them and loaded a program called Metasploit...."
---------------------------------------------
http://www.oregonlive.com/newsflash/index.ssf/story/trojan-horses-malware-a…
*** Online-Banking-Trojaner mit Android-Komplizen ***
---------------------------------------------
Online-Ganoven versuchen offenbar verstärkt auch die Smartphones von Online-Banking-Nutzern zu infizieren, um mTans abzugreifen. Bei der Berliner Polizei sind "in den letzten Wochen" mehrere Strafanzeigen von Opfern betrügerischer Geldabbuchungen eingegangen, bei denen die Smartphones der Opfer eine entscheidende Rolle spielten.
---------------------------------------------
http://www.heise.de/security/meldung/Online-Banking-Trojaner-mit-Android-Ko…
*** Windows 8 security is like a swiss cheese flak jacket - sez AV firm ***
---------------------------------------------
"The knives are out for Windows Defender, the basic anti-malware protection bundled with Windows 8: makers of rival antivirus products are lining up to criticise Microsofts efforts to secure its operating system. Windows 8 can be infected by 16 percent of the most common malware families, even with Windows Defender activated, according to tests by Romanian antivirus vendor Bitdefender. The latest version of Microsofts OS was compromised by 61 of 385 malware samples flung at it by
---------------------------------------------
http://www.theregister.co.uk/2012/11/13/win_defender_inadequate/
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 12-11-2012 18:00 − Dienstag 13-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stefan Lenzhofer
*** Ruby-Update behebt DoS-Lücke ***
---------------------------------------------
Die Entwickler der Programmiersprache Ruby schließen mit Version 1.9.3-p327 eine Schwachstelle, die es Angreifern erlaubt, ein System durch hohe CPU-Last lahm zu legen (Denial of Service, DoS). Der Fehler tritt beim Verarbeiten speziell präparierter Zeichenketten durch die Hash-Funktion MurmurHash auf.
---------------------------------------------
http://www.heise.de/security/meldung/Ruby-Update-behebt-DoS-Luecke-1748451.…
*** Cybercriminals start spamvertising Xmas themed scams and malware campaigns ***
---------------------------------------------
"Security researchers from Symantec are warning about a recently intercepted flood of Xmas themed malicious and fraudulent campaigns. Isn't it too early for such type of campaigns to be launched, or are the spammers behind these campaigns relying on a different set of marketing tactics? The campaign is a great example of a flawed event-based social engineering attempt...."
---------------------------------------------
http://www.zdnet.com/cybercriminals-start-spamvertising-xmas-themed-scams-a…
*** Firefox users slowest to update browser, Kaspersky Lab finds out ***
---------------------------------------------
"Nearly one in four PC users run out-of-date or obsolete versions of the most popular browsers for a month or longer with Mozilla Firefox users the slowest to update their software, Kaspersky Lab has found. The company looked at the browsers installed on a random 10-million sample of its antivirus user base, finding that Internet Explorer was marginally the most common default browser on 37,8 percent of users...."
---------------------------------------------
http://news.techworld.com/security/3410386/firefox-users-slowest-update-bro…
*** First Windows 8 and Windows RT Security Updates Due Next Week ***
---------------------------------------------
"Plenty is happening on the Microsoft patch management front. First, Adobe agreed to sync up its patch release cycles with Microsofts on the second Tuesday of every month, moving away from quarterly releases. And now on Tuesday, Microsoft will release its first security updates since the release of Windows 8...."
---------------------------------------------
http://threatpost.com/en_us/blogs/first-windows-8-and-windows-rt-security-u…
*** New report warns of SCADA CYBERGEDDON* ***
---------------------------------------------
In the worst case. The industrial control system fright machine is getting another kick along today, via a survey by Russian vendor Positive Technologies.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/12/scada_vulne…
*** Samsung Galaxy S3 sichert Passwörter im Klartext ***
---------------------------------------------
Beim beliebten Samsung Galaxy S3 ist eine Sicherheitslücke gefunden worden. Die interne App S-Memo speichert Passwörter im Klartext. Damit wird es möglich, dass jeder, der sich Zugriff beschaffen kann und weiß, wo das entsprechende File liegt, dieses auch tatsächlich lesen kann.
---------------------------------------------
http://futurezone.at/digitallife/12422-galaxy-s3-sichert-passwoerter-im-kla…
*** Even a CHILD can make a Trojan to pillage Windows Phone 8 ***
---------------------------------------------
Whippersnapper will reveal all in the Malcon tent A teenager has crafted prototype malware for Windows Phone 8 just weeks after the official unveiling of the smartphone platform.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/13/windows_pho…
*** BSI-Test: Verwundbarkeit von Windows-Rechnern im Netz ***
---------------------------------------------
Windows-Systeme soll man stets auf dem aktuellen Stand halten, beim Browser greift man am besten zu Google Chrome, auf Java verzichtet man möglichst ganz - das predigen sowohl c't als auch das Bundesamt für Sicherheit in der Informationstechnik (BSI).
---------------------------------------------
http://www.heise.de/security/meldung/BSI-Test-Verwundbarkeit-von-Windows-Re…
*** Top 5 Security Predictions for 2013 from Symantec ***
---------------------------------------------
"With this year quickly coming to an end, its time for us at Symantec to publish our predictions on what we expect will happen in the world of cybersecurity for the coming year. Most of us at Symantec tend to be fact-based, data-driven individuals. However, predicting the future always involves a bit of speculation...."
---------------------------------------------
http://www.symantec.com/connect/blogs/top-5-security-predictions-2013-syman…
*** Vuln: libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability ***
---------------------------------------------
libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55909
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 09-11-2012 18:00 − Montag 12-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Webmix - 26 Terabyte Webseiten zu Österreich gesammelt ***
---------------------------------------------
Web@rchiv Österreich umfasst mittlerweile eine Milliarde Einzeldateien
---------------------------------------------
http://text.derstandard.at/1350260844999/26-Terabyte-Webseiten-zu-Oesterrei…
*** Windows 8 Defeats 85% of Malware Detected In the Past 6 Months ***
---------------------------------------------
An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsofts latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware thats already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HOHG0NiFov4/windows-8-defea…
*** Stuxnet Infected Chevrons IT Network ***
---------------------------------------------
"Stuxnet, a sophisticated computer virus created by the United States and Israel, to spy on and attack Irans nuclear enrichment facilities in Natanz also infected Chevron s network in 2010, shortly after it escaped from its intended target. Chevron found Stuxnet in its systems after the malware was first reported in July 2010, said Mark Koelmel, general manager of the earth sciences department at Chevron. I dont think the U.S. government even realized how far it had spread, he told CIO
---------------------------------------------
http://www.cyberwarzone.com/stuxnet-infected-chevron%E2%80%99s-it-network
*** Hintergrund: Dropbox ist "ziemlich sicher" ***
---------------------------------------------
Die beiden Sicherheitsexperten Florian Ledoux und Nicolas Ruff aus der IT-Abteilung von EADS haben einen kritischen Blick auf Dropbox geworfen und ihre Ergebnisse kürzlich auf der Security-Koferenz hack.lu vorgestellt.
---------------------------------------------
http://www.heise.de/security/artikel/Dropbox-ist-ziemlich-sicher-1746596.ht…
*** Weaponized Malware: Top Four Cyberattack Tools ***
---------------------------------------------
"Over the past two years, four pieces of malware have emerged as veritable weapons and have been used for destructive purposes or to assist in such attacks.1. Stuxnet is the most widely known of the four. Stuxnet was designed with a highly specialized malware payload that targeted SCADA systems that control specific industrial processes...."
---------------------------------------------
http://cyberwarzone.com/weaponized-malware-top-four-cyberattack-tools
*** Ransom malware gangs making huge profits, Symantec discovers ***
---------------------------------------------
"The problem of ransom malware has reached epidemic proportions and could be extracting fraudulent payments from as many as 3 percent of victims, a Symantec report has calculated. In a world already afflicted by botnets, banking Trojans and established problems such as keyloggers and spam, ransomware programs that lock victims computers or files until a ransom payment is made - has grown into a major problem, with surprisingly little coverage from security vendors until recently. Symantecs
---------------------------------------------
http://news.techworld.com/security/3410078/ransom-malware-gangs-making-huge…
*** Critical Vulnerabilities In Call of Duty: Modern Warfare 3, CryEngine 3 ***
---------------------------------------------
hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-players computer." "Once you
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/itbD8UlgSco/critical-vulner…
*** Sandy turned off the lights, the phones, and the heat. A cyber attack could make it all happen again ***
---------------------------------------------
"Verizons chief technology officer surveyed a flooded major switching facility in lower Manhattan and put it bluntly: "There is nothing working here. Quite frankly, this is wider than the impacts of 9/11." Damage from Sandy is estimated to reach $20 billion, and interrupted phone service is among the least of it. Flooding in New Yorks century-old subway system is without parallel...."
---------------------------------------------
http://www.foreignpolicy.com/articles/2012/11/07/network_news?page=0,0
*** Malware Spy Network Targeted Israelis, Palestinians ***
---------------------------------------------
Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. The discovery, by Oslo-based antivirus and security firm Norman ASA, is the latest in a series of revelations involving digital surveillance activity of unknown origin that [...]
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/k12j_R4yBAo/
*** Telekom regt Sicherheits-Allianz der Unternehmen an ***
---------------------------------------------
Die Deutsche Telekom wirbt verstärkt um ein gemeinsames Vorgehen der Wirtschaft im Kampf gegen Gefahren aus dem Internet. Der Chef der Geschäftskundentochter T-Systems, Reinhard Clemens, macht sich jetzt für eine gemeinsame IT-Sicherheitstruppe mit der Gründung eines spezialisierten Unternehmens stark, wie die Financial Times Deutschland berichtet.
---------------------------------------------
http://www.heise.de/security/meldung/Telekom-regt-Sicherheits-Allianz-der-U…
*** Citadel Trojan Tough for Banks to Beat ***
---------------------------------------------
"The banking Trojan known as Citadel, which debuted in underground forums in January 2012, has evolved to become one of the financial industrys greatest worries, cybersecurity experts say. Citadel, an advanced variant of Zeus, is a keylogger that steals online-banking credentials by capturing keystrokes. Fraudsters then use stolen login IDs and passwords to access online accounts, take them over and schedule fraudulent transactions...."
---------------------------------------------
http://www.bankinfosecurity.com/citadel-trojan-tough-for-banks-to-beat-a-52…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 08-11-2012 18:00 − Freitag 09-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Matthias Fraidl
*** PixSteal-A Trojan Steals Images, Uploads to Iraqi FTP Server ***
---------------------------------------------
"A new Trojan has been identified that has the capability of stealing images from infected computers, setting the stage for anything from identity theft to blackmail. PixSteal-A also pilfers . dmp, or Windows memory dump files that contain data on system crashes and sends all stolen data to a remote FTP server in Iraq, according to Sophos. This isnt the first malware to target non text-based files...."
---------------------------------------------
http://threatpost.com/en_us/blogs/pixsteal-trojan-steals-images-uploads-ira…
*** Microsoft Security Bulletin Advance Notification for November 2012 ***
---------------------------------------------
"This is an advance notification of security bulletins that Microsoft is intending to release on November 13, 2012. This bulletin advance notification will be replaced with the November bulletin summary on November 13, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...."
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
*** QRishing Study: Curiosity Is the Largest Motivating Factor for Scanning QR Codes ***
---------------------------------------------
"Researchers from the Carnegie Mellon Universitys CyLab have released the results of a study QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks which focuses on phishing attacks that rely on QR (Quick Response) codes. QRishing is a term utilized for phishing attacks initiated via the scanning of QR codes. Such attacks are not new, but in the past period researchers have started examining them because theyre becoming more and more common...."
---------------------------------------------
http://news.softpedia.com/news/QRishing-Study-Curiosity-is-the-Largest-Moti…
*** Windows 8, Surface slabs ALREADY need critical security patch ***
---------------------------------------------
Mega vulns affect ALL Windows kit from XP onward Microsoft will release critical updates for Windows 8 and other software on Novembers Patch Tuesday next week. The upgrades will arrive within weeks of the Win 8 launch at the end of last month.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/09/nov_patch_t…
*** IT-Business - Cisco warnt: "Cyberkriminelle nur einen Mausklick entfernt" ***
---------------------------------------------
Internetumfrage ortet große Mängel in Österreichs Unternehmen
---------------------------------------------
http://derstandard.at/1350260880632/Cisco-warnt-Cyberkriminelle-nur-einen-M…
*** Siemens software targeted by Stuxnet still full of holes ***
---------------------------------------------
Software made by Siemens and targeted by the Stuxnet malware is still full of other dangerous vulnerabilities, according to Russian researchers whose presentation at the Defcon security conference earlier this year was cancelled following a request from the company.
---------------------------------------------
https://www.computerworld.com/s/article/9233378/Siemens_software_targeted_b…
*** Kreditkarte mit Display und Tastatur ***
---------------------------------------------
Mastercard hat eine neue Kreditkarte vorgestellt, die mit einem monochromen LCD-Display und numerischen Tasten ausgestattet ist. Sie bietet laut dem Unternehmen neben den normalen Funktionen einer Kreditkarte auch die Möglichkeit, Einmal-Passworte zur Authentifizierung zu generieren.
---------------------------------------------
http://www.heise.de/security/meldung/Kreditkarte-mit-Display-und-Tastatur-1…
*** Facebook Chat Can Be Used to Launch DOS Attacks, Expert Finds ***
---------------------------------------------
Security researcher Chris C. Russo claims to have discovered a way to use Facebook's chat module to launch denial-of-service (DOS) attack against any user, even if they're not friends with the attacker.
---------------------------------------------
http://news.softpedia.com/news/Facebook-Chat-Can-Be-Used-to-Launch-DOS-Atta…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 07-11-2012 18:00 − Donnerstag 08-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** New Backdoor DDoS Malware Co-Existing on Gh0stRAT-Infected Machines ***
---------------------------------------------
"Gh0st RAT has a new roommate. A new backdoor called ADDNEW has been discovered on machines infected with the Gh0st remote access Trojan, adding new distributed denial of service attack capabilities, as well as a feature that targets passwords and credentials stored on the Firefox browser. Gh0st RAT is a notorious piece of malware having been used in the Aurora attacks on Google, Adobe and other large manufacturers and technology companies...."
---------------------------------------------
http://threatpost.com/en_us/blogs/new-backdoor-ddos-malware-co-existing-gh0…
*** Experts Warn of Zero-Day Exploit for Adobe Reader ***
---------------------------------------------
Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground.The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say theyve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/Kr8ZV2vC2Fc/
*** Malware Forum Logs from Control Systems, Part Deux ***
---------------------------------------------
"Last September, I did a guest blog post titled Online-Malware-Support-Shows-Infected-ICS-Computers, where I searched for HiJackThis posts containing automation software. Basically, there are forums available to users that had been infected with viruses. These users can run a set of programs, including HijackThis, DDS, OTS, and others, to pull information from the system...."
---------------------------------------------
http://www.digitalbond.com/2012/11/07/malware-forum-logs-from-control-syste…
*** Innenministerium plant IT-Sicherheitsgesetz ***
---------------------------------------------
Die IT-Beauftragte der Bundesregierung, Cornelia Rogall-Grothe, hat eine neue Security-Initiative umrissen. Mit einem IT-Sicherheitsgesetz sollten einschlägige Mindeststandards für Betreiber kritischer Infrastrukturen etwa in den Bereichen Energie, Informations- und Kommunikationstechnologien oder der Wasserversorgung verankert werden, erklärte die Staatssekretärin auf einem Symposium in Washington. Sie würden mit dem Vorhaben zudem dazu verpflichtet, "erhebliche IT-Sicherheitsvorfälle" zu melden.
