Daily November 2012

daily@lists.cert.at

1 participants
21 discussions

Tageszusammenfassung - Freitag 30-11-2012
by Daily end-of-shift report 30 Nov '12

30 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 29-11-2012 18:00 − Freitag 30-11-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Server der Atombehörde IAEA erneut attackiert *** --------------------------------------------- Die Internationale Atombehörde IAEA wurde zum zweiten Mal binnen weniger Tage attackiert. Dabei sollen Hacker geheime Daten gestohlen haben. Über die Herkunft der Hacker ist nichts bekannt, bei den zweiten Angreifern könnte es sich allerdings um Mitglieder von Anonymous handeln. --------------------------------------------- http://futurezone.at/netzpolitik/12741-server-der-atombehoerde-iaea-erneut-… *** Virtualization Security: Protecting Virtualized Environments *** --------------------------------------------- "Virtualization changes the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, and changes in IT architecture and deployment life cycles. Whats more, the technologies, best practices, and strategies used for securing physical environments do not provide sufficient protection for virtual environments...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14030 *** Sprachtwittern für Syrer *** --------------------------------------------- Nachdem Syrien seit Donnerstag nahezu komplett vom Internet abgeschnitten ist haben Google und Twitter den Dienst "speak2tweet" wieder aufgenommen. Der Dienst nimmt Sprachnachrichten unter vier internationalen Rufnummern an, legt sie auf Google-Servern ab und veröffentlicht die Links auf Twitter (siehe da auch #SyriaBlackout). --------------------------------------------- http://www.heise.de/security/meldung/Sprachtwittern-fuer-Syrer-1760015.html… *** Mail hackt Router *** --------------------------------------------- Eine ganze Reihe von Routern von Arcor, Asus und TP-Link sind anfällig für eine ungewollte Fernkonfiguration. Der Sicherheitsforscher Bogdan Calin demonstriert in seinem Blog eindrucksvoll, dass im Netz der Router schon das Anzeigen einer Mail weitreichende Konsequenzen haben kann: Seine speziell präparierte Testmail konfiguriert beim Öffnen den WLAN-Router so um, dass der Internet-Datenverkehr umgeleitet wird. --------------------------------------------- http://www.heise.de/security/meldung/Mail-hackt-Router-1759354.html/from/at… *** Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html, (Fri, Nov 30th) *** --------------------------------------------- (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14599&rss *** Microsoft Security Essentials Loses AV-Test Certificate *** --------------------------------------------- helix2301 writes "Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didnt pass the test to achieve certification. Although that may not sound that impressive, Microsofts program was the only one which didnt receive AV-Tests certificate. For comparison, the other free antivirus software, including Avast, AVG --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/jXCBvPS16VQ/story01.htm *** Hotel-Einbrecher werden zu Arduino-Tüftlern *** --------------------------------------------- Der auf der diesjährigen Hackerkonferenz BlackHat demonstrierte Angriff auf die elektronischen Türschlösser der Marke Onity HT wurde weiter perfektioniert und möglicherweise auch schon von Einbrechern eingesetzt. Inzwischen gibt es im Netz eine Vielzahl detaillierter Anleitungen und Videos über das Aushebeln der Türsperre. --------------------------------------------- http://www.heise.de/security/meldung/Hotel-Einbrecher-werden-zu-Arduino-Tue… *** Crooks inject malicious Java applet into FOREX trading website *** --------------------------------------------- VXers wouldnt give a XXXX for anything else A FOREX trading website has been contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/30/forex_tradi… *** Latest phishing security test shows Chrome is the best, followed by IE10, Safari, and then Firefox *** --------------------------------------------- "Phishing scams are becoming more and more prevalent, but thankfully browser makers have also stepped up their game: the average phishing URL catch rate in the top four browsers has jumped from 46 percent in 2009 to 92 percent in 2012 and the average time it took to block a new phishing URL also improved from 16. 43 hours to 4. 87 hours...." --------------------------------------------- http://thenextweb.com/apps/2012/11/28/latest-phishing-security-test-shows-c…