---------------------------------------------
http://www.heise.de/security/meldung/Innenministerium-plant-IT-Sicherheitsg…
*** Apple patcht Quicktime für Windows ***
---------------------------------------------
Apple hat die Windows-Ausgabe seines Multimedia-Abspielsystems Quicktime auf Version 7.7.3 aktualisiert. Die neue Ausgabe behebt zahlreiche kritische Sicherheitslücken.
---------------------------------------------
http://www.heise.de/security/meldung/Apple-patcht-Quicktime-fuer-Windows-17…
*** [TYPO3-announce] Announcing TYPO3 CMS 4.5.21, 4.6.14 and 4.7.6 ***
---------------------------------------------
the TYPO3 Community has just released TYPO3 CMS versions 4.5.21, 4.6.14 and 4.7.6 which are now ready for you to download. All versions are
maintenance releases and contain bug fixes and security fixes.
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa…
*** E-Mail-Sicherheit: Hilfe gegen DKIM-Schwäche ***
---------------------------------------------
Lange und wechselnde Schlüssel mit Verfallsdatum sowie der nötige Nachdruck beim E-Mail-Provider helfen laut der Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) gegen die kürzlich bekannt gewordene Lücke bei DKIM, der Authentizitäts-Sicherung von E-Mail-Absendern.
---------------------------------------------
http://www.heise.de/security/meldung/E-Mail-Sicherheit-Hilfe-gegen-DKIM-Sch…
*** Sicherheitslücke im TOR-Client ***
---------------------------------------------
Wie Code-Experte Andrey Karpov bei einer Analyse des TOR-Quellcodes herausfand, verwendet die Anonymisierungssoftware eine Funktion namens memset() zum Löschen von Cache-Daten, welche nicht von allen Compilern unterstützt wird. Das kann unter Umständen dazu führen, dass der TOR-Client vertrauliche Daten wie etwa Passwörter im Speicher zurück lässt, wenn er beendet wird.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-im-TOR-Client-174652…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 06-11-2012 18:00 − Mittwoch 07-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Nachfolger für RFC-Ignorant.Org in Sicht ***
---------------------------------------------
Der Datenbestand der im Oktober außer Betrieb gegangenen Anti-Spam-Blacklist RFC-Ignorant.Org wird unter RFC-Ignorant.de bei einem neuen Hoster weitergepflegt.
---------------------------------------------
http://www.heise.de/security/meldung/Nachfolger-fuer-RFC-Ignorant-Org-in-Si…
*** Epic FAIL: Anonymous didnt hack PayPal, managed to frighten Oz hippies ***
---------------------------------------------
#OpNov5 pyrotechnics disappear in puff of smoke The smoke has cleared from Anonymouss Bonfire Night hacking spree with a denial from PayPal that it had been hacked. The payments-processing firm appeared to have been highest profile target of the hacking spree, but apparently this was an error caused by the tweeting and retweeting of an erroneous post by a cyber security blogger.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/06/anon_opnov5…
*** Adobe Ships Election Day Security Update for Flash ***
---------------------------------------------
Adobe has released a critical security update for its Flash Player and Adobe AIR software that fixes at least seven dangerous vulnerabilities in these products. Updates are available for Windows, Mac, Linux and Android systems.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/czXcgBruHcM/
*** Volunteering falls short on threat information sharing ***
---------------------------------------------
"Critical infrastructure security apparently has its own version of Dont Ask, Dont Tell, despite calls in the public and private sector for better information sharing. And this one goes both ways. The private sector is not telling the government about its vulnerabilities, and government is also keeping threat and vulnerability information from the private sector...."
---------------------------------------------
http://www.csoonline.com/article/720881/volunteering-falls-short-on-threat-…
*** [remote] - EMC Networker Format String ***
---------------------------------------------
EMC Networker Format String
---------------------------------------------
http://www.exploit-db.com/exploits/22525
*** Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability ***
---------------------------------------------
Cisco Secure Access Control System TACACS+ Authentication Bypass
Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue ***
---------------------------------------------
Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2)
Virtual Security Gateway Bypass Issue
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-…
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 05-11-2012 18:00 − Dienstag 06-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56036
*** Vuln: Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56041
*** Vuln: Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56017
*** European Smart Grid Cyber and SCADA Security ***
---------------------------------------------
"Event Name : European Smart Grid Cyber and SCADA SecurityEvent Date : March 11-12, 2013Location : London, United KingdomWebsite : www. smi-online. co. uk/2013cybergrids2...."
---------------------------------------------
http://www.ecoseed.org/more/events/15779-european-smart-grid-cyber-and-scad…
*** [dos] - Adobe Reader 11.0.0 Stack Overflow Crash PoC ***
---------------------------------------------
Adobe Reader 11.0.0 Stack Overflow Crash PoC
---------------------------------------------
http://www.exploit-db.com/exploits/22464
*** Possible Fake-AV Ads from Doubleclick Servers, (Mon, Nov 5th) ***
---------------------------------------------
Reader James ran into a Fake AV ad delivered by Double click. It is not clear if this is the result of a compromise of double click, or a paid ad that slipped through doubleclicks content review process. James started out at a local new paper web site, that like many others features ads served by double click. Luckily, James used a proxy tool (Fiddler) to record the session. Here are some of the excerpts (slightly anonymized and spaces inserted to avoid accidental clicks): GET [...]
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14455&rss
*** Vuln: Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability ***
---------------------------------------------
Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56399
*** Apache Tomcat 6.x / 7.x Denial Of Service ***
---------------------------------------------
Topic: Apache Tomcat 6.x / 7.x Denial Of Service Risk: Medium Text:CVE-2012-2733 Apache Tomcat Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affe...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zhdqQvlbO2c/WLB-20…
*** Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses ***
---------------------------------------------
Topic: Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses Risk: Medium Text:CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses Severity: Moderate Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Suq__thlFNM/WLB-20…
*** Java - Sicherheitsexperte schließt Java-Lücke auf eigene Faust ***
---------------------------------------------
Oracle vertröstet auf Patchday im Februar
---------------------------------------------
http://text.derstandard.at/1350259245198/Sicherheitsexperte-schliesst-Java-…
*** Bugtraq: multiple critical vulnerabilities in sophos products ***
---------------------------------------------
multiple critical vulnerabilities in sophos products
---------------------------------------------
http://www.securityfocus.com/archive/1/524641
*** Bugtraq: Wisecracker 1.0 - A high performance distributed cryptanalysis framework ***
---------------------------------------------
Wisecracker 1.0 - A high performance distributed cryptanalysis framework
---------------------------------------------
http://www.securityfocus.com/archive/1/524640
*** [dos] - Internet Explorer 9 Memory Corruption Crash PoC ***
---------------------------------------------
Internet Explorer 9 Memory Corruption Crash PoC
---------------------------------------------
http://www.exploit-db.com/exploits/22401
*** Bugtraq: [security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure ***
---------------------------------------------
[security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure...
---------------------------------------------
http://www.securityfocus.com/archive/1/524644
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 02-11-2012 18:00 − Montag 05-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Studie: Informationen trotz SSL-Verschlüsselung nicht sicher ***
---------------------------------------------
Mit einer seit Jahren bekannten Angriffstechnik kann man die SSL-Verschlüsselung im Browser austricksen. Wie eine Untersuchung zeigt, setzt kaum jemand den ebenfalls bekannten Schutzmechanismus ein. Auch unterstützen diesen nicht alle aktuellen Browser.
---------------------------------------------
http://www.heise.de/security/meldung/Studie-Informationen-trotz-SSL-Verschl…
*** VUPEN Researchers Say They Have Zero-Day Windows 8 Exploit ***
---------------------------------------------
"Controversial bug hunters and exploit sellers VUPEN claimed to have cracked the low-level security enhancements featured in Windows 8, Microsofts latest operating system. VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled...."
---------------------------------------------
http://threatpost.com/en_us/blogs/vupen-researchers-say-they-have-zero-day-…
*** Deep Inside a DNS Amplification DDoS Attack ***
---------------------------------------------
"A few weeks ago I wrote about DNS Amplification Attacks. These attacks are some of the largest, as measured by the number of Gigabits per second (Gbps), that we see directed toward our network. For the last three weeks, one persistent attacker has been sending at least 20Gbps twenty-four hours a day as an attack against one of our customers...."
---------------------------------------------
http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack
*** How Georgia doxed a Russian hacker (and why it matters) ***
---------------------------------------------
"On October 24, the country of Georgia took an unusual step: it posted to the Web a 27-page writeup (PDF), in English, on how it has been under assault from a hacker allegedly based in Russia. The paper included details of the malware used, how it spread, and how it was controlled. Even more unusually, the Georgians released pictures of the alleged hackertaken with his own webcam after the Georgians hacked the hacker with the help of the FBI and others...."
---------------------------------------------
http://arstechnica.com/tech-policy/2012/11/how-georgia-doxed-a-russian-hack…
*** Firefox gets strict about enforcement of HTTPS protection ***
---------------------------------------------
"Developers of Mozillas Firefox browser are experimenting with a new security feature that connects to a specified set of websites only when presented with a cryptographic certificate validating the connection is secure. A beta version of the open-source browser contains a list of sites known to deploy the HTTP Strict Transport Security mechanism that requires a browser to use the secure sockets layer or transport layer security protocols when communicating. HSTS is designed to provide an...
---------------------------------------------
http://arstechnica.com/security/2012/11/firefox-gets-strict-about-enforceme…
*** Android Modding for the Security Practitioner ***
---------------------------------------------
"After getting involved in the Android rooting scene, I observed that there is a disconnect between the community interested in "modding" (modifying) their devices and those looking at Android from a security practitioners perspective. In this talk, I will provide technical details on many key concepts in the modding world, including rooting, locked/unlocked bootloaders, S-ON/S-OFF, fastboot, ROM flashing, and various other techniques. Well look at real examples of...
---------------------------------------------
http://www.securitytube.net/video/6080
*** Anonymous ransomware - but who is hiding behind this malwares mask? ***
---------------------------------------------
"Heres an interesting twist of the Reveton/FBI/police ransomware that has been plaguing internet users lately. In this example, the malware that locks you out of your data, and demands 100 be paid via Ukash to gain access back to your files, claims to be from the Anonymous hacktivist group. Of course, just as when ransomware victims see demands from cash on their computer seemingly coming from the police, they should be equally dubious about whether this particular attack originated from...
---------------------------------------------
http://nakedsecurity.sophos.com/2012/11/02/anonymous-ransomware/
*** Shopping The Russian Cybercrime Underground ***
---------------------------------------------
"If you werent already convinced that the Russian cybercrime underground is now a vast, sophisticated, high-volume market, consider this: there are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits, according to a new report...."
---------------------------------------------
http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabi…
*** In Pictures: 20 notorious worms, viruses and botnets ***
---------------------------------------------
"The earliest worms and viruses were created for geeky fun and did little harm - oh, how times have changed. Here are 20 worms, viruses and botnets that show the evolution of malware, from Creeper to Flame. CreeperThe first real computer virus, Creeper was released "in lab" in 1971 by an employee of a company working on building ARPANET, the Internets ancestor, according to Guillaume Lovet, Senior Director, FortiGuard Labs...."
---------------------------------------------
http://www.computerworld.com.au/slideshow/440948/pictures_20_notorious_worm…
*** Searching for Silver Bullets In SCADA and ICS Environments ***
---------------------------------------------
"With Halloween past us, theres an excess of sugar in our blood, and remnant imaginings of monsters under the bed. So perhaps thats why when the topic of silver bullet security recently came up, my mind immediately went to Werewolves. The term was used, as it often is, in a discussion about Application Whitelistingthe industrial automation industrys rightful poster child for endpoint security...."
---------------------------------------------
http://www.securityweek.com/searching-silver-bullets-scada-and-ics-environm…
*** Vuln: Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability ***
---------------------------------------------
Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54395
*** ZPanel <= 10.0.1 CSRF, XSS, SQLi, Password Reset ***
---------------------------------------------
Topic: ZPanel
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/cET4kw8gtsc/WLB-20…
*** Anonymous am Werk? Symantec, ImageShack, Paypal und VMWare gehackt ***
---------------------------------------------
Eine Hackergruppe will zum zweiten Mal den Bilder-Upload-Dienst ImageShack gehackt haben und auch das Sicherheits-Unternehmen Symantec soll ihnen zum Opfer gefallen sein. Der Schaden bei ImageShack soll sich auf die Preisgabe aller vorhandenen, auch als privat eingestuften, Bilder belaufen. Von Symantec sollen nun unter anderem alle Mitarbeiter-E-Mailadressen öffentlich sein. Außerdem haben die Hacker eine Lücke für die OpenSource-Software ZPanel veröffentlicht. Obendrein stellt Anonymous den Kernel von...
---------------------------------------------
http://www.heise.de/security/meldung/Anonymous-am-Werk-Symantec-ImageShack-…
*** Bugtraq: Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client ***
---------------------------------------------
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
---------------------------------------------
http://www.securityfocus.com/archive/1/524621
*** New Blackhole Targets Mobile Banking Services ***
---------------------------------------------
"According to a report published by antivirus software developer AVG, there is a significant growth in malicious software and malicious ads with hidden malware behind images posed on social media. The report revealed details about the newly released 2. 0 version of Blackhole Exploit Toolkit that targets mobile banking services...."
---------------------------------------------
http://www.technologybanker.com/security-risk-management/new-blackhole-targ…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 31-10-2012 18:10 − Freitag 02-11-2012 18:10
Handler: Robert Waldner
Co-Handler: Otmar Lendl
*** Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities ***
---------------------------------------------
Topic: Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities Risk: Low Text:Advisory: Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-014 Author: Stefan Schurtz ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/kE0J4Z10zwA/WLB-20…
*** [webapps] - Wordpress bbpress Plugin Multiple Vulnerabilities ***
---------------------------------------------
Wordpress bbpress Plugin Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/22396
*** How to Fight New Gozi Banking Trojan - Crimeware Exploits Basic Authentication Used in U.S. ***
---------------------------------------------
"Fighting the new Trojan aimed at U.S. banks will require multiple measures, says RSA researcher Mor Ahuvia. Gozi Prinimalka is different, and institutions have to be mindful of its characteristics. Ahuvia, a cybercrime communications specialist for RSA FraudAction, says a new Trojan identified by RSA in early October will pose one of the greatest fraud threats U.S. banking institutions have ever seen...."
---------------------------------------------
http://www.bankinfosecurity.com/how-to-fight-new-gozi-banking-trojan-a-5256…
*** Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing ***
---------------------------------------------
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing
---------------------------------------------
http://www.securityfocus.com/archive/1/524565
*** New Hacker Weapon Surfaces ***
---------------------------------------------
"A High Orbit Ion Cannon (HOIC) could just broaden the possibilities for attackers of all skill sets. The High Orbit Ion Cannon is a dangerous free-to-download, open-source program that can turn any user of any skill level into a powerful hacker, at least in terms of one form of attack, a distributed denial-of-service (DDoS). It is extremely easy to use...."
---------------------------------------------
http://www.isssource.com/new-hacker-weapon-surfaces/
*** Costs of tools and activities in the Russian cybercriminal underground ***
---------------------------------------------
"A new Trend Micro research paper describes a broad offering of tools and activities that can be bought and sold on underground forum shopping sites. It examines the prices charged for various types of services, while also providing examples of information shared among cybercriminals. In examining two dozen basic and fundamental tools and technologies that cybercriminals create and use to enhance their business, researchers also assess the top-ten ranked malicious activities and
---------------------------------------------
http://www.net-security.org/secworld.php?id=13884
*** One year after DigiNotar breach, Fox-IT details extent of compromise ***
---------------------------------------------
"The 2011 security breach at Dutch certificate authority (CA) DigiNotar resulted in an extensive compromise and was facilitated in part by shortcomings in the companys network segmentation and firewall configuration, according to Fox-IT, the security company contracted by the Dutch government to investigate the incident."The DigiNotar network was divided into 24 different internal network segments," Fox-IT said in its final investigation report, published earlier this week by the
---------------------------------------------
http://www.computerworld.com/s/article/9233138/One_year_after_DigiNotar_bre…
*** Joe Weiss 2012 ICS Security Conference Highlights ***
---------------------------------------------
"The twelfth ICS Security has come and gone, and it sounds from the tone of Joes write-up that whatever progress theres been to date in awareness and/or improved capabilities has been frustratingly slow and incremental. After twelve years, I guess we can call that a trend. Nevertheless, the best parts often seem to involve drama related to actual events in the field...."
---------------------------------------------
http://smartgridsecurity.blogspot.nl/2012/11/joe-weiss-2012-ics-security-co…
*** Windows 8 exploit combining several 0-days already up for sale ***
---------------------------------------------
"Less that a week after Microsoft released is long awaited Windows 8, with new and improved security features, French bug hunters VUPEN Security have announced that they have created an exploit for the new OS version that takes advantage of several zero-day flaws:In the light of this discovery, the tweet that VUPEN CEO and head researcher Chaouki Bekrar posted upon the OSs release seems almost to mock Microsofts efforts. The company, which has become well known in security circles
---------------------------------------------
http://www.net-security.org/secworld.php?id=13890
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 30-10-2012 18:00 − Mittwoch 31-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Citrix XenServer 6.0.2 Privilege Escalation ***
---------------------------------------------
Topic: Citrix XenServer 6.0.2 Privilege Escalation Risk: Medium Text: ADVISORY = Systems Affected: Citrix XenServer 5.0 through 6.0.2 Severity: High Ca...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/wk0udMQ2Uz4/WLB-20…
*** THOMAS: Cyber security for the home ***
---------------------------------------------
"When we think about cyber security we usually think about big businesses or government agencies, but securing your computers and information is important in your home, too. Hackers and thieves have a number of reasons to break into your computer, but the most common are to steal the information stored there and to use the resources of your computer to do their bidding. One of the things a hacker wants from your computer is information...."
---------------------------------------------
http://www.nctimes.com/news/local/columnists/thomas/thomas-cyber-security-f…
*** Trojaner-Schnäppchen mit Windows-8-Unterstützung ***
---------------------------------------------
Während einige Antivirenhersteller mit Microsofts neuestem Betriebssystem noch Probleme haben, ist die Cybercrime-Community schon voll auf den Windows-8-Zug aufgesprungen. So wird etwa auf einer bei Google gehosteten Site für 40 Euro ein bereits Windows-8-kompatibles "Remote Administration Tool" namens Xtreme RAT angeboten kostenlose Updates inklusive.
---------------------------------------------
http://www.heise.de/security/meldung/Trojaner-Schnaeppchen-mit-Windows-8-Un…
*** VM-aware viruses on the rise ***
---------------------------------------------
"Viruses targeting virtual machines (VM) are growing in numbers and will soon be the dominant force in the world of cyber crime. Speaking at this weeks SNW Europe conference in Frankfurt, Joe Llewelyn, head of global sales training at Kaspersky Lab, warned of the increase and the trouble they could cause. A lot of the viruses we are now seeing are virtual machine aware, meaning they will work out if they are running on a VM, he said...."
---------------------------------------------
http://www.computerweekly.com/news/2240169662/VM-aware-viruses-on-the-rise?…
*** Linux: Patch für den Ext4-Bug ***
---------------------------------------------
Die Ursache des vor einer Woche aufgefallenen Bugs im Linux-Dateisystem Ext4 ist gefunden. Ext4-Chefentwickler Ted Ts'o hat einen wenige Zeilen langen Patch geschrieben und zur Aufnahme in den Kernel 3.7 bereitgestellt.
---------------------------------------------
http://www.heise.de/open/meldung/Patch-fuer-den-Ext4-Bug-1740840.html/from/…
*** Kritische Lücken in Plone und Zope ***
---------------------------------------------
Die Plone Foundation warnt vor kritischen Sicherheitslücken in ihrem Open-Source-CMS Plone. Auch das Python-basierten Web-Framework Zope ist verwundbar. Betroffen sind jeweils alle Versionen einschließlich der aktuellen. Durch die Schwachstellen kann ein Angreifer schlimmstenfalls die Kontrolle über den Server übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Kritische-Luecken-in-Plone-und-Zope-17…
*** Sicherheitslücke in Yahoos JavaScript-Framework YUI 2 ***
---------------------------------------------
In einem Blog-Beitrag weist //www.yahoo.com:Yahoo auf eine Sicherheitslücke in seiner freien JavaScript-Bibliothek YUI 2 hin. Eine nähere Beschreibung des Bugs gibt es nicht, er betrifft zudem nur Anwender, die den Quellcode des Frameworks selbst bereitstellen: In der von Yahoos Content Delivery Network ausgelieferten Version ist er beseitigt.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-in-Yahoos-JavaScript…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 29-10-2012 18:00 − Dienstag 30-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** ICS-CERT warnt vor Angriffen auf industrielle Steuerungssysteme ***
---------------------------------------------
Die Attacken auf industrielle Steuerungssysteme nehmen zu. Das Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) hat dazu eine Warnung herausgegeben, die vom Bundesamt für Sicherheit und Informationstechnik (BSI) unterstützt wird. Spezielle Tools und Suchmaschinen erleichtern auch unerfahrenen Angreifern die Attacken auf Maschinen und Geräte, die Relevanz für die Infrastruktur, wie etwa die Stromnetze, haben.
---------------------------------------------
http://www.heise.de/security/meldung/ICS-CERT-warnt-vor-Angriffen-auf-indus…
*** Legacy Applications a Threat to Windows 8 Security ***
---------------------------------------------
"The security features of Windows 8 are among the more highly touted aspects of the new operating system. However, theyre not worth much if users can bypass them, and thats exactly what Bitdefenders Alex Balan said could happen to users who hang on to pre-Windows 8 applications. Since they run outside the secure interface, theyre more vulnerable...."
---------------------------------------------
http://www.technewsworld.com/story/76499.html
*** Critical error in CoDeSys runtime of SCADA systems ***
---------------------------------------------
"Ron Wightman discovered vulnerability in the CoDeSys runtime during Project Basecamp, where industrial security guards come together. The problem is that according Wightman attackers by security hole in CoDeSys control PLCs can get into the industrial systems and critical infrastructures which it is mounted. An attacker must already have access to the network...."
---------------------------------------------
http://www.automatiseringgids.nl/nieuws/2012/44/kritieke-fout-in-codesys-ru…
*** Falsche Fährten für Schnüffel-Apps ***
---------------------------------------------
Eine modifizierte Version des Android-Betriebssystems füttert Apps, die Daten auslesen, mit extra fehlerhaften Informationen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Falsche-Faehrten-fuer-Schnueffel-App…
*** Bugtraq: [security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities ***
---------------------------------------------
[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524541
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 25-10-2012 18:00 − Montag 29-10-2012 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Realplayer Watchfolders long Filepath Overflow ***
---------------------------------------------
Topic: Realplayer Watchfolders long Filepath Overflow Risk: High Text:Realplayer Watchfolders Long Filepath Overflow by Joseph Sheridan Summary Realplayer version 15.0.5.109 is vulnerable to ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/dOv6-0tUVh8/WLB-20…
*** Detecting Advanced Persistent Threat with Network Traffic Analysis ***
---------------------------------------------
"A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached. Todays successful targeted attacks use a combination of social engineering, malware, and backdoor activities...."
---------------------------------------------
http://thehackernews.com/2012/10/detecting-advanced-persistent-threat.html#…
*** [dos] - Microsoft Office Publisher 2010 Crash PoC ***
---------------------------------------------
Microsoft Office Publisher 2010 Crash PoC
---------------------------------------------
http://www.exploit-db.com/exploits/22310
*** [dos] - Microsoft Windows Help program (WinHlp32.exe) Crash PoC ***
---------------------------------------------
Microsoft Windows Help program (WinHlp32.exe) Crash PoC
---------------------------------------------
http://www.exploit-db.com/exploits/22303
*** Another systematic SCADA vuln ***
---------------------------------------------
"If its Monday, it must be time for a new SCADA vulnerability: this time, arising through the combination of a popular development environment and bad developer habits. Described in full by Digital Bond researcher Reid Wightman here, as many as 261 manufacturers and heaven-knows-how-many deployed systems may have created insecure systems using the software. The software in question is CoDeSys, from German company S3...."
---------------------------------------------
http://www.theregister.co.uk/2012/10/28/codesys_vulnerability/
*** Vuln: Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities ***
---------------------------------------------
Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56103
*** Schädling versteckt sich hinter der Maus ***
---------------------------------------------
xhtml
---------------------------------------------
http://www.heise.de/security/meldung/Schaedling-versteckt-sich-hinter-der-M…
*** Bugtraq: [SECURITY] [DSA 2567-1] request-tracker3.8 security update ***
---------------------------------------------
[SECURITY] [DSA 2567-1] request-tracker3.8 security update
---------------------------------------------
http://www.securityfocus.com/archive/1/524528
*** Steuerungssysteme mit Hintertür ***
---------------------------------------------
Die Programmiersoftware CoDeSys des deutschen Herstellers 3 S-Smart Software Solutions kann aus der Ferne ohne Authentifizierung manipuliert werden. Die Software wird für die digitale Steuerung von Maschinen und Anlagen von 261 Geräteherstellern genutzt. Damit verwenden "Tausende von Endanwendern aus dem Maschinen- und Anlagenbau und weiteren Industriezweigen CoDeSys", wie 3 S-Smart auf ihrer Internetseite angibt. Zu den Firmen, die CoDeSys nutzen, gehören unter anderem Unternehmen im Energie-, Militär- und Navigationsbereich. Entdeckt hat die Sicherheitslücke Reid Wightman, Sicherheits-Berater bei digital bond.
---------------------------------------------
http://www.heise.de/security/meldung/Steuerungssysteme-mit-Hintertuer-17384…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 24-10-2012 18:00 − Donnerstag 25-10-2012 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Bugtraq: VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability ***
---------------------------------------------
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524507
*** Bugtraq: VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability ***
---------------------------------------------
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524506
*** Bugtraq: [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin ***
---------------------------------------------
[waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin
---------------------------------------------
http://www.securityfocus.com/archive/1/524509
*** Microsoft Office Word 2010 Stack Exhaustion ***
---------------------------------------------
Topic: Microsoft Office Word 2010 Stack Exhaustion Risk: Low Text:Title : Microsoft Office Word 2010 Stack Overflow Version : Microsoft Office professional Plus 2010 Date : 2012...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/nm8w9gqy73w/WLB-20…
*** National and International Cyber Security Exercises: Survey, Analysis & Recommendations ***
---------------------------------------------
"Cyber exercises are an important tool to assess the preparedness of a community against cyber crises, technology failures and critical information infrastructure incidents. ENISA supports the stakeholders involved in EU cyber exercises. This report aims to support European and international bodies involved in cyber exercises with lessons learned about cyber exercises and recommendations for the future...."
---------------------------------------------
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-coop…
*** Researcher to demonstrate feature-rich malware that works as a browser extension ***
---------------------------------------------
"Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more. Balazs, who works as an IT security consultant for professional services firm Deloitte in Hungary, created the proof-of-concept malware in order to raise awareness about the security
---------------------------------------------
http://www.computerworld.com/s/article/9232848/Researcher_to_demonstrate_fe…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 23-10-2012 18:00 − Mittwoch 24-10-2012 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** Apple QuickTime 7.7.2(1680.56) Division By Zero ***
---------------------------------------------
Topic: Apple QuickTime 7.7.2(1680.56) Division By Zero Risk: Low Text:#Title : Apple QuickTime Player suffers from Division By Zero #Version : 7.7.2(1680.56) #Date : 2012-10-23 #Ve...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/0bLOTA2eMtQ/WLB-20…
*** Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801, (Wed, Oct 24th) ***
---------------------------------------------
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14365&rss
*** The NetSA group at CERT has developed and maintains a suite of open source tools ***
---------------------------------------------
"The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of the work of the AirCERT project, the SiLK project and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform...."
---------------------------------------------
http://tools.netsa.cert.org/
*** Bugtraq: [security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information ***
---------------------------------------------
[security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information
---------------------------------------------
http://www.securityfocus.com/archive/1/524496
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 22-10-2012 18:00 − Dienstag 23-10-2012 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
*** CyanogenMod protokolliert Sperrmuster ***
---------------------------------------------
Die Android-Firmware CyanogenMod protokolliert offenbar die zur Entsperrung des Smartphones verwendeten Wischmuster mit. Das hat ein Entwickler bemerkt und mit einem Mini-Patch abgestellt. CyanogenMod ist eine herstellerunabhängige Firmware für Android-Smartphones.
---------------------------------------------
http://www.heise.de/security/meldung/CyanogenMod-protokolliert-Sperrmuster-…
*** Google Drive öffnet Hintertür zum Google-Account ***
---------------------------------------------
Der Windows-Client von Googles Dropbox-Alternative Drive öffnet eine Hintertür in den Google-Account, durch die sich neugierige Mitmenschen unter Umständen Zugriff auf Mails, Kontakte und Termine des Drive-Nutzers verschaffen können.
---------------------------------------------
http://www.heise.de/security/meldung/Google-Drive-oeffnet-Hintertuer-zum-Go…
*** Trend Micro Report for Q3, 2012: Zero-Days, Mobile Malware and Phishing ***
---------------------------------------------
"Security firm Trend Micro has released its Security Roundup Report for the third quarter of 2012. The figures highlight the fact that the number of malicious elements designed to target Android devices has increased from 30,000 (in June) to almost 175,000 (in September). While some of them are designed to inflate phone bills and fill the crooks pockets, others pose a privacy threat...."
---------------------------------------------
http://news.softpedia.com/news/Trend-Micro-Report-for-Q3-2012-Zero-Days-Mob…
*** ENISA Midpoint Report: First European Cyber Security Month Is a Success ***
---------------------------------------------
"The European Network and Information Security Agency (ENISA) has released a midpoint report on the first European Cyber Security Month (ECSM) and the figures are highly encouraging. The campaign has already reached close to 2 million users on Facebook and judging by the upcoming events, it will reach a lot more in the following period. Hundreds of professionals and thousands of regular Internet users have already taken part in events hosted by Portugal, Spain, Norway, Luxemburg and
---------------------------------------------
http://news.softpedia.com/news/ENISA-Midpoint-Report-First-European-Cyber-S…
*** Vuln: Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability ***
---------------------------------------------
Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56113
*** Joomla SQLReport Password Disclosure ***
---------------------------------------------
Topic: Joomla SQLReport Password Disclosure Risk: Medium Text:Title:Password Disclosure Vulnerability Author:AsSerT && MetAiZM Vendor:Joomla Dork:inurl:com_sqlreport Disclosure: http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/L88Vk3uNWlw/WLB-20…
*** Solar-power system flaws shine light on Smart Grid threats ***
---------------------------------------------
"The Homeland Security Department has issued an alert about vulnerabilities in a control system for solar electric systems that could allow unauthorized users to access to the system and execute malicious code. The equipment is sold by the Italian systems integrator Sinapsi, and although a proof-of-concept exploit has been published, no exploits have yet been reported in the wild. The alert is a reminder of the need to incorporate security into increasingly complex and interactive power
---------------------------------------------
http://gcn.com/blogs/cybereye/2012/10/solar-system-flaws-smart-grid-threats…
*** Adobe schließt kritische Shockwave-Lücken ***
---------------------------------------------
Adobe schließt mit der Shockwave-Version 11.6.8.638 für Windows und Mac OS X zahlreiche kritische Lücken, durch die ein Angreifer potenziell Schadcode ins System schleusen kann. Insgesamt sind den Schwachstellen sechs CVE-Nummern zugeordnet. Es handelt sich vor allem um Pufferüberläufe.