1 0

Tageszusammenfassung - Donnerstag 29-11-2012
by Daily end-of-shift report 29 Nov '12

29 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 28-11-2012 18:00 − Donnerstag 29-11-2012 18:00 Handler: Robert Waldner Co-Handler: n/a *** New version of wireshark is available (1.8.4), some security fixes included. , (Wed, Nov 28th) *** --------------------------------------------- (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14587&rss *** Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime *** --------------------------------------------- "In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been launched, including stock takings of legal and operational obstacles that prevent collaboration, advice resulting from that, workshops that brought together members of both communities, consultation with members of both communities, etc. It was soon --------------------------------------------- http://www.enisa.europa.eu/activities/cert/support/fight-against-cybercrime… *** Vuln: OpenDNSSEC cURL API Security Bypass Vulnerability *** --------------------------------------------- OpenDNSSEC cURL API Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56679 *** How to Minimize Medical Device Risks - Ethical Hacker Offers Action Items *** --------------------------------------------- "Malware and hackers present potential security threats to wireless medical devices and safety risks to the patients who use them. But healthcare organizations and device manufacturers can take several steps to curtail those risks, says an ethical hacker who has demonstrated the vulnerability of various devices. Barnaby Jack, director of embedded device security at services firm IOActive, recently demonstrated how an implanted wireless heart defibrillator can be hacked from 50 feet away to --------------------------------------------- http://www.healthcareinfosecurity.com/how-to-minimize-medical-device-risks-… *** [webapps] - Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities *** --------------------------------------------- Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/23004 *** Bugtraq: Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability *** --------------------------------------------- Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/524863 *** WhatsApp: Schwere Sicherheitslücke entdeckt *** --------------------------------------------- Über die Handynummer sowie die Seriennummer kann relativ einfach das WhatsApp-Passwort erzeugt und so ein fremder Accounts übernommen werden. Das hat das deutsche Online-Portal heise Security aufgedeckt. Die Entwickler von WhatsApp wollen aber offenbar nichts von der Lücke wissen. --------------------------------------------- http://futurezone.at/produkte/12738-whatsapp-schwere-sicherheitsluecke-entd…

1 0

Tageszusammenfassung - Mittwoch 28-11-2012
by Daily end-of-shift report 28 Nov '12

28 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 27-11-2012 18:00 − Mittwoch 28-11-2012 18:00 Handler: Robert Waldner Co-Handler: n/a *** Java Zero-Day Exploit on Sale for ‘Five Digits’ *** --------------------------------------------- Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracles Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/P9epzhQazQ0/ *** Cooperation is key for Europes cyber security - Conclusion of ENISA Brussels event *** --------------------------------------------- "A high-level event organised by Europes cyber security agency, ENISA, recognised closer cyber cooperation and mutual support as key factors for boosting cyber security for Europes citizens, governments and businesses. The meeting, held today (27th November) in Brussels, was led by ENISAs Executive Director, Professor Udo Helmbrecht, and brought together key figures from the European Parliament, European Commission and the computer industry. Participants included Ms Amelia Andersdotter, --------------------------------------------- http://mb.cision.com/Main/119/9341197/71035.pdf *** Sysadmin creates tool to scour web for hacked data *** --------------------------------------------- "A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards. Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin. Or it could scour Stack Exchange for intellectual property code --------------------------------------------- http://www.itnews.com.au/News/324176,sysadmin-creates-tool-to-scour-web-for… *** Vuln: Tor Remote Denial of Service Vulnerability *** --------------------------------------------- Tor Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56675 *** Yahoo zero day exploit goes on sale for $700 *** --------------------------------------------- "A hacker has begun selling what they claim is a zero-day exploit that will let criminals hijack control of Yahoo Mail users accounts. The hacker, who goes by the moniker TheHell, posted a video marketing a $700 exploit kit on the secretive Darkode cybercrime market on Monday. The video was later spotted and re-posted onto YouTube by security blogger Brian Krebs."Im selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers...." --------------------------------------------- http://www.v3.co.uk/v3-uk/news/2227722/yahoo-zero-day-exploit-goes-on-sale-… *** DNS servers filled with wrong Kool-Aid, big names waylaid in Romania *** --------------------------------------------- Microsoft, Yahoo!, Google, PayPal all graffitid A hacker today redirected web surfers looking for Yahoo, Microsoft or Google to a page showing a TV test card by apparently poisoning Googles public DNS system.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/28/google_roma…