---------------------------------------------
http://www.heise.de/security/meldung/Adobe-schliesst-kritische-Shockwave-Lu…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 19-10-2012 18:00 − Montag 22-10-2012 18:00
Handler: Robert Waldner
Co-Handler: Christian Wojner
*** Dutch government seeks to let law enforcement hack foreign computers ***
---------------------------------------------
"The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations. In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the governments plan to draft a bill in upcoming months that would provide law enforcement authorities with new
---------------------------------------------
http://www.cio.com.au/article/439620/dutch_government_seeks_let_law_enforce…
*** Joomla Commedia 3.1 SQL Injection ***
---------------------------------------------
Topic: Joomla Commedia 3.1 SQL Injection Risk: Medium Text: Exploit Title: Joomla commedia Remote Exploit dork: inurl:index.php?option=com_commedia Date: [18-10-2012] Autho...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ixjlWHyPfk0/WLB-20…
*** F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection ***
---------------------------------------------
Topic: F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection Risk: Low Text:1. OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides se...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/jehSXRUk280/WLB-20…
*** WordPress Wordfence Security XSS and IAA vulnerabilities ***
---------------------------------------------
Topic: WordPress Wordfence Security XSS and IAA vulnerabilities Risk: Low Text:I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for Word...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ixOVIlVAzxA/WLB-20…
*** Joomla Tag SQL Injection ***
---------------------------------------------
Topic: Joomla Tag SQL Injection Risk: Medium Text: Exploit Title: Joomla tag Remote Sql Exploit dork: inurl:index.php?option=com_tag Date: [18-10-2012] Author: Dan...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/t2QhRZO4mj0/WLB-20…
*** Joomla Freestyle Support 1.9 SQL Injection ***
---------------------------------------------
Topic: Joomla Freestyle Support 1.9 SQL Injection Risk: Medium Text: Exploit Title: Joomla Freestyle Support com_fss sqli Dork: N/A Date: [17-10-2012] Author: Daniel Barragan "D4NB4...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/BL5miMrFF0w/WLB-20…
*** Internet Explorer 9 XSS Filter Bypass ***
---------------------------------------------
Topic: Internet Explorer 9 XSS Filter Bypass Risk: Low Text: # Internet Explorer 9 XSS Filter Bypass # Discovered by: Jean Pascal Pereira
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/0YxVKyCrmJU/WLB-20…
*** US government cyber attack warnings are hypocritical, claims F-Secure chief ***
---------------------------------------------
"Renowned security expert Mikko Hypponen has publicly given the US government a tongue lashing by claiming its warnings on cyber attacks are hypocritical. The F-Secure security chief criticised the US Defense Secretary Leon Panetta for saying that the country is on the cusp of experiencing a "cyber Pearl Harbor" in a speech last week. Panetta had claimed that the US government and critical infrastructure businesses are currently being besieged by state sponsored hackers with
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2218614/us-government-cyber-attack-warnings-…
*** Billabong hacked, threats of mass data leaks from @GoatseSec ***
---------------------------------------------
One of the worlds largest surfing based brands has come under the eye of hackers after they gained access to its database via a exploitable wordpress installation.
---------------------------------------------
http://www.cyberwarnews.info/2012/10/21/billabong-hacked-threats-of-mass-da…
*** Adobe reader 10.1.4 memory corruption ***
---------------------------------------------
Topic: Adobe reader 10.1.4 memory corruption Risk: High Text:#!/usr/bin/perl #Title : Adobe reader 10.1.4 memory corruption #Version : 10.1.4.38 #Date : 2012-10-12 #Vendor ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/qrIZMwM6M7g/WLB-20…
*** cpanel 11.32.5 (build 11) 11.32.5.11 CSRF ***
---------------------------------------------
Topic: cpanel 11.32.5 (build 11) 11.32.5.11 CSRF Risk: Low Text: = Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ] Vulnerability: CSRF Vendor: cpanel....
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/CNVJqOmG7OI/WLB-20…
*** Service Sells Access to Fortune 500 Firms ***
---------------------------------------------
An increasing number of services offered in the cybercrime underground allow miscreants to purchase access to hacked computers at specific organizations. For just a few dollars, these services offer the ability to buy your way inside of Fortune 500 company networks.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/3T5OQmyiwT4/
*** Movable Type Pro 5.13en Cross Site Scripting ***
---------------------------------------------
Topic: Movable Type Pro 5.13en Cross Site Scripting Risk: Low Text:Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure In...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/UKDndJWwGNA/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 18-10-2012 18:00 − Freitag 19-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Download the report from FireEye, now. ***
---------------------------------------------
"Learn how to protect your organization from the most dangerous cyber attacks by discovering the tactics used in successful attacks. In a unique report from FireEye, youll get first-hand information from the FireEye Malware Intelligence Labs, which analyzes data from Malware Protection Systems (MPS) deployed behind existing security defenses. Youll benefit from gaining visibility into the most lethal attacks of the year, and discovering how they successfully evaded traditional
---------------------------------------------
http://www2.fireeye.com/FierceCIO_Advanced_Threat_LP.html
*** Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide, (Thu, Oct 18th) ***
---------------------------------------------
Many vendors have security hardening guides - step-by-step guides to increasing the security posture of one product or another. We alluded to the Cisco guides earlier this month (Day 11), Microsoft also makes a decent set of hardening guides for Windows server and workstation products, as do most Linux distros - youll find that most vendors have documents of this type. VMwares vSphere hardening guide is one I use frequently. Its seen several iterations over the years - the versions considered
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14341&rss
*** Apple banishes Java from Mac browsers ***
---------------------------------------------
Fanbois told to install Oracles plugin Apple has discontinued its own Java plugin, issuing an update that removes it from MacOS and encourages users to instead download Oracles version of the software.�
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/19/apple_banis…
*** Dont secure the internet, it needs crime: Diffie ***
---------------------------------------------
"While many people see securing the internet as a means to stopping cybercrime, former vice president for information security and cryptography at the Internet Corporation for Assigned Names and Numbers (ICANN) Whitfield Diffie thinks that internet crime may be necessary. Diffie, who spoke at the Australian Information Security Associations National Conference 2012 in Sydney this week, is better known for his contribution to the cryptography community by devising with Martin Hellman and
---------------------------------------------
http://www.zdnet.com/dont-secure-the-internet-it-needs-crime-diffie-7000005…
*** Palo Alto Networks GlobalProtect Man-In-The-Middle ***
---------------------------------------------
Topic: Palo Alto Networks GlobalProtect Man-In-The-Middle Risk: Low Text: SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect Prob...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/SD1xHp0GFaM/WLB-20…
*** RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution ***
---------------------------------------------
Topic: RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Risk: High Text:Title : RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Version : 15.0.6.14 Date : 2012-10-18 Vendor : ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ZE9qMdPQl-Q/WLB-20…
*** Vuln: Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities ***
---------------------------------------------
Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56116
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 17-10-2012 18:00 − Donnerstag 18-10-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Oracle Leaves Fix for Java SE Zero Day Until February Patch Update ***
---------------------------------------------
"Oracle will not patch a critical sandbox escape vulnerability in Java SE versions 5, 6 and 7 until its February Critical Patch Update, according to the researcher who discovered the flaw. Adam Gowdiak of Polish security firm Security Explorations told Threatpost via email that Oracle said it was deep into testing of another Java patch for the October CPU released yesterday and that it was too late to include the sandbox fix. Gowdiak said he plans to present technical details on the flaw...
---------------------------------------------
http://threatpost.com/en_us/blogs/oracle-leaves-fix-java-se-zero-day-until-…
*** Vuln: Oracle Database Authentication Protocol CVE-2012-3137 Security Bypass Vulnerability ***
---------------------------------------------
Oracle Database Authentication Protocol CVE-2012-3137 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55651
*** High bandwidth DDoS attacks are now common, researcher says ***
---------------------------------------------
"Distributed denial-of-service (DDoS) attacks with an average bandwidth of over 20Gbps have become commonplace this year, according to researchers from from DDoS mitigation vendor Prolexic. Last year such high-bandwidth attacks were isolated incidents, but attacks that exceed 20Gbps in bandwidth occur frequently now, Prolexics president Stuart Scholly said Tuesday. This is significant because very few companies or organizations have the necessary network infrastructure to deal with...
---------------------------------------------
http://www.computerworld.com/s/article/9232487/High_bandwidth_DDoS_attacks_…
*** ModSecurity 2.6.8 multipart/invalid part ruleset bypass ***
---------------------------------------------
Topic: ModSecurity 2.6.8 multipart/invalid part ruleset bypass Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory == title: ModSecurity mul...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/5KOdJs9aZmg/WLB-20…
*** One year on, SSL servers STILL cower before the BEAST ***
---------------------------------------------
70% of sites still vulnerable to cookie monster The latest monthly survey by the SSL Labs project has discovered that many SSL sites remain vulnerable to the BEAST attack, more than a year after the underlying vulnerability was demonstrated by security researchers.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/18/ssl_securit…
*** Four horsemen posse: This here security town needs a new sheriff ***
---------------------------------------------
Body which issues CISSP tin stars set for shakeup? As the overpriced beers flowed and dusk approached in central London pubs surrounding the venue of RSA Europe last week, talk often turned towards the (ISC)2 security certification body.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/18/isc2_electi…
*** A New Cybersecurity Technique - Signature-based communications blockage for control systems ***
---------------------------------------------
"This is a brief look at a new product capability reported by Tofino Security that may allow some ICS owners to avoid at least part of their patch cycle without increasing security vulnerability...."
---------------------------------------------
http://chemical-facility-security-news.blogspot.nl/2012/10/a-new-cybersecur…
*** [webapps] - OTRS 3.1 Stored XSS Vulnerability ***
---------------------------------------------
OTRS 3.1 Stored XSS Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/22070
*** Bugtraq: Internet Explorer 9 XSS Filter Bypass ***
---------------------------------------------
Internet Explorer 9 XSS Filter Bypass
---------------------------------------------
http://www.securityfocus.com/archive/1/524460
*** Before We Knew It - An Empirical Study of Zero-Day Attacks In The Real World ***
---------------------------------------------
Little is known about the duration and prevalence of zero-day attacks,
which exploit vulnerabilities that have not been disclosed publicly.
Knowledge of new vulnerabilities gives cyber criminals a free pass to
attack any target of their choosing, while remaining undetected.
Unfortunately, these serious threats are difficult to analyze, because,
in general, data is not available until after an attack is discovered...
---------------------------------------------
http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 17-10-2012 18:00 − Mittwoch 17-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Kaspersky Lab Developing Its Own Operating System? We Confirm the Rumors, and End the Speculation! ***
---------------------------------------------
"Today Id like to talk about the future. About a not-so-glamorous future of mass cyber-attacks on things like nuclear power stations, energy supply and transportation control facilities, financial and telecommunications systems, and all the other installations deemed critically important. Or you could think back to Die Hard 4 where an attack on infrastructure plunged pretty much the whole country into chaos...."
---------------------------------------------
http://eugene.kaspersky.com/2012/10/16/kl-developing-its-own-operating-syst…
*** Vuln: Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability ***
---------------------------------------------
Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56076
*** Steam spawns vulnerabilities, say researchers ***
---------------------------------------------
Gamers can be fragged by undocumented features A new security research outfit called ReVuln has presented its letter of introduction to the world in the form of a paper that analyses how the Steam protocol can expose gamers to attacks.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/17/steam_revul…
*** Stürmischer Oktober-Patchday bei Oracle ***
---------------------------------------------
xhtml
---------------------------------------------
http://www.heise.de/security/meldung/Stuermischer-Oktober-Patchday-bei-Orac…
*** New "Surveillance-Proof" App To Secure Communications Has Governments Nervous ***
---------------------------------------------
"Lately, Mike Janke has been getting what he calls the hairy eyeball from international government agencies. The 44-year-old former Navy SEAL commando, together with two of the worlds most renowned cryptographers, was always bound to ruffle some high-level feathers with his new projecta surveillance-resistant communications platform that makes complex encryption so simple your grandma can use it. This week, after more than two years of preparation, the finished product has hit the
---------------------------------------------
http://www.slate.com/articles/technology/future_tense/2012/10/silent_circle…
*** Sicherheitsrisiko Steam ***
---------------------------------------------
xhtml
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsrisiko-Steam-1731296.html/f…
*** Next-Generation Malware: Changing The Game In Securitys Operations Center ***
---------------------------------------------
"In a quiet, secluded spot, a malware author is creating a new piece of code that no antivirus tool has ever seen before. Its not a particularly creative exploit -- just a slight tweak on an existing Trojan -- but it should be enough to bypass the signature-based defenses of the company hes targeting. Your company...."
---------------------------------------------
http://www.darkreading.com/security-monitoring/167901086/security/security-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 15-10-2012 18:00 − Dienstag 16-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Precision Espionage mini Flame Malware Tied to Flame, Gauss ***
---------------------------------------------
"One of three previously unseen pieces of malware discovered during forensic analysis of the Flame malware command-and-control servers has been identified as a secondary surveillance tool deployed against specially identified targets, and only after an initial Flame or Gauss compromise, researchers said today. MiniFlame, or SPE, was originally thought to be a Flame module, but researchers at Kaspersky Lab and CERT-Bund/BSI determined the program can stand alone as an independent piece of...
---------------------------------------------
http://threatpost.com/en_us/blogs/precision-espionage-miniflame-malware-tie…
*** Developers ignore their security responsibilities: Oracle ***
---------------------------------------------
"Software developers are ignoring their responsibilities to protect and design infrastructure that is properly secured, according to Oracle Chief Security Officer Mary Ann Davidson. Speaking at the Australian Information Security Associations National Conference 2012 in Sydney today, Davidson said that developers, in many cases, were building systems used in key infrastructure without even thinking about security."Do we really think that the people that decide [to] have self-driving...
---------------------------------------------
http://www.zdnet.com/developers-ignore-their-security-responsibilities-orac…
*** Global card fraud continues to rise - survey ***
---------------------------------------------
"A quarter of people have been hit by card fraud during the past five years, prompting many to ditch their provider, says an ACI Worldwide-commissioned survey covering 17 countries around the world. According to the Aite Group poll of 5223 people - around 300 for each country - Mexicans are the most likely to fall victim to fraudsters, with 44% hit in the last five years. Chip and PIN-less America comes second, on 42%, followed by India on 37%...."
---------------------------------------------
http://www.finextra.com/News/Fullstory.aspx?newsitemid=24166
*** Eugene Kaspersky Unveils Plans for New Secure SCADA OS ***
---------------------------------------------
"Attacks against SCADA and industrial-control systems have become a major concern for private companies as well as government agencies, with executives and officials worried about the potential effects of a major compromise. Security experts in some circles have been warning about the possible ramifications of such an attack for some time now, and researchers have found scores of vulnerabilities in SCADA and ICS systems in the last couple of years. Now, engineers at Kaspersky Lab have...
---------------------------------------------
http://threatpost.com/en_us/blogs/eugene-kaspersky-unveils-plans-new-secure…
*** Reverse Engineering Malware - What you need to know? ***
---------------------------------------------
"Every now and then, a nasty piece of Malware raises its ugly head and wreck havoc on the Enterprise Infrastructure. It is often necessary to analyze the Malware and understand its working so thatThe impact of the Malware on IT Systems can be ascertained ANDThe nature of preventative controls that can be put in place so that this threat does not spread further. In such scenarios, Reverse Engineering of the Malware becomes a requirement...."