1 0

Tageszusammenfassung - Dienstag 27-11-2012
by Daily end-of-shift report 27 Nov '12

27 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 26-11-2012 18:00 − Dienstag 27-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Call for Entries: RSA Conference 2013 Innovation Sandbox *** --------------------------------------------- "RSA Conference (www. rsaconference. com), the worlds leading information security conferences and expositions, today announced its annual Innovation Sandbox program has opened a call for submissions to name the Most Innovative Company at RSA Conference 2013...." --------------------------------------------- http://www.virtual-strategy.com/2012/11/26/call-entries-rsa%C2%AE-conferenc… *** Hintertür in Traffic-Analyse-Software Piwik *** --------------------------------------------- Über eine nachträglich eingefügte Hintertür in der Web-Server-Analyse-Software Piwik können Angreifer die volle Kontrolle über das System erlangen. Wer Piwik in den vergangenen Wochen vom Server des Open-Source-Projekts geladen und installiert hat, sollte seine Server sofort überprüfen. --------------------------------------------- http://www.heise.de/security/meldung/Hintertuer-in-Traffic-Analyse-Software… *** CyberCity allows government hackers to train for attacks *** --------------------------------------------- "CyberCity has all the makings of a regular town. Theres a bank, a hospital and a power plant. A train station operates near a water tower...." --------------------------------------------- http://www.washingtonpost.com/investigations/cybercity-allows-government-ha… *** Go Daddy Resets Passwords of Customers Whose Sites Are Used to Spread Malware *** --------------------------------------------- "Last week, researchers found that cybercriminals were altering the DNS records of Go Daddy websites in an effort to redirect their visitors to their own malware-spreading domains. Go Daddy reveals that the attackers compromised the accounts by phishing out the affected customers credentials. Go Daddy representatives have told The Next Web that theyve begun identifying the affected accounts...." --------------------------------------------- http://news.softpedia.com/news/Go-Daddy-Resets-Passwords-of-Customers-Whose… *** Yahoo! email! hijack! exploit!... Yours! for! $700! *** --------------------------------------------- Cybercrook: Its a bargain, guys... They usually cost way more A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts, according to a hacker who is offering to sell an alleged zero-day vulnerability exploit for $700.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/27/yahoo_email… *** Samsung-Netzwerkdrucker mit Hintertür *** --------------------------------------------- Das US-CERT warnt vor einem fest einprogrammierten Administrator-Account in Samsung-Druckern, der die volle Kontrolle über die Geräte ermöglicht. --------------------------------------------- http://www.heise.de/security/meldung/Samsung-Netzwerkdrucker-mit-Hintertuer…

1 0

Tageszusammenfassung - Montag 26-11-2012
by Daily end-of-shift report 26 Nov '12

26 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 23-11-2012 18:00 − Montag 26-11-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Mystery Chrome 0-day exploit to be unveiled in India on Saturday *** --------------------------------------------- I dont want $60k, I want FAME? A Georgian security researcher is due to present details of an unpatched vulnerability in Googles Chrome browser at the Malcon security conference in India over the weekend. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/23/mystery_chr… *** eBay schließt kritische Sicherheitslöcher *** --------------------------------------------- Das Online-Auktionshaus hat unter anderem eine Lücke geschlossen, durch die man lesend und schreibend auf eine seiner Datenbanken zugreifen konnte. --------------------------------------------- http://www.heise.de/security/meldung/eBay-schliesst-kritische-Sicherheitslo… *** Dreamhost Breached, Server & client information leaked *** --------------------------------------------- A pastebin user using the handle Syst3mswt has posted a a dump of server information which appears to come from the well known and popular web hosting service Dream Host (http://www.dreamhost.com). --------------------------------------------- http://www.cyberwarnews.info/2012/11/24/dreamhost-breached-server-client-in… *** Digitally signed ransomware lurking in the wild *** --------------------------------------------- "Trend Micro researchers have spotted two ransomware variants bearing the same (probably stolen) digital signature in order to fool users into running the files. Other than that, the malware acts like any other ransomware: it blocks the victims computer and shows messages that seem to come either from the FBI or the UKs Police Central e-crime Unit:"Users may encounter these files by visiting malicious sites or sites exploiting a Java vulnerability," say the researchers...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2331 *** Symantec Warns of New Malware Targeting SQL Databases *** --------------------------------------------- "Symantec is warning of a new bit of malware that appears to be modifying corporate databases, particularly in the Middle East, though its showing up elsewhere in the world too. W32. Narilam, first discovered Nov. 15, follows a similar pattern of other worms by copying itself onto infected machines, adding registry keys and propogating through removable drives and network shares...." --------------------------------------------- http://threatpost.com/en_us/blogs/symantec-warns-new-malware-targeting-sql-… *** Google.com.pk and 284 Other .PK Domains Hacked *** --------------------------------------------- ryzvonusef writes with news that hackers have taken down the local Pakistan versions of many popular websites, including google.com.pk, apple.pk, microsoft.pk and yahoo.pk. 284 sites were affected in total. Many of the sites were defaced, and a group called Eboz is taking credit for the hack. According to TechCrunch, "The root of today's attack, it seems, came via a breach of Pakistan's TLD operator, PKNIC, which administers and registers all .pk domains. Looking at affected --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/iiSda5ExrUk/story01.htm *** New Cyber Security challenges take on Stuxnet and Malware *** --------------------------------------------- "The Cyber Security Challenge UK has launched four new cyber challenges for budding information security experts. Professional teams from Orange, Prodrive, (ISC)2, the SANS Institute, QiniteQ and Sophos will be testing over 100 amatuer cyber defenders who will qualify via the first-round virtual contest. The challengers will have the opportunity to compete in one of four competitions:The Orange and Prodrive Risk Analysis Candidates will have to develop a complex security architecture to --------------------------------------------- http://www.info4security.com/story.asp?sectioncode=9&storycode=4129799&c=1 *** 1-15 November 2012 Cyber Attacks Statistics *** --------------------------------------------- "This November 2012 seems really to be endless from an Information Security Perspective. We have assisted so far to a remarkable number of Cyber Attacks. As usual is it time to provide the partial snapshot of November taken from the corresponding Cyber Attack Timeline and covering the first half of the month...." --------------------------------------------- http://hackmageddon.com/2012/11/23/1-15-november-2012-cyber-attacks-statist… *** EU plant Meldepflicht für Cyber-Attacken *** --------------------------------------------- Zum besseren Schutz vor Cyber-Attacken denkt die EU auch über eine Meldepflicht von Cyberattacken für Unternehmen nach. "Ich bin ein großer Befürworter von Selbstregulierung, aber in diesem Fall fürchte ich, dass wir damit nicht weiterkommen", sagte die für die Digitale Agenda zuständige EU-Kommissarin Neelie Kroes der Süddeutschen Zeitung. --------------------------------------------- http://www.heise.de/newsticker/meldung/EU-plant-Meldepflicht-fuer-Cyber-Att… *** Phishing-Mail bittet um fotografierte TAN-Liste *** --------------------------------------------- Die Ideen gehen den Phishern nicht aus: Eine neue Phishing-Mail bittet Kunden der Deutschen Bank AG, ihre TAN-Liste zu fotografieren oder einzuscannen und über eine präparierte Seite hochzuladen. --------------------------------------------- http://www.heise.de/security/meldung/Phishing-Mail-bittet-um-fotografierte-… *** Websense Proxy Filter Bypass *** --------------------------------------------- Topic: Websense Proxy Filter Bypass Risk: Low Text:Websense Proxy Filter Bypass 1. Advisory Information Date published: 2012-11-25 Vendors contacted: Websense Release mo... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/OpLiRLavk6Y/WLB-20… *** Vuln: ModSecurity POST Parameters Security Bypass Vulnerability *** --------------------------------------------- ModSecurity POST Parameters Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56096