---------------------------------------------
http://infosecnirvana.com/reverse-engineering-malware/
*** Cyber Security Bulletin SB12-289 - Vulnerability Summary for the Week of October 8, 2012 ***
---------------------------------------------
"High Vulnerabilities : adobe -- adobe_airbackwpup -- backwpupbernhard_wymann -- torcsbigware -- bigware_shopcomponentone -- flexgridcraig_knudsen -- webcalendarMedium Vulnerabilities: activestate -- activeperlactivestate -- activetclactivestate -- activepythonaidanlister -- regcodeapache -- axis2apprain -- apprainLow Vulnerabilities:barracudanetworks -- spam_&_virus_firewall_600bryce_harrington -- xdiagnosecartpauj -- shortcode-redirectemc --...
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB12-289.html
*** WordPress Brute Force Attacks - How you can protect yourself against WordPress Brute Force attacks ***
---------------------------------------------
"It is common for me to submit several hundred abuse reports as part of our security monitoring service every day. If I was asked for an off the cuff ball park of the main attack types from January 2012 to August 2012, I would probably answer with 40% remote file inclusion attacks, 40% local file inclusion attacks, 15% directory transferal attacks, 4% other (including brute force attacks), and 1% SQL injection attacks. If you asked me from September 2012 forward, the answer would change...
---------------------------------------------
http://www.dynamicnet.net/2012/10/wordpress-brute-force-attacks/
*** Santanders online banking keeps passwords in cookies ***
---------------------------------------------
"The retail web site for Santander bank has been discovered to be keeping customer passwords in plain text in cookies held while the user is logged in. The discovery was revealed on the Full Disclosure mailing list when an anonymous user posted details of how credit card numbers and other information was stored in session cookies. The H set out to verify whether the claims were correct...."
---------------------------------------------
http://www.h-online.com/security/news/item/Santander-s-online-banking-keeps…
*** MyBB 1.6.8 Cross Site Scripting ***
---------------------------------------------
Topic: MyBB 1.6.8 Cross Site Scripting Risk: Low Text: Exploit Title : Mybb 1.6.8 Cross Site Scripting Author : 3xpl0!t3r Discovered By : Sec-Advisor.Org Da...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/jTSNZAsKIiU/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 12-10-2012 18:00 − Montag 15-10-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** SCADA Hacking : Exploit released to Hack Solar Energy Plants ***
---------------------------------------------
"ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities. They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product. The US Department of Homeland Security is warning about vulnerabilities in a common...
---------------------------------------------
http://thehackernews.com/2012/10/scada-hacking-exploit-released-to-hack.htm…
*** Remote Admin Tools May Not Be Clever Enough For Their Own Good ***
---------------------------------------------
ancientribe writes "A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing, and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ehO8DsJFuJk/remote-admin-to…
*** Your Real-Time Cyber-Attack Map ***
---------------------------------------------
"I have no idea how reliable the info shown here is, but it certainly is interesting. Especially to me, as I climb onto a plane bound for southern China via Japan. Its an animated real-time visualization of (it says) attempted cyber-attacks...."
---------------------------------------------
http://www.theatlantic.com/technology/archive/2012/10/your-real-time-cyber-…
*** Mac OS X Hackers Can Steal Apple IDs in Just 10 Seconds ***
---------------------------------------------
"The guys over at shootitlive came across what seems to be a major security flaw that could be exploited by a hacker connected to the same WiFi network as the victim. The method is called Session Fixation Attack and basically comes down to using a previous browser session to extract private data and get access to an Apple ID. This means that iTunes and App Store accounts can be compromised, as the hacker can change both the password and the email address...."
---------------------------------------------
http://news.softpedia.com/news/Mac-OS-X-Hackers-Can-Steal-Apple-IDs-in-Just…
*** Cyberthings for Managers - Latest Issue 14 October 2012 ***
---------------------------------------------
"Cyberthings for Managers is a summary of signicant news or literature about the domain of Cyberwarfare and directly related areas. The summary is aimed at manager level and higher, thus there will be no listings of technical hacks, aws or incidents. Only major developments especially from governmental level down, are listed...."
---------------------------------------------
http://www.opensourceintelligence.eu/website/cyberthings/latest.pdf
*** The Scrap Value of a Hacked PC, Revisited ***
---------------------------------------------
"A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who cant begin to fathom why miscreants would want to hack into his PC. I dont bank online, I dont store sensitive information on my machine!..."
---------------------------------------------
http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
*** The Deep Web Part 1: Introduction to the Deep Web and how to wear clothes online! ***
---------------------------------------------
"According to Cisco, by the end of this year, there will be more Internet-connected mobile devices than people on Earth! Not surprisingly there is a lot of interesting content being generatedAccording to Netcraft, there are over 190 million active websites, and according to the WorldWideWebSize daily estimate, the Indexed Web contains at least 8. 42 billion pages...."
---------------------------------------------
http://securityaffairs.co/wordpress/9409/security/the-deep-web-part-1-intro…
*** "Das muss menschliches Versagen sein" - Sicherheitskonferenz in Luxembourg ***
---------------------------------------------
Das Computer Incident Response Center Luxembourg (CIRCL) veranstaltet vom 23. bis 25. Oktober erneut die Sicherheitskonferenz hack.lu. Der Veranstalter ist das offizielle Computer Security Incident Response Team des "Großherzogtums Luxembourg", das auch als Sponsor der Veranstaltung auftritt. Das Konferenz-Motto ist das berühmte Zitat des Computers HAL 9000 aus "2001: Odysee im Weltraum", der sich selbst für unfehlbar hielt und deshalb klar stellte: "It can only be attributable to human error".
---------------------------------------------
http://www.heise.de/security/meldung/Das-muss-menschliches-Versagen-sein-Si…
*** Bank Attacks: What Have We Learned? - How to Prepare for Next Wave of DDoS Strikes ***
---------------------------------------------
"In the wake of eight sophisticated distributed denial of service attacks aimed at leading U.S. banks in recent weeks, financial institutions are bracing for more. The hacktivist group Izz ad-Din al-Qassam, which took credit for the online outages, said it planned to spend the weekend of Oct. 13-14 planning its next wave of attacks. And if the trend continues, those attacks could come as soon as Oct. 16, because the previous waves both started on Tuesdays...."
---------------------------------------------
http://www.bankinfosecurity.com/bank-attacks-what-have-we-learned-a-5197?rf…
*** State-Sponsored Malware Flame Has Smaller, More Devious Cousin ***
---------------------------------------------
"Researchers have uncovered new nation-state espionage malware that has ties to two previous espionage tools known as Flame and Gauss, and that appears to be a high-precision, surgical attack tool targeting victims in Lebanon, Iran and elsewhere. Researchers at Kaspersky Lab, who discovered the malware, are calling the new malware miniFlame, although the attackers who designed it called it by two other names SPE and John. MiniFlame seems to be used to gain control of and obtain increased...
---------------------------------------------
http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/?utm_sour…
*** SilverStripe 2.4.7 and lower Persistent Cross Site Scripting ***
*** SilverStripe 2.4.7 and lower Open URL Redirection ***
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JmS3heO-psM/WLB-20…http://feedproxy.google.com/~r/securityalert_database/~3/jFOmtCUzv_E/WLB-20…
*** Vuln: FileBound On-Site Password Reset Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/55880
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 11-10-2012 18:00 − Freitag 12-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
*** Skype malware steals more than your money: User accounts from Facebook, Twitter, PayPal, and more ***
---------------------------------------------
"Earlier this week, we warned you about a new piece of malware that is spreading via Skype using the message lol is this your new profile pic? It tries steals to steal your money using both ransomware (restricts access to your computer and demands payment for it to be removed) and click fraud (imitation of a legitimate user clicking on an ad to generate revenue). Now weve learned that the malware does more than that: it targets your user accounts on various Web services and can also do so
---------------------------------------------
http://thenextweb.com/microsoft/2012/10/12/skype-malware-steals-more-than-y…
*** SOPA Is Back! As a Ransomware Virus ***
---------------------------------------------
"After historic Internet protests in January the SOPA anti-piracy bill was defeated. However, this week several reports have pointed to a rather unfortunate SOPA comeback. Not in Congress, but as a nasty cryptovirus that locks up peoples computers and accuses them of distributing copyright infringing files...."
---------------------------------------------
http://torrentfreak.com/sopa-is-back-as-a-ransomware-virus-121011/
*** Conficker worm still being tracked, but evidence collection slows ***
---------------------------------------------
"The notorious malware known as the Conficker worm still infects computers, a sort of wild horse with no rider, but investigators appear no closer to finding its creator. Also known as "Downandup," Conficker was discovered in November 2008, exploiting a vulnerability in Windows XP that allowed remote file execution when file-sharing was enabled. Microsoft patched it a month later...."
---------------------------------------------
http://www.computerworld.com/s/article/9232277/Conficker_worm_still_being_t…
*** RSA Conference: Security industry built on a haze of fog and hype ***
---------------------------------------------
"A panel of security experts at RSA Conference criticised their industry over its tendency to sensationalise and hype, taking attention away from truly important problems. As well as the media that had a tendency to sensationalise issues, criticism was also reserved for companies that tried to focus attention on areas such as Android malware that was cool, instead of business and enterprise problems that companies were actively trying to deal with. Joshua Corman, director of security
---------------------------------------------
http://www.scmagazineuk.com/rsa-conference-security-industry-built-on-a-haz…
*** EU cloud strategy calls for standards ***
---------------------------------------------
"Cloud computing technical specification standardization, model contracts and a pooling of requirements among European Union governments would cause the gross domestic product impact of cloud computing in the EU to nearly triple to 250 billion by 2020, says the European Commission. In a commission cloud strategy (. pdf) dated Sept. 27, the commission says a hands-off approach would result in GDP impact of merely 88 billion by 2020--and as a result, says it will launch cloud-specific
---------------------------------------------
http://www.fiercegovernmentit.com/story/eu-cloud-strategy-calls-standards/2…
*** CAST diskutiert strukturelle Defizite kritischer Infrastrukturen ***
---------------------------------------------
Als "Hot Topic" hatte das CAST-Forum seine Veranstaltung zum Schutz kritischer Infrastrukturen bezeichnet. Der Trend, die industrielle Informationstechnik bis zur Feldebene einzelner Sensoren in der Fertigung oder Energieversorgung mit dem "normalen" Internet zu vernetzen, sei bedenklich. Mit Simulationen, der Neuberechnung von Toleranzgrenzen und industriellem Schwachstellenmanagement wollen die versammelten Experten den Schutz verbessern.
---------------------------------------------
http://www.heise.de/security/meldung/CAST-diskutiert-strukturelle-Defizite-…
*** Hack In The Box: researcher reveals ease of Huawei router access ***
---------------------------------------------
At Hack In The Box researcher Felix "FX" Lindner has shown how Huawei
routers are easy to access with their static passwords and how one
machine could give an attacker access to an entire network.
---------------------------------------------
http://www.zdnet.com/hack-in-the-box-researcher-reveals-ease-of-huawei-rout…
*** Whonix: Anonymous operating system ***
---------------------------------------------
"Whonix is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the users real IP/location...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=13757
*** Privatsphäre - Apples geheime Tracking-Funktion in iOS 6 ***
---------------------------------------------
Nach der Verbannung der UDIDs sind die neuen Tracking-Funktionen zu Werbezwecken gut versteckt
---------------------------------------------
http://text.derstandard.at/1348285823855/Apples-geheime-Tracking-Funktion-i…
*** Bugtraq: ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities ***
---------------------------------------------
ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524394
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 10-10-2012 18:00 − Donnerstag 11-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Expenditure Report Reveals Germany Monitors Skype, Google Mail, Facebook Chat ***
---------------------------------------------
hypnosec writes "The German Government has gone a bit too far trying to be transparent, inadvertently revealing that German police monitor Skype, Google Mail, MSN Hotmail, Yahoo Mail, and Facebook chat when necessary. The revelations, spotted by the annalist blog, come from a report of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry. The report contains lots of tables and as many would find those boring, some highlights: On page 34 and page 37 of...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/J2HxG9I5vdo/expenditure-rep…
*** Microsoft addresses critical Word flaws, new RSA key length ***
---------------------------------------------
"Microsoft will begin requiring digital certificates to support an RSA key length of at least 1024 bits today, in accordance with a security advisory being pushed through Windows Update. The new requirement, which Microsoft has been preparing customers for since August, was part of the software companys October 2012 Patch Tuesday security updates. Microsoft also addressed an issue with signature timestamps on valid files and released seven bulletins covering 20 vulnerabilities in Microsoft...
---------------------------------------------
http://searchsecurity.techtarget.com/news/2240164725/Microsoft-addresses-cr…
*** US and EU Clash Over Whois Data ***
---------------------------------------------
itwbennett writes "ICANN wants to store more data (including credit card information) about domain name registrations in its Whois database, wants to hold on to that data for two years after registration ends, and wants to force registrant contact information to be re-verified annually - moves that are applauded by David Vladeck, director of the FTCs Bureau of Consumer Protection. The E.U.s Article 29 Working Group is markedly less enthusiastic, saying ICANNs plans trample on...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/6xJedYC9pQU/us-and-eu-clash…
*** Sicherheitslücke in Firefox 16 ***
---------------------------------------------
Eine Sicherheitslücke in Firefox 16 hat Mozilla in Alarmbereitschaft versetzt. Als Reaktion wurde Firefox 16 von der Mozilla Homepage entfernt und steht nicht mehr zur Installation zur Verfügung.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-in-Firefox-16-172739…
*** PGP founders mobile privacy app goes live ***
---------------------------------------------
Zimmerman & Navy SEAL pals unveil safe comms, at $20 a month Updated Silent Circle, the secure mobile communications app backed by Phil Zimmerman, has gone live - offering protection from all but the most determined of government departments.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/10/secure_circ…
*** Neue IPv6-Tools von "The Hackers Choice" ***
---------------------------------------------
Die Hackergruppe "The Hackers Choice" hat das THC IPv6 Attack Toolkit für die Version 2.0 deutlich erweitert. Im Mittelpunkt der Tools steht nicht nur das Sammeln von Informationen über andere IPv6-Hosts, sondern auch über gezielte Angriffe, etwa um Pakete über sich umzuleiten und in eine Position als Man-in-the-Middle zu gelangen.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-IPv6-Tools-von-The-Hackers-Choice…
*** Facebook Confirms Data Breach ***
---------------------------------------------
another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. Its not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebooks 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited the Prakashs
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-ZGiVNpxow8/facebook-confir…
*** Bugtraq: Multiple vulnerabilities in OpenX ***
---------------------------------------------
Multiple vulnerabilities in OpenX
---------------------------------------------
http://www.securityfocus.com/archive/1/524372
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 09-10-2012 18:00 − Mittwoch 10-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Proxy service users download malware, unknowingly join botnet ***
---------------------------------------------
"In yet another example of if-its-too-good-to-be-true-it-probably-isnt, hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. "The malware is Backdoor. Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2290
*** Kernel crimps make Windows 8 a hacker hassle ***
---------------------------------------------
The kernel is the new battleground, says ReactOS and iOS co-author Alex Ionescu Windows 8 will make hackers lives hard, says Windows internals expert, security researcher and co-author of Apples iOS and the open source Windows XP clone ReactOS, Alex Ionescu.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/09/windws_8_ha…
*** Microsoft to devs: Bug users about security ... now! ***
---------------------------------------------
Redmond reveals how and when it decides to remind you about security Microsoft has revealed the guidelines it gives its own developers to help them decide when users need a rude reminder to stop putting themselves at risk of security problems.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/10/microsoft_n…
*** RSA simple password-protection to stop hackers ***
---------------------------------------------
"RSA, the security division of EMC, today announced a security product intended to protect simple passwords stored within businesses for authentication purposes, by splitting these passwords in two pieces kept separately, in theory making it harder for hackers to get hold of them. Yahoos massive data breach contains Gmail, Hotmail, Comcast user names and passwordsThis year has seen a large number of password hacking exploits, including those against Yahoo, dating site eHarmony, and
---------------------------------------------
http://www.itworld.com/security/301646/rsa-simple-password-protection-stop-…
*** Mysterious Algorithm Was 4% of Trading Activity Last Week ***
---------------------------------------------
A single mysterious computer program that placed orders - and then subsequently canceled them - made up 4 percent of all quote traffic in the U.S. stock market last week, according to the top tracker of high-frequency trading activity. The motive of the algorithm is still unclear. The program placed orders in 25-millisecond bursts involving about 500 stocks, according to Nanex, a market data firm.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gouGx0l7Y5E/mysterious-algo…
*** Oktober ist Office-Patch-Monat ***
---------------------------------------------
Microsoft schließt an seinem aktuellen Patchday sieben Sicherheitslücken, eine davon mit der Risikobewertung "kritisch", die restlichen mit der Bewertung "hoch". Vier der veröffentlichten Sicherheitsnotzien betreffen Microsoft Office, die kritische Lücke findet sich in allen Versionen von Word. Hier sind besonders Nutzer mit Administrationsrechten dem Risiko ausgesetzt, ihr System beim Aufrufen einer Website mit Schadcode zu infizieren.
---------------------------------------------
http://www.heise.de/security/meldung/Oktober-ist-Office-Patch-Monat-1726703…
*** Google disappears for Irish internet users - but was it a nameserver hack or admin screwup? ***
---------------------------------------------
Thousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia.
---------------------------------------------
http://nakedsecurity.sophos.com/2012/10/09/google-disappears-for-irish-inte…
*** Data-stealing hackers use DDoS to distract from attacks ***
---------------------------------------------
Cybercriminals are distracting banks and other businesses with a DDoS
attack while they quietly lay siege to sensitive data on the network,
which they can use for credit card cloning and other fraud.
---------------------------------------------
http://www.zdnet.com/symantec-data-stealing-hackers-use-ddos-to-distract-fr…
*** Vuln: Microsoft Windows Kerberos CVE-2012-2551 Denial of Service Vulnerability ***
---------------------------------------------
Microsoft Windows Kerberos CVE-2012-2551 Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55778
*** Vuln: Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability ***
---------------------------------------------
Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51117
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 08-10-2012 18:00 − Dienstag 09-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Studie: Cybercrime verursacht deutschen Unternehmen Millionenschäden ***
---------------------------------------------
Datendiebstahl, Computerviren und Web-Attacken verursachen in einem deutschen Großunternehmen laut einer Studie von Hewlett-Packard jährlich einen Schaden von durchschnittlich 4,8 Millionen Euro. Deutschland liegt damit zwischen den USA (6,9 Millionen Euro) und Japan (3,9 Millionen Euro), wie das IT-Unternehmen am Montag in Büblingen bei Stuttgart mitteilte.
---------------------------------------------
http://www.heise.de/security/meldung/Studie-Cybercrime-verursacht-deutschen…
*** Trojan disguised as image delivered via Skype messages ***
---------------------------------------------
"The spamming campaign has surfaced in the last few days and is being propagated via compromised Skype accounts. The offered links dont lead to an image, but to a malicious executable (skype_02102012_image. exe) posing as one...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2285
*** Bing is the most heavily poisoned search engine, study says ***
---------------------------------------------
Bing search results are more affected by poisoning than those of other search engines, according to a study by SophosLabs.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/08/bing_worst_…
*** Critical Adobe Flash Player Update Nixes 25 Flaws ***
---------------------------------------------
Adobe has issued an update for its Flash Player software that fixes at least 25 separate security vulnerabilities in the widely-installed program. The company also pushed out a security patch for its Adobe AIR software.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/MKdBYW3I3dQ/
*** Surprise! Microsoft patches latest IE10 Flash vulns on time ***
---------------------------------------------
Issues fixes same day as Adobes patch Microsoft surprised Windows 8 and Windows Server 2012 users on Monday by issuing a patch that fixes 25 security vulnerabilities found in the Adobe Flash Player component of Internet Explorer 10, mere hours after Adobe issued its own patch for the Flash Player plug-in used by other browsers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/09/ms_ontime_i…
*** Facebook: Lücke bei Telefonnummern-Suche ***
---------------------------------------------
Durch eine unbeschränkte Abfrage über die Mobil-Webseite und eine offene Voreinstellung für Nutzer können mit Leichtigkeit Personen-Listen samt dazugehöriger Telefonnummern generiert werden, zeigen Sicherheits-Forscher auf. Sie rufen Nutzer zum überprüfen ihrer Auffindbarkeits-Einstellungen auf.
---------------------------------------------
http://futurezone.at/digitallife/11783-facebook-luecke-bei-telefonnummern-s…
*** Flaws Allow Every 3G Device To Be Tracked ***
---------------------------------------------
mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victims outgoing traffic to different
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/NPPj-sqeBcM/flaws-allow-eve…
*** Plugin - PrivacyFix für Google Chrome regelt Privatsphäre-Einstellungen ***
---------------------------------------------
Facebook, Google und zahlreiche Websites: Mit PrivacyFix soll man den Überblick behalten
---------------------------------------------
http://text.derstandard.at/1348285489060/PrivacyFix-fuer-Google-Chrome-rege…
*** HTTPS Everywhere unterstützt mehr Websites ***
---------------------------------------------
Die Electronic Frontier Foundation (EFF) hat eine neue Version ihrer Browser-Erweiterung HTTPS Everywhere veröffentlicht. Version 3.0 unterstütze jetzt verschlüsselte Verbindungen zu noch mehr Websites. Neben der stabilen Version für Firefox ist auch eine Entwicklerversion für Google Chrome und Chromium verfügbar.
---------------------------------------------
http://www.heise.de/security/meldung/HTTPS-Everywhere-unterstuetzt-mehr-Web…
*** Windows XP doppelt so oft infiziert wie Windows 7 ***
---------------------------------------------
Im Microsoft Security Intelligence Report für das erste Halbjahr 2012 bilanziert der Betriebssystemhersteller, dass er rund doppelt so oft Schädlinge von Systemen mit Windows XP kratzen musste wie bei Windows 7 oder auch Vista. Bei rund einem Prozent der Durchläufe des Malicious Software Removal Tools (MSRT) auf Windows XP entdeckte der rudimentäre Scanner eine Infektion (9,5 von 1000); bei den neueren Windows-Versionen liegt diese Infektionsrate lediglich bei etwa 0,5 Prozent.
---------------------------------------------
http://www.heise.de/security/meldung/Windows-XP-doppelt-so-oft-inifiziert-w…
*** Practical IT: What is your companys threat response strategy? ***
---------------------------------------------
"Weve recently seen some pretty high-profile vulnerabilities in Java and Internet Explorer. In both cases the issues became widely publicised before a patch was available after evidence emerged of in-the-wild exploitation by criminals. As someone looking after IT for your company, how do you react to reports like this?..."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/10/09/it-departments-threat-response-s…
*** Bugtraq: Team SHATTER Security Advisory: Java Operating System command execution ***
---------------------------------------------
Team SHATTER Security Advisory: Java Operating System command execution
---------------------------------------------
http://www.securityfocus.com/archive/1/524336
*** Avaya IP Office Customer Call Reporter Command Execution ***
---------------------------------------------
Topic: Avaya IP Office Customer Call Reporter Command Execution Risk: High Text: This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/za7W7e-s5xI/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 05-10-2012 18:00 − Montag 08-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Reports of a Distributed Injection Scan, (Fri, Oct 5th) ***
---------------------------------------------
We have received a report of a large distributed SQL Injection Scan from a reader. Behavior of scan is being reported as 9000+ Unique IPv4 Addresses and sends 4-10 requests to lightly fuzz the form field. Then the next IP will lightly fuzz the second form field within the same page and the next IP the next form field.Looks to be targeting MSSQL and seeking version. The reader reports that this scan has been going on for several days. Sample Payload:
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14251&rss
*** Vuln: Ruby error.c Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
Ruby error.c Multiple Security Bypass Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55757
*** Over 82,000 Chrome Users Install Ad Injector Along with Fake Bad Piggies Game ***
---------------------------------------------
"Barracuda Labs experts have identified a number of shady plugins hosted on Google Chromes web store, being advertised as the free online version of Bad Piggies. However, during installation, the plugins request permission to access data on all websites. This allows them to inject advertisements into several high-ranked sites, such as Yahoo!...."
---------------------------------------------
http://news.softpedia.com/news/Over-82-000-Chrome-Users-Install-Ad-Injector…
*** Update to Security Advisory: Adobe Revokes Code Signing Certificate (APSA12-01) ***
---------------------------------------------
Following up on our communication from September 27, 2012, we have now revoked the Adobe code signing certificate for all code signed after July 10, 2012 (00:00 GMT). We have updated the Security Advisory (APSA12-01) to reflect this action. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2012/10/update-to-security-advisory-adobe-revo…
*** Windows Escalate UAC Protection Bypass ***
---------------------------------------------
Topic: Windows Escalate UAC Protection Bypass Risk: High Text:## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial r...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/M58qqKeG-j8/WLB-20…
*** Flame fallout: Microsoft encryption deadline looms Tuesday ***
---------------------------------------------
"Starting Tuesday Microsoft platforms will block the use of encryption keys less than 1024 bits so businesses that are still using weaker keys better get busy. Changing the keys the Microsoft software uses isnt that tricky, but finding all the customer and third-party software in corporate networks that use smaller keys could require some searching. Users should download the update and test whether it breaks connections with existing applications before putting it into full production,
---------------------------------------------
http://www.csoonline.com/article/718070/flame-fallout-microsoft-encryption-…
*** Govt to build global cyber security centre ***
---------------------------------------------
"Hague announces plan for new cyber security centre to guard against cyber attack and offer nations advice on improving their cyber defences Foreign secretary William Hague has announced that the government is planning to build a new global cyber security centre of excellence aimed at helping developing nations combat cyber crime. Speaking yesterday at the Budapest Conference on Cyberspace, Hague said the government will invest 2 million per year on the Centre for Global Cyber-Security
---------------------------------------------
http://www.information-age.com/channels/security-and-continuity/news/212663…
*** Most of the Mass Distributed Malware in Q3 2012 Were Banking Trojans, Study Finds ***
---------------------------------------------
"Every once in a while we like to take a look at the quarterly reports issued by security companies to see how the threat landscape evolves. This time well analyze the figures and key findings of Solutionary Security Engineering Research Teams (SERT) Q3 2012 Quarterly Research Report. The figures from the study reveal that malware developers are getting better and better at hiding their creations from antivirus software...."
---------------------------------------------
http://news.softpedia.com/news/Most-of-the-Mass-Distributed-Malware-in-Q3-2…
*** Mozilla To Bug Firefox Users With Old Adobe Reader, Flash, Silverlight ***
---------------------------------------------
An anonymous reader writes "Mozilla today announced it will soon start prompting Firefox users to upgrade select old plugins. This will only affect Windows users, and three plugins: Adobe Reader, Adobe Flash, and Microsoft Silverlight. Mozilla says Firefox users will soon see a notification urging them to update when they visit a web page that uses the plugins." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/YH6pPZWcwYk/mozilla-to-bug-…
*** Fake Panda Cloud Antivirus Hides Data-Stealing Dark Angel Trojan ***
---------------------------------------------
"The fake Panda Cloud Antivirus has been found to hide a nasty Trojan called DarkAngle which is designed to steal sensitive details such as passwords and online banking details. Once its executed, the malicious element logs all the commands entered by the victim and sends them back to a command and control server. To make sure that it can harvest as much information as possible, the threat is loaded each time the computer is rebooted...."
---------------------------------------------
http://news.softpedia.com/news/Fake-Panda-Cloud-Antivirus-Hides-Data-Steali…
*** Tablet security study finds BlackBerry still good for something ***
---------------------------------------------
iPad,Galaxy Tab and PlayBook face off in BYOD probe A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/10/05/tablet_secu…
*** Bank Hacks: 7 Misunderstood Facts ***
---------------------------------------------
"Whos behind the recent online attacks against multiple financial institutions including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo? In recent weeks, all have bit hit by large-scale distributed denial-of-service (DDoS) attacks. Cue website outages and customer outrage...."
---------------------------------------------
http://www.informationweek.com/security/attacks/bank-hacks-7-misunderstood-…
*** ‘Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks ***
---------------------------------------------
Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSAs advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. Im weighting in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/aCWwJrPN238/
*** Botnetz kartographiert das gesamte Internet ***
---------------------------------------------
xhtml
---------------------------------------------
http://www.heise.de/security/meldung/Botnetz-kartographiert-das-gesamte-Int…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 04-10-2012 18:00 − Freitag 05-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Microsoft Security Bulletin Advance Notification for October 2012 ***
---------------------------------------------
"This is an advance notification of security bulletins that Microsoft is intending to release on October 9, 2012. This bulletin advance notification will be replaced with the October bulletin summary on October 9, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...."
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms12-oct
*** Linux 3.7 Kernel To Support Multiple ARM Platforms ***
---------------------------------------------
hypnosec writes with news that the Linux 3.7 kernel will support multiple ARM-based System on Chip platforms (Git commit page), writing "Up until now there has been a separate Linux kernel build for each of the ARM platforms or SoCs, which is one of the several problems when it comes to ARM based Linux. The merging of ARM multi-platform support into Linux 3.7 will put an end to this problem, enabling the new kernel to not only target multiple platforms but also be more in line with its x86
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/CCv0Hi9ZkWM/linux-37-kernel…
*** No Surprise - Ransomware On the Rise ***
---------------------------------------------
"McAfees latest Threats Report shows a 1. 5 million increase in malware since last quarter. 2012 is in fact, far and away the busiest year ever for malware with an estimated total of 100 million malware samples worldwide by Q3 2012...."
---------------------------------------------
http://www.infosecisland.com/blogview/22511-No-Surprise-Ransomware-On-the-R…
*** Sybase ASE 15.x Java Command Execution ***
---------------------------------------------
Topic: Sybase ASE 15.x Java Command Execution Risk: High Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Java Operating System command executi...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bHOU9UjsTIM/WLB-20…
*** Botnet Spotted Silently Scanning IPv4 Address Space For Vulnerable VoIP ***
---------------------------------------------
"A large peer-to-peer botnet known for its resilience was spotted sniffing out potential victim voice-over-IP (VoIP) servers using an advanced stealth technique of camouflaging its efforts to recruit new bots. The Sality botnet, which was first discovered in 2003 and has been estimated to have hundreds of thousands or more infected machines in its zombie army, scanned IPv4 addresses in February 2011 via a covert scanning method that flew under the radar, according to new research from the
---------------------------------------------
http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabi…
*** Facebook scannt private Nachrichten ***
---------------------------------------------
Wenn ein Link zu einer Webseite, die einen Facebook Like-Button eingebunden hat, in einer privaten Nachricht versendet wird, erhöht sich der Like-Zähler. Das bedeutet, dass die Inhalte der Nachrichten von Facebook gescannt werden müssen.
---------------------------------------------
http://futurezone.at/digitallife/11724-facebook-scannt-private-nachrichten.…
*** VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html, (Fri, Oct 5th) ***
---------------------------------------------
Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14242&rss
*** Visualizing the ZeroAccess botnet in Google Earth ***
---------------------------------------------
"The ZeroAccess botnet is a very widespread malware threat that has been infecting computers around the world for years. Its estimated that the current version of ZeroAccess has been installed over nine million times, with roughly one million PCs still infected. The folks at F-Secure have plotted nearly 140,000 infections on Google Earth, based on the IP address of the infected computer, and the result is an amazing (and rather scary) map...."
---------------------------------------------
http://www.gearthblog.com/blog/archives/2012/10/visualizing_the_zeroaccess_…
*** Cyber crooks should make you very nervous ***
---------------------------------------------
"Federal undercover agents are resorting to show and tell to combat a growing menacecriminal hackers. The Justice Department has been making headlines by publicizing prosecutions, disclosing investigative techniques and revealing findings before clinching guilty verdicts. Sure, calling attention to charges and arrests could discourage digital invaders...."