1 0

Tageszusammenfassung - Freitag 23-11-2012
by Daily end-of-shift report 23 Nov '12

23 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 22-11-2012 18:00 − Freitag 23-11-2012 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** PASSTEAL Malware Lurking on File Sharing Sites *** --------------------------------------------- "Variants of the PASSTEAL malware are propagating by masquerading as key generators for paid applications, popular e-books, and other software on file sharing services, according Alvin John Nieto, a threat response engineer at TrendMicros TrendLabs. PASSTEAL, as its name suggests, is a piece of malware that uses various password recovery tools to steal passwords stored in the browsers of its victims. Nieto claims PASSTEAL is novel in its deviation from keyloggers that simply log... --------------------------------------------- http://threatpost.com/en_us/blogs/passteal-malware-lurking-file-sharing-sit… *** Infographic of the week: Why ignoring information security is lethal *** --------------------------------------------- "Infographic of the week: Why ignoring information security is lethal...." --------------------------------------------- http://www.londonlovesbusiness.com/3978.article *** New report by EU Agency ENISA on digital trap honeypots to detect cyber-attacks creates a buzz *** --------------------------------------------- "The EU cyber security Agency ENISA is launching an in-depth study on 30 different digital traps or honeypots that can be used by Computer Emergency Response Teams (CERT)s and National/Government CERTs to proactively detect cyber-attacks. The study reveals barriers to understanding basic honeypot concepts and presents recommendations on which honeypot to use. An increasing number of complex cyber-attacks demand better early warning detection capabilities for CERTs...." --------------------------------------------- http://www.cisionwire.com/enisa---european-network-and-information-security… *** Netherlands - One in Five pay Police Virus ransom - Free tool to fix available *** --------------------------------------------- "Comment Bricade: one of the Bricade Research Analysts, Arjen de Landgraaf, is also on this Dutch Zembla television program, where he is commenting on the new Gozi Prinimalka banking trojan, amongst others. Translated Article:According to the Dutch Team High Tech Crime (THTC) of the KLPD, one in five victims of the police ransomware scam is actually paying the 100 Euros ransom. Team Leader Pim Takkenberg says (Zembla, tonight on Dutch television, 21...." --------------------------------------------- http://copsincyberspace.wordpress.com/2012/11/23/een-op-vijf-slachtoffers-b… *** Wurm manipuliert Datenbanken im Iran *** --------------------------------------------- Das Sicherheitsunternehmen Symantec hat einen spezialisierten Wurm namens W32.Narilam entdeckt, der SQL-Datenbanken kompromittieren kann. Wie Symantec schreibt, "spricht" die Schadsoftware Persisch und Arabisch und scheint sich vor allem gegen Unternehmen im Iran zu richten. --------------------------------------------- http://www.heise.de/security/meldung/Wurm-manipuliert-Datenbanken-im-Iran-1… *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-12:07.hostapd *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-12:07.hostapd --------------------------------------------- http://www.securityfocus.com/archive/1/524811 *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-12:06.bind *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-12:06.bind --------------------------------------------- http://www.securityfocus.com/archive/1/524810 *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-12:08.linux *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-12:08.linux --------------------------------------------- http://www.securityfocus.com/archive/1/524813

1 0

Tageszusammenfassung - Donnerstag 22-11-2012
by Daily end-of-shift report 22 Nov '12