---------------------------------------------
http://www.nextgov.com/cybersecurity/2012/10/cyber-crooks-should-make-you-v…
*** Vuln: Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities ***
---------------------------------------------
Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/54569
*** lost+found: Vom Versuch eine Ente wieder einzufangen ***
---------------------------------------------
Das Magazin hakin9 ist einem Troll-Versuch aufgesessen und hat einen peinlichen Nonsens-Artikel veröffentlicht: Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning (man beachte die Abkürzung DICKS). Angesichts prominenter Autoren, deren Namen sich wie ein Who-is-Who der Security-Szene lesen, fiel offensichtlich niemandem mehr auf, dass Sätze wie "NMAP requires root access in order to allow B-trees" absolut keinen Sinn ergeben.
---------------------------------------------
http://www.heise.de/security/meldung/lost-found-Vom-Versuch-eine-Ente-wiede…
*** "Universal Man in the Browser": Datenklau in Echtzeit ***
---------------------------------------------
Die amerikanische Sicherheitsfirma Trusteer hat eine neue Form der "Man in the Browser"-Attacke (MitB) ausgemacht, die niederschwelliger und effizienter als bereits bekannte MitB sein soll. Das Besondere an dem Spionageprogramm ist die eingebaute Logik, die es erlaubt, die gestohlenen Daten in Echtzeit auszuwerten und möglichst schnell einem Weiterverkauf zugänglich zu machen. Trusteer nennt diese neue Form 'Universal Man in the Browser' (uMitB).
---------------------------------------------
http://www.heise.de/security/meldung/Universal-Man-in-the-Browser-Datenklau…
*** Blacklist RFC-Ignorant.org stellt den Betrieb ein ***
---------------------------------------------
Postmaster und andere Netz-Administratoren sollten RFC-Ignorant.org umgehend aus ihren Server-Konfigurationen entfernen. Die Meldestelle gegen Netzmissbrauch beantwortet bereits sämtliche Anfragen mit "Eintrag nicht vorhanden".
---------------------------------------------
http://www.heise.de/security/meldung/Blacklist-RFC-Ignorant-org-stellt-den-…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 03-10-2012 18:00 − Donnerstag 04-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** IETF Starts Work On Next-Generation HTTP Standards ***
---------------------------------------------
alphadogg writes "With an eye towards updating the Web to better accommodate complex and bandwidth-hungry applications, the Internet Engineering Task Force has started work on the next generation of HTTP, the underlying protocol for the Web. The HTTP Strict Transport Security (HSTS), is a security protocol designed to protect Internet users from hijacking. The HSTS is an opt-in security enhancement whereby web sites signal browsers to always communicate with it over a secure connection. If
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JocJDH2CeQw/ietf-starts-wor…
*** Microsoft wins permanent settlement against Nitol botnet ***
---------------------------------------------
"Microsoft has won a battle to permanently disrupt a haven for the Nitol botnet that it discovered within an Internet domain controlled by a Chinese ISP. The company has signed a private settlement that Peng Yong and Changzhou Bei Te Kang Mu Software Technology Co., Ltd., will block all connections to designated malicious subdomains of the 3322. org domain controlled by Peng and Bei Te Kang Mu Software...."
---------------------------------------------
http://www.csoonline.com/article/717879/microsoft-wins-permanent-settlement…
*** Google Glass, Augmented Reality Spells Data Headaches ***
---------------------------------------------
Nervals Lobster writes "Google seems determined to press forward with Google Glass technology, filing a patent for a Google Glass wristwatch. As pointed out by CNET, the timepiece includes a camera and a touch screen that, once flipped up, acts as a secondary display. In the patent, Google refers to the device as a smart-watch. Whether or not a Google Glass wristwatch ever appears on the marketplace � just because a tech titan patents a particular invention doesnt mean its bound for
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lVDzxD_8kXY/google-glass-au…
*** How to Protect against Denial of Service Attacks: Refresher ***
---------------------------------------------
"With all of the information about DoS attacks in recent months, it is easy to blame banks and say that they didnt have the proper security controls in place to withstand this type of attack, but in reality things are not that simple. So, how does this happen? Is it preventable?..."
---------------------------------------------
http://www.infosecisland.com/blogview/22518-How-to-Protect-against-Denial-o…
*** Europe joins forces in Cyber Europe 2012 ***
---------------------------------------------
"Today, more than 300 cyber security professionals across Europe join forces to counter a massive simulated cyber-attack in the 2nd pan-European Cyber Exercise, Cyber Europe 2012. The exercise builds on and ties together extensive activities at both the national and European level to improve the resilience of critical information infrastructures. As such, Cyber Europe 2012 is a major milestone in the efforts to strengthen cyber crisis cooperation, preparedness and response across
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/europe-joins-forces-in-cybe…
*** Neue Oracle-Hacks ***
---------------------------------------------
Die Sicherheitsexperten Laszlo Toth und Ferenc Spala haben im Rahmen der Konferenz DerbyCon 2.0 eine Reihe von zum Teil neuartigen Angriffen auf Oracle-Datenbanken und SQL-Server vorgestellt und dabei auch gleich die entsprechenden Werkzeuge dazu ver�ffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-Oracle-Hacks-1722784.html/from/at…
*** Middle East cyberattacks on Google users increasing ***
---------------------------------------------
"Here we go again. Three months after it first began warning users of state-sponsored cyber attacks, Google is saying that the assault has only intensified. The New York Times reports that since it began warning users of state-sponsored attacks, "it has picked up thousands more instances of cyberattacks than it anticipated." Many of the attacks appear to be originating in the Middle East...."
---------------------------------------------
http://news.cnet.com/8301-1009_3-57525334-83/middle-east-cyberattacks-on-go…
*** Gut choreografierte dDoS-Attacken gegen US-Gro�banken ***
---------------------------------------------
Mehrere US-Gro�banken, unter anderem Wells Fargo, PNC Financial Service Group, U.S. Bancorp, Citigroup, JPMorgan und Bank of America, sahen sich in den letzten Tagen einer Vielzahl von professionell gef�hrten DDoS-Attacken ausgesetzt.
---------------------------------------------
http://www.heise.de/security/meldung/Gut-choreografierte-dDoS-Attacken-gege…
*** Bugtraq: [security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information ***
---------------------------------------------
[security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information
---------------------------------------------
http://www.securityfocus.com/archive/1/524302
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 02-10-2012 18:00 − Mittwoch 03-10-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
*** SHA-3 Winner Announced ***
---------------------------------------------
An anonymous reader writes "The National Institute of Standards and Technology (NIST) has just announced the winner of the SHA-3 competition: Keccak, created by Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics and Michaël Peeters of NXP Semiconductors. Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be, says NIST computer security expert Tim Polk. An attack that could work on SHA-2 most likely would not work on Keccak because
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/eoZNXkbqy3w/sha-3-winner-an…
*** Twitter account hijacking exposes easy-to-exploit security flaw ***
---------------------------------------------
"The hijacking of the Twitter account that belongs to user Daniel Dennis Jones and his subsequent investigation into the matter has revealed a Twitter security weakness that makes it easy for hackers to do the same to all users that employ short and uninventive passwords, reports BuzzFeed. Over the weekend Jones - an early Twitter adopter who managed to snag himself the @blanket Twitter account - was unpleasantly surprised when he received an email from Twitter telling him his password had
---------------------------------------------
http://www.net-security.org/secworld.php?id=13708
*** Handshakes Professional 4.1 SQL Injection ***
---------------------------------------------
Topic: Handshakes Professional 4.1 SQL Injection Risk: Medium Text:HTTPCS Advisory : HTTPCS70 Product : Handshakes Professional Version : 4.1 Date : 2012-10-01 Criticality level : Highly Cri...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/AGsJ6_RuY30/WLB-20…
*** Microsoft Reaches Settlement with Site Linked to Nitol Botnet ***
---------------------------------------------
"Microsoft announced today its reached a settlement with the operator of a Chinese Web site whose domain and sub-domains hosted more than 500 kinds of malware, including the Nitol botnet found on brand new computers. In a lawsuit filed two weeks ago by the software giant, Microsoft alleged the domain 3322. org hosted Nitol, which was found being preloaded onto computers during an investigation into supply chain security last August...."
---------------------------------------------
http://threatpost.com/en_us/blogs/microsoft-reaches-settlement-site-linked-…
*** Sicherheit - Iran: Cyberattacken kappen Internetzugang ***
---------------------------------------------
Infrastruktur wurden mit mehreren Gigabyte pro Sekunde bombardiert
---------------------------------------------
http://derstandard.at/1348284881692/Iran-Cyberattacken-kappen-Internetzugang
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 01-10-2012 18:00 − Dienstag 02-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** SQL Injection bei Trend Micro Control Manager ***
---------------------------------------------
Ein Update beseitigt eine SQL-Injection-Lücke in Trends Security-Management-Plattform.
---------------------------------------------
http://www.heise.de/security/meldung/SQL-Injection-bei-Trend-Micro-Control-…
*** Cisco CallManager vulnerable to brute force attack ***
---------------------------------------------
"Roberto Suggi Liverani, founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager)...."
---------------------------------------------
http://thehackernews.com/2012/10/cisco-callmanager-vulnerable-to-brute.html
*** Expert fingers DDoS toolkit used in bank cyberattacks ***
---------------------------------------------
"Cyberattackers who disrupted the websites of U.S. banks over the last two weeks used a highly sophisticated toolkit -- a finding that points to a well-funded operation, one security vendor said on Monday. Prolexic Technologies said the distributed denial of service (DDoS) toolkit called itsoknoproblembro was used against some of the banks which included Wells Fargo, U.S. Bank, PNC Bank, Bank of America and JPMorgan Chase. Each of the banks was struck on separate days...."
---------------------------------------------
http://www.csoonline.com/article/717727/expert-fingers-ddos-toolkit-used-in…
*** IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force ***
---------------------------------------------
Topic: IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force Risk: Low Text:I want to warn you about Brute Force, Cross-Site Scripting, Cross-Site Request Forgery and Redirector vulnerabilities in IBM ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Gq2FiubAbh0/WLB-20…
*** Switchvox Asterisk 5.1.2 Cross Site Scripting ***
---------------------------------------------
Topic: Switchvox Asterisk 5.1.2 Cross Site Scripting Risk: Low Text:Title: Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/KtK8D-i6E-o/WLB-20…
*** OPlayer 2.0.05 iOS Cross Site Scripting ***
---------------------------------------------
Topic: OPlayer 2.0.05 iOS Cross Site Scripting Risk: Low Text:Title: OPlayer v2.0.05 iOS - Multiple Web Vulnerabilities Date: == 2012-10-01 References: == http://www....
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/NytSNRlZ814/WLB-20…
*** GTA UTM Firewall GB 6.0.3 Cross Site Scripting ***
---------------------------------------------
Topic: GTA UTM Firewall GB 6.0.3 Cross Site Scripting Risk: Low Text:Title: GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http:...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vljvCj4a1PU/WLB-20…
*** DDoS attacks reach new level of sophistication ***
---------------------------------------------
"Prolexic Technologies warned of an escalating threat from unusually large and highly sophisticated DDoS attacks. The DDoS attacks have been launched in the last week using the so-called itsoknoproblembro DDoS toolkit. The malicious actor(s) behind the attacks have used this potent tool in conjunction with sophisticated attack methods that clearly demonstrate knowledge of common DDoS mitigation methods...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=13704
*** How a single spam from China ended up as an attack on the White House ***
---------------------------------------------
"FoxNews leads today with a dramatic story entitled "Washington confirms Chinese hack attack on White House computer."In other important news, experts confirmed that there was a "high probability" that tomorrow, 03 October 2012, due to the rotation of the earth on its axis, the sun would once again give the impression of rising in the East. They also claimed that dinosaurs would "in all likelihood" continue in their state of alleged extinction.(You read it
---------------------------------------------
http://nakedsecurity.sophos.com/2012/10/02/how-a-single-spam-from-china-end…
*** Bugtraq: CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9 ***
---------------------------------------------
CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9
---------------------------------------------
http://www.securityfocus.com/archive/1/524273
*** [papers] - A Pentesters Guide to Hacking OData ***
---------------------------------------------
A Pentesters Guide to Hacking OData
---------------------------------------------
http://www.exploit-db.com/download_pdf/21664
*** PCI Security Standard: Mobile Payment Acceptance Security Guidelines, (Tue, Oct 2nd) ***
---------------------------------------------
What would Cyber Security Awareness Month with a Standards theme be without discussing some semblance of PCI-related content? Carefully avoiding the debate over the benefits and drawback of PCI DSS, Ill instead focus on a recent read with a quick summary of PCI Mobile Payment Acceptance Security Guidelines for Developers. This guideline hit my radar on 14 SEP courtesy of Ians Dragon News Bytes and was intriguing as I had just published Mobile application security best practices in a BYOD world
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14206&rss
*** Bugtraq: [security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information ***
---------------------------------------------
[security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information
---------------------------------------------
http://www.securityfocus.com/archive/1/524275
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 28-09-2012 18:00 − Montag 01-10-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: openCryptoki Multiple Insecure File Creation Vulnerabilities ***
---------------------------------------------
openCryptoki Multiple Insecure File Creation Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55627
*** Did NSA Put a Secret Backdoor in New Encryption Standard? ***
---------------------------------------------
"Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency...."
---------------------------------------------
http://cyberwarzone.com/did-nsa-put-secret-backdoor-new-encryption-standard
*** Security Advisory: Adobe to Revoke Code Signing Certificate (APSA12-01) ***
---------------------------------------------
A Security Advisory (APSA12-01) has been posted in regards to the misuse of an Adobe code signing certificate. Adobe plans to revoke the certificate on October 4, 2012 for all software code signed after July 10, 2012. Adobe is in the process of issuing updates for all affected products using a new digital certificate. For [...]
---------------------------------------------
http://blogs.adobe.com/psirt/2012/09/security-advisory-adobe-to-revoke-code…
*** Scary New Malware Uses Your Phone To Make A Map Of Your House For Robbers ***
---------------------------------------------
"If you arent careful, much of the tech you hold near and dear can be used against you. An app called PlaceRaider, for instance, can use your phone to build a full 3D map of your house, all without you suspecting a thing. Developed by Robert Templeman at the Naval Surface Warfare centre and a few buddies from the University of Indiana, PlaceRader hijacks your phones camera and takes a series of secret photographs, recording the time, and the phones orientation and location with each
---------------------------------------------
http://www.gizmodo.com.au/2012/09/scary-new-malware-uses-your-phone-to-make…
*** A Convenient Scapegoat - Why All Cyber Attacks Originate in China ***
---------------------------------------------
"A fairy tale has crept its way into the collective western InfoSec mindset and poisoned the well of reason and rational thought. I am referring to what I like to term, Lazy Neo-McArthyism, i.e. blaming the Red Menace, a.k. a China. It seems that every other cyber-incident, security breach or strain of malware is attributed to the superpower of the east...."
---------------------------------------------
http://www.securityweek.com/convenient-scapegoat-why-all-cyber-attacks-orig…
*** In a Zero-Day World, It’s Active Attacks that Matter ***
---------------------------------------------
The recent zero-day vulnerability in Internet Explorer caused many (present company included) to urge Internet users to consider surfing the Web with a different browser until Microsoft issued a patch. Microsoft did so last month, but not before experts who ought to have known better began downplaying such advice, pointing out that other browser makers have more vulnerabilities and just as much exposure to zero-day flaws. This post examines hard data that shows why such reasoning is more
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/kKKkx4TbxfY/
*** LG NAS Users and password hash disclosure ***
---------------------------------------------
Topic: LG NAS Users and password hash disclosure Risk: High Text:# Exploit Title: LG NAS Users and password hash disclosure # Date: 2012-09-29 # Vendor Homepage: http://www.lg.com/ # Versio...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/_NaxSfrogiM/WLB-20…
*** Internet scan finds thousands of device flaws, system weaknesses ***
---------------------------------------------
"A scan of the Internet over 20 days has yielded terabytes of data and also some alarming weaknesses including misconfigured routers, vulnerability riddled databases and more than 1,000 exposed passwords. Its a project that HD Moore calls his hobby. The Internet-wide survey looked for open TCP ports, SNMP system descriptions, MDNS responders, UPNP endpoints and NetBIOS name queries...."