22 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 21-11-2012 18:00 − Donnerstag 22-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Researcher Claims To Have Chrome Zero-Day, Google Says "Prove It" *** --------------------------------------------- chicksdaddy writes "Googles been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isnt interested in selling it, eyebrows get raised. And thats just whats happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Rd8KcBlxVgQ/story01.htm *** Vuln: NetIQ Privileged User Manager ldapagnt_eval() Remote Code Execution Vulnerability *** --------------------------------------------- NetIQ Privileged User Manager ldapagnt_eval() Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56539 *** Bug-Jäger entdeckt SCADA-Lücken – und verkauft sie *** --------------------------------------------- Der Schwachstellen-Händler ReVuln rührt weiter die Werbetrommeln und hat ein Video veröffentlicht, das Sicherheitslücken in weit verbreiteten SCADA-Industriesteueranlagen zeigen soll. Insgesamt will das Unternehmen neun Zero-Day-Lücken in SCADA-Produkten von Eaton, General Electric, Kaskad, Rockwell Automation, Schneider Electric und Siemens gefunden haben. Welche Produkte im einzelnen lückenhaft sind, gab ReVuln jedoch nicht an. --------------------------------------------- http://www.heise.de/security/meldung/Bug-Jaeger-entdeckt-SCADA-Luecken-und-… *** lighttpd 1.4.31 DOS POC *** --------------------------------------------- Topic: lighttpd 1.4.31 DOS POC Risk: High Text:#!/bin/bash # simple lighttpd 1.4.31 DOS POC # CVE-2012-5533 # http://www.lighttpd.net/2012/11/21/1-4-32/ # http://download... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/oPnZGgMtSWc/WLB-20…

1 0

Tageszusammenfassung - Mittwoch 21-11-2012
by Daily end-of-shift report 21 Nov '12

21 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 20-11-2012 18:00 − Mittwoch 21-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Hosting Provider Automatically Fixes Vulnerabilities In Customers Websites *** --------------------------------------------- An anonymous reader writes "Dutch hosting provider Antagonist announced their in-house developed technology that automatically detects and fixes vulnerabilities in their customers websites. The service is aimed at popular software such as WordPress, Drupal and Joomla. As soon as a vulnerability is detected, we inform the customer. We also explain how the customer can resolve the issue. In case the customer does not respond to our first notice within the next two weeks, we automatically --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VJkhR6QbCeA/story01.htm *** PGP Zimmermann teams with Navy SEALs, SAS techies in London *** --------------------------------------------- Offers Silent Phone crypto to biz, aid workers Encryption guru Phil Zimmermann is going after security conscious users with his new venture Silent Circle, a security start-up offering ultra-secure VoIP and texting services.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/21/silent_circ… *** Vuln: Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability *** --------------------------------------------- Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56484 *** Profi-Banking-Trojaner unterstützt SEPA-Überweisungen *** --------------------------------------------- Cyber-Ganoven versuchen Geld von den Konten deutscher Online-Banking-Kunden über SEPA-Transaktionen abzubuchen, wie die zu Intel gehörende Sicherheitsfirma McAfee berichtet. Durch SEPA werden Transaktionen innerhalb der EU unkomplizierter, da nicht mehr zwischen inländischen und grenzüberschreitenden Vorgängen unterschieden wird. --------------------------------------------- http://www.heise.de/security/meldung/Profi-Banking-Trojaner-unterstuetzt-SE… *** HTTP Strict Transport Security als Internet-Standard *** --------------------------------------------- Die Internet Engineering Task Force (IETF) hat die HTTPS-Sicherung HTTP Strict Transport Security (HSTS) als Internet-Standard im RFC 6797 veröffentlicht. Mit HSTS können einerseits (HTTP-)Server vorgeben, dass man die angebotenen Dienste ausschließlich über sichere, etwa per TLS verschlüsselte Verbindungen erreicht. Andererseits zwingt HSTS auch Anwendungsprogramme (User Agents) dazu, die Kommunikation mit Websites nur über verschlüsselte Verbindungen abzuwickeln. --------------------------------------------- http://www.heise.de/security/meldung/HTTP-Strict-Transport-Security-als-Int… *** Bugtraq: ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities *** --------------------------------------------- ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524794

1 0

Tageszusammenfassung - Dienstag 20-11-2012
by Daily end-of-shift report 20 Nov '12