---------------------------------------------
http://searchsecurity.techtarget.com/news/2240164210/Internet-scan-finds-th…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 27-09-2012 18:00 − Freitag 28-09-2012 18:00
Handler: Stephan Richter
*** ISC Feature of the Week: Glossary, (Thu, Sep 27th) ***
---------------------------------------------
Overview Our feature today is a page we just launched, the Glossary:Terms and Definitions page at https://isc.sans.edu/glossary.html! This page allows for browsing and list filtering of Computer and Security-related terms and definitions. There is also an API at https://isc.sans.edu/api/#glossary which Ill also detail below. We will soon be adding a Suggest a New Term or Definition form where you can contribute your thoughts to the list.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14188&rss
*** Vuln: CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability ***
---------------------------------------------
CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55570
*** Updated IEEE Statement on Security Incident ***
---------------------------------------------
"We deeply regret the exposure of user IDs and passwords that we became aware of on 24 September 2012. We would like to take this opportunity to explain to our members and customers the circumstances under which the exposure occurred and provide assurances with respect to IEEEs security processes and policies. IEEE follows security best practices based on ISO and NIST standards...."
---------------------------------------------
http://www.ieee.org/about/news/2012/27september_2012.html
*** Adobe scrambles to revoke stolen cert ***
---------------------------------------------
Malware signed as Adobe software Adobe has revealed an attack that compromised some of its software development servers, resulting in its code signing certificate being used to disguise malware as Adobe software.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/27/adobe_cert_…
*** Cisco beseitigt angebliche DoS-Lücken ***
---------------------------------------------
Acht Sicherheitslücken in Ciscos Router-Betriebssystem Cisco IOS beseitigt der Hersteller mit Updates, die zum fälligen halbjährlichen Patchday veröffentlicht wurden. Eine im Session Initiation Protocol (SIP) betrifft auch den Cisco Unified Communications Manager. Alle Lücken erlauben es nach Ciscos Einschätzung maximal, den betroffenen Dienst lahm zu legen.
---------------------------------------------
http://www.heise.de/security/meldung/Cisco-beseitigt-angebliche-DoS-Luecken…
*** Fast alle Hersteller von Steuercode-Problem in Android betroffen ***
---------------------------------------------
Von der anfänglich Samsung zugeschriebenen Android-Steuercode-Schwachstelle sind anscheinend potenziell die meisten Smartphones und UMTS-Tablets betroffen, auf denen Ice Cream Sandwich (Version 4.0.x) oder eine ältere Android-Version läuft. Google hat den Code im Wählprogramm im Juli mit Version 4.1.1 aktualisiert, damit Steuercodes nicht mehr automatisch ausgeführt werden.
---------------------------------------------
http://www.heise.de/security/meldung/Fast-alle-Hersteller-von-Steuercode-Pr…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 26-09-2012 18:00 − Donnerstag 27-09-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Vuln: 389 Directory Server Access Bypass Vulnerability ***
---------------------------------------------
389 Directory Server Access Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55690
*** Vuln: Zend Framework Multiple Cross Site Scripting Vulnerabilities ***
---------------------------------------------
Zend Framework Multiple Cross Site Scripting Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55636
*** Do Reverse Proxies Provide Real Security? ***
---------------------------------------------
"In the process of building / designing the infrastructure for a new project the following question was asked: shouldnt we use a reverse proxy to secure or protect the web servers? Of course the first question I asked myself is do reverse proxies provide real security? or is this a best / common practice that has been adopted without foundation?..."
---------------------------------------------
http://www.infosecisland.com/documentview/22458-Do-Reverse-Proxies-Provide-…
*** Maker of Smart-Grid Control Software Hacked ***
---------------------------------------------
"The maker of an industrial control system designed to be used with so-called smart grid networks disclosed to customers last week that hackers had breached its network and accessed project files related to a control system used in portions of the electrical grid. Telvent, which is owned by Schneider Electric, told customers in a letter that on Sept. 10 it learned of the breach into its network. The attackers installed malicious software on the network and also accessed project files for
---------------------------------------------
http://www.wired.com/threatlevel/2012/09/scada-vendor-telvent-hacked/
*** Cisco IOS Security Advisory Bundle - http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html, (Thu, Sep 27th) ***
---------------------------------------------
-Kevin -- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14185&rsshttp://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html
*** Netzbetreiber sehen Domain Name System durch Attacken zunehmend in Gefahr ***
---------------------------------------------
Groß angelegte Attacken auf DNS-Server sind in den vergangenen Monaten sprunghaft angestiegen. Angriffe, die die Netze mit Datenraten von 50 bis 100 Gigabit/Sekunde in die Knie zwingen, seien an der Tagesordnung, sagte Paul Vixie, Gründer des Internet Systems Consortium (ISC).
---------------------------------------------
http://www.heise.de/security/meldung/Netzbetreiber-sehen-Domain-Name-System…
*** EU Banks Not Prepared for Attacks - Experts Cite Inadequate Controls, Information Sharing ***
---------------------------------------------
"Website outages that so far have targeted five leading U.S. banks should serve as a warning to global institutions of cyberthreats to come. Yet, major European institutions are not prepared to prevent or respond to such attacks, according to fraud and security experts at the European Network and Information Security Agency and Barclays, one of the worlds leading banks."What I see so much in Europe, especially in the U.K., is that no one wants to talk about the attacks theyre...
---------------------------------------------
http://www.bankinfosecurity.com/eu-banks-prepared-for-attacks-a-5144
*** [webapps] - Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth) ***
---------------------------------------------
Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth)
---------------------------------------------
http://www.exploit-db.com/exploits/21546
*** [webapps] - JAMF Casper Suite MDM CSRF Vulnerability ***
---------------------------------------------
JAMF Casper Suite MDM CSRF Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/21545
*** Bugtraq: NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution ***
---------------------------------------------
NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution
---------------------------------------------
http://www.securityfocus.com/archive/1/524248
*** Bugtraq: XSS in OSSEC wui 0.3 ***
---------------------------------------------
XSS in OSSEC wui 0.3
---------------------------------------------
http://www.securityfocus.com/archive/1/524247
*** Cyber Security Bulletin SB12-269 - Vulnerability Summary for the Week of September 17, 2012 ***
---------------------------------------------
"High Vulnerabilities : adobe -- flash_playeranecms -- anecmsapple -- mac_os_xapple -- mac_os_xbananadance -- banana_dancebioinformatics -- ordersysMedium Vulnerabilities:apache -- wicketapache -- cxfapple -- safariapple -- mac_os_xapple -- iphone_osblairwilliams -- pretty_link_lite_pluginburnsy -- jbshop_pluginLow Vulnerabilities:63reasons -- supercronalex_barth -- dataalquimia -- managesitecisco -- ioscollectivecolors -- taxonomy_view_integrator_moduledmitry_loac -- taxotouch..."
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB12-269.html#top
*** News, Technologies and Techniques: Why SSD Drives Destroy Court Evidence, and What Can Be Done About It: Part 1 ***
---------------------------------------------
Solid State drives SSD introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different from how we used to acquire PCs using traditional magnetic media. read more
---------------------------------------------
http://www.dfinews.com/article/why-ssd-drives-destroy-court-evidence-and-wh…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 25-09-2012 18:00 − Mittwoch 26-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities ***
---------------------------------------------
HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55272
*** Espionage Hackers Target Watering Hole Sites ***
---------------------------------------------
"Security experts are accustomed to direct attacks, but some of todays more insidious incursions succeed in a roundabout way by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called watering hole tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities
---------------------------------------------
http://krebsonsecurity.com/2012/09/espionage-hackers-target-watering-hole-s…
*** QNX QCONN Remote Command Execution Vurnerability ***
---------------------------------------------
Topic: QNX QCONN Remote Command Execution Vurnerability Risk: High Text:# Title : QNX QCONN Remote Command Execution Vurnerability # Version : QNX 6.5.0 >= , QCONN >= 1.4.207944 # Download: http://...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ZxigkLQDTgU/WLB-20…
*** Samba 3.6.3 remote root exploit ***
---------------------------------------------
Topic: Samba 3.6.3 remote root exploit Risk: High Text:#!/usr/bin/python # # finding targets 4 31337z: # gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk {...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JMaQdgM9SUg/WLB-20…
(Kommentar: aktuell ist Samba 3.6.8, manche Long-Term Distributionen wie Debian liefern aber noch älteres wie 3.5.6 aus)
*** phpMyAdmin mit Backdoor ***
---------------------------------------------
Zeitweise wurde über einen der offiziellen Download-Server eine manipulierte Version des Datenbankverwaltungstools verteilt, die ein Backdoor-Skript enthält.
---------------------------------------------
http://www.heise.de/security/meldung/phpMyAdmin-mit-Backdoor-1717377.html/f…
*** Schutz vor Fernlöschung von Samsung-Smartphones ***
---------------------------------------------
Einige Samsung-Smartphones kann man durch eine präparierte Webseite oder spezielle SMS ohne Einwilligung des Besitzers aus der Ferne löschen, wie am gestrigen Dienstag bekannt wurde. In Googles App-Shop Google Play gibt es nun das kostenlose Tool NoTelURL von Jörg Voss, das dafür sorgt, dass die USSD-Steuercodes nicht mehr ohne Zutun des Nutzers ausgeführt werden.
---------------------------------------------
http://www.heise.de/security/meldung/Schutz-vor-Fernloeschung-von-Samsung-S…
*** More Java Woes, (Wed, Sep 26th) ***
---------------------------------------------
A number of readers alerted us of news reports stating that new full sandbox escape vulnerabilities had been reported to Oracle. At this point, there are no details available as to the nature of these vulnerabilities, and there is no evidence that any of these vulnerabilities are exploited. However, it is widely known that Oracle is working on a substantial backlog of these vulnerabilities. It is still recommended to use Java with caution. Some best practices: - Uninstall Java if you dont need
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14179&rss
*** Malicious PhpMyAdmin Served From SourceForge Mirror ***
---------------------------------------------
An anonymous reader writes with a bit of news about the compromised download of phpMyAdmin discovered on an sf.net mirror yesterday: "A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software. The file — phpMyAdmin-3.5.2.2-all-languages.zip — was modified to include a backdoor that allowed attackers to
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/15L5Bg-UnmY/malicious-phpmy…
*** Vuln: libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability ***
---------------------------------------------
libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51084
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 24-09-2012 18:00 − Dienstag 25-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Book Review: Digital Forensics For Handheld Devices ***
---------------------------------------------
benrothke writes "Todays handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed." Read on for the rest of Bens review. Read more of
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fpv3Or7g974/book-review-dig…
*** Schneier: We Dont Need SHA-3 ***
---------------------------------------------
Trailrunner7 writes with this excerpt from Threatpost: "For the last five years, NIST, the government body charged with developing new standards for computer security, among other things, has been searching for a new hash function to replace the aging SHA-2 function. Five years is a long time, but this is the federal government and things move at their own pace in Washington, but NIST soon will be announcing the winner from the five finalists that were chosen last year. Despite the
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fJ7xmIOdp-o/schneier-we-don…
*** Java SE 5/6/7 critical security issue ***
---------------------------------------------
Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/VECe3FilPLE/WLB-20…
*** Samsung-Smartphones aus der Ferne löschbar ***
---------------------------------------------
Der Sicherheitsexperte Ravi Borgaonkar hat auf der Hackerkonferenz Ekoparty demonstriert, dass man Android-Smartphones von Samsung, bei denen der Hersteller die Android-Version mit eigener Software angepasst hat, aus der Ferne auf Werkseinstellungen zurücksetzen kann. Kern des Angriffs ist eine Schwachstelle im Samsung-eigenen Wählprogramm, durch die einzelne Smartphone-Varianten ohne Rückfrage sogenannte USSD-Codes (Unstructured Supplementary Service Data) ausführen, die über speziell präparierte Links übergeben werden. Der Code *2767*3855# sorgt dafür, dass das Handy sofort mit dem Zurücksetzen beginnt.
---------------------------------------------
http://www.heise.de/security/meldung/Samsung-Smartphones-aus-der-Ferne-loes…
*** Data Breach Reveals 100k IEEE.org Members Plaintext Passwords ***
---------------------------------------------
First time accepted submitter radudragusin writes "IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100.000 compromised users are Apple, Google, IBM, Oracle and Samsung
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HCjl46a-6mM/data-breach-rev…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 21-09-2012 18:00 − Montag 24-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** 1st It Security Industrial & Automation ***
---------------------------------------------
"The IT Security & Industrial Automation 2012 on 13 and 14. 11. 2012 in Leipzig is the first conference of isits AG on protection of production and automation, which takes place in cooperation with escrypt GmbH and TV Rheinland...."
---------------------------------------------
http://www.itsec-process.info/
*** Conference: Secure Communication for Energy Networks ***
---------------------------------------------
"Focus of the second Conference Think smart - secure communication for energy networks, the issue of IT security is about smart energy, with particular emphasis in smart grids. With practical examples, current trends in the development, but also the security of smart technology and power grids are presented. Manufacturers of smart energy, utilities, and software quality assurance company manufacturers demonstrate the current situation with national and international pilot projects...."
---------------------------------------------
http://www.thinksmart-energy.info/
*** Update - Sicherheitslücke in Microsofts Internet Explorer geschlossen ***
---------------------------------------------
Umfangreiches Update veröffentlicht - auch eine Lücke im Flash-Player wurde behoben
---------------------------------------------
http://text.derstandard.at/1348283691198/Sicherheitsluecke-in-Microsofts-In…
*** Vuln: ZEN Load Balancer Multiple Security Vulnerabilities ***
---------------------------------------------
ZEN Load Balancer Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55638
*** Google Go language gets used: For file-scrambling trojan, though ***
---------------------------------------------
No-one sure why mobe rooter VXers like obscure lingo Virus writers are experimenting with Googles Go as a programming language for malware.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/24/google_go_t…
*** IP-Adressverwaltung RIPE diskutiert Aktuelles zu DNS, IPv6, Routing ***
---------------------------------------------
Seit dem heutigen Montag treffen sich in niederländischen Amsterdam Vertreter der am europäischen Adressverwalter RIPE beteiligten Unternehmen und Verbände zum 65. RIPE-Meeting. Die jährliche Tagung befasst sich bis zum Ende der Woche mit Vorträgen und Diskussionen zu aktuellen Entwicklungen bei der regionalen Internet Registry. Einige Themen wie das Domain Name System, das Internet Protocol Version 6 (IPv6) oder das Routing bearbeiten die Teilnehmer in Arbeitsgruppen während dieser Zeit.
---------------------------------------------
http://www.heise.de/newsticker/meldung/IP-Adressverwaltung-RIPE-diskutiert-…
*** Update für PostgreSQL 9.1 und 9.2 behebt kritische Fehler ***
---------------------------------------------
Für die erst kürzlich veröffentlichte Version 9.2 der freien relationalen Datenbank PostgreSQL sowie für die Vorgängerversion 9.1 stehen Updates bereit, die zwei kritische Fehler beheben. Sie könnten zu beschädigten Datenbankindizes oder anderen Defekten führen, schreiben die Entwickler.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Update-fuer-PostgreSQL-9-1-und-9-2-b…
*** Vuln: PHP CVE-2012-0057 Security Bypass Vulnerability ***
---------------------------------------------
PHP CVE-2012-0057 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51806