20 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 19-11-2012 18:00 − Dienstag 20-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers *** --------------------------------------------- CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers --------------------------------------------- http://www.securityfocus.com/archive/1/524767 *** Hotfix für ColdFusion 10 *** --------------------------------------------- Das Update schließt eine DoS-Lücke in der Windows-Version von Adobes Anwendungsserver. --------------------------------------------- http://www.heise.de/security/meldung/Hotfix-fuer-ColdFusion-10-1752975.html… *** Vuln: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities *** --------------------------------------------- Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56581 *** An Android Malware Analysis: DroidKungFu *** --------------------------------------------- "Few users are aware of how Android malware works. Few understand their complexity or the amount of data they can pillage from handsets. As such, we decided to come up with a short series of articles to take apart some of the most common and potentially dangerous Android malware strands that wreak havoc on smartphones...." --------------------------------------------- http://www.hotforsecurity.com/blog/an-android-malware-analysis-droidkungfu-… *** Nintendo fixes Wii U network after claims of accidental hack *** --------------------------------------------- "Just hours after the US launch of Nintendos latest game console, the Wii U, a video game fan claims that he accidentally "hacked" into the consoles online component - the Miiverse. A Wii U user called "Trike" posted on NeoGAF that he had stumbled across a secret debug menu in the Miiverse that gave him access to a Japanese language list of administrators, with seemingly the ability to regenerate passwords and delete the access rights of admins."At first it asked... --------------------------------------------- http://nakedsecurity.sophos.com/2012/11/19/nintendos-wii-u-network-hack/ *** Malware made which can share a smartcard over the internet *** --------------------------------------------- Use a bank or ID card as though you had it with you Security researchers have developed proof-of-concept malware that allows attackers to obtain remote access to smart card readers attached to compromised Windows PCs.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/20/smart_card_… *** Raiffeisen Introduces PhotoTAN to Protect Customer Transactions Against Malware *** --------------------------------------------- "European banks, which are said to have implemented far more advanced security mechanisms to protect their customers than the ones from the US, are trying to live up to their reputation. Swiss bank Raiffeisen has introduced a new security feature that relies on Crontos Visual Transaction Signing Solution. Available for customers in Switzerland starting today, the CrontoSign is designed to protect online transactions against cyberattacks that rely on clever information-stealing Trojans such... --------------------------------------------- http://news.softpedia.com/news/Raiffeisen-Introduces-PhotoTAN-to-Protect-Cu… *** WhatsApp stopft Sicherheitsloch – und verlangt Abo-Gebühren *** --------------------------------------------- Der Betreiber der beliebten SMS-Alternative WhatsApp hat heimlich Änderungen an seinem Dienst vorgenommen, um eine seit längerer Zeit bekannte Schwachstelle zu stopfen. Auf viele Nutzer wartete jedoch gleich die nächste böse Überraschung: Die WhatsApp-Nutzung kostet auf den meisten Smartphone-Plattformen ab sofort Geld. --------------------------------------------- http://www.heise.de/security/meldung/WhatsApp-stopft-Sicherheitsloch-und-ve… *** Bugtraq: OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures *** --------------------------------------------- OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures --------------------------------------------- http://www.securityfocus.com/archive/1/524779 *** Bugtraq: SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities *** --------------------------------------------- SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524777

1 0

Tageszusammenfassung - Montag 19-11-2012
by Daily end-of-shift report 19 Nov '12

19 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 16-11-2012 18:00 − Montag 19-11-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Bugtraq: [SE-2012-01] Security vulnerabilities in Java SE (details released) *** --------------------------------------------- [SE-2012-01] Security vulnerabilities in Java SE (details released) --------------------------------------------- http://www.securityfocus.com/archive/1/524746 *** Bugtraq: DC4420 - London DEFCON - November meet - Tuesday 20th November *** --------------------------------------------- DC4420 - London DEFCON - November meet - Tuesday 20th November --------------------------------------------- http://www.securityfocus.com/archive/1/524745 *** Stealing VM Keys from the Hardware Cache *** --------------------------------------------- "This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the... --------------------------------------------- http://www.schneier.com/blog/archives/2012/11/stealing_vm_key.html *** Whats stopping your company from implementing full disk encryption? *** --------------------------------------------- "You may have heard about the stolen NASA laptop, with its large amount of personally identifiable information of at least 10,000 NASA employees and contractors. The surprising question here, of course, has to do with the glaring absence of encryption. NASA says that that the laptop in question is scheduled to get encryption, though it would seem that not all laptops will get the same treatment...." --------------------------------------------- http://www.fiercecio.com/techwatch/story/whats-stopping-your-company-implem… *** perl-CGI Newline injection in Set-Cookie and P3P headers *** --------------------------------------------- Topic: perl-CGI Newline injection in Set-Cookie and P3P headers Risk: Low Text:header() can generate Set-Cookie and P3P headers which contain invalid newlines. use CGI qw/header/; print header( -c... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/CF3xwRXWBfs/WLB-20… *** NFR Agent FSFUI Record File Upload RCE *** --------------------------------------------- Topic: NFR Agent FSFUI Record File Upload RCE Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zr0GNt7G1z0/WLB-20… *** FreeBSD Project Discloses Security Breach Via Stolen SSH Key *** --------------------------------------------- An anonymous reader writes "Following recent compromises of the Linux kernel.org and Sourceforge, the FreeBSD Project is now reporting that several machines have been broken into. After a brief outage, ftp.FreeBSD.org and other services appear to be back. The project announcement states that some deprecated services (e.g., cvsup) may be removed rather than restored. Users are advised to check for packages downloaded between certain dates and replace them, although not because known trojans... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KpcXI-S6fFw/freebsd-project… *** Hackers Hate MVIS Security Center - the New WordPress Security Plugin *** --------------------------------------------- "SEC Consult launches the beta phase of MVIS Security Center, an enterprise-grade security plugin for WordPress, the worlds most widely used content management system (CMS). WordPress attracts millions of users from around the world, and these users are facing increasing attacks from hackers. Even more alarming, these attacks occur on all types of websites, big or small which makes security an indispensable part of creating websites...." --------------------------------------------- http://news.yahoo.com/hackers-hate-mvis-security-center-wordpress-security-… *** Trojaner benutzt Google Docs als Kommunikationskanal *** --------------------------------------------- Ein neue entdeckter Trojaner verwendet die Viewer-Funktion von Googles Office-Anwendung, um Verbindung mit seinem Kontrollrechner aufzunehmen. Google könnte das mit einer Firewall unterbinden. --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-benutzt-Google-Docs-als-Kommu… *** Why smart people do dumb things online *** --------------------------------------------- "David Petraeus is probably the last person you might have expected to wreck his career with an email scandal. Petraeus is smart: He graduated in the top five percent of his class at West Point and went on to earn a Ph.D. Petraeus has self-control: His self-discipline was " legendary," according to Time Magazine...." --------------------------------------------- http://computerworld.co.nz/news.nsf/news/why-smart-people-do-dumb-things-on… *** Active XSS flaw discovered on eBay *** --------------------------------------------- "According to XSSed, Indian security researcher Shubham Upadhyay has discovered an active XSS flaw affecting Ebay. com. The potential attacker would need an Ebay seller account, where he would put XSS code into the HTML...." --------------------------------------------- http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/ *** German Police Warn Mobile Phone Users of ZeuS Malware *** --------------------------------------------- "Germanys Berlin Police Department has issued a warning after numerous bank customers have reported fraudulent cash withdrawals. All the victims own Android smartphones and they all rely on mTAN (mobile transaction authentication numbers) when performing banking transactions. F-Secure experts reveal that the malware involved in these incidents is most likely the mobile version of ZeuS, also known as ZeuS-in-the-Mobile or Zitmo...." --------------------------------------------- http://news.softpedia.com/news/German-Police-Warns-Mobile-Phone-Users-of-Ze… *** How Malware survives to Malware detection mechanisms *** --------------------------------------------- Today I'd like to share some basic techniques that Malware(s) use to protect themselves from being detected. Some of the most used approaches to detect Maware could be described as follows: 1. Virtualize the environment in where Malware(s) run. 2. Attach a debugger to Malware processes and 3. Sandbox the execution of the analyzed Malware. It comes straight forward that Malware writers need new techniques to... --------------------------------------------- http://marcoramilli.blogspot.nl/2012/11/how-malware-survives-to-malware.html *** Vuln: IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56583 *** Vuln: Moodle Multiple Security Vulnerabilities *** --------------------------------------------- Moodle Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56505

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily November 2012