=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 15-11-2012 18:00 − Freitag 16-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Google Chrome mit Sandbox für OS X ***
---------------------------------------------
Google Chrome sperrt das Flash-Plug-in mit dem aktuellen Stable-Release 23 auch unter OS X in eine Sandbox, wie die Entwickler in ihrem Blog berichten.
---------------------------------------------
http://www.heise.de/security/meldung/Google-Chrome-mit-Sandbox-fuer-OS-X-17…
*** Antivirus startup linked to infamous Chinese hacker ***
---------------------------------------------
"Anvisoft, a Chinese antivirus startup, has been linked to an infamous hacker suspected of developing sophisticated malware used to siphon sensitive information from Defense Department contractors in 2006. Through some high-tech sleuthing on the Web, Brian Krebs, author of the KrebsonSecurity blog, found Anvisoft-connected IP addresses connected Anvisoft to registered to "tandailin" in Gaoxingu, China. Tan Dailin, a.k.a. Withered Rose, was the subject of Verisigns 2007 iDefense
---------------------------------------------
http://www.csoonline.com/article/721678/antivirus-startup-linked-to-infamou…
*** Proof-of-concept malware can share USB smart card readers with attackers over Internet ***
---------------------------------------------
"A team of researchers have created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer over the Internet. The malware installs a special driver on the infected computer which allows for the USB devices connected to it to be shared over the Internet with the attackers computer. In the case of USB smart card readers, the attacker can use the middleware software provided by the smart card manufacturer to
---------------------------------------------
http://www.cio.com.au/article/442216/proof-of-concept_malware_can_share_usb…
*** Password Reset Zero-Day Reported to Skype Since October (Updated) ***
---------------------------------------------
"The details of a zero-day vulnerability that allows attackers to change the password of any Skype user have been posted on a Russian hacking forum. A similar security hole was identified by Vulnerability Lab researchers and it was reported to Skype at the beginning of October. The Next Web, which was the first to publicly reveal the existence of the flaw, reports that its details have been posted on the forum some two months ago...."
---------------------------------------------
http://news.softpedia.com/news/Skype-Password-Reset-Zero-Day-Reported-to-Sk…
*** Trojan.Gapz.1 infecting Windows in a new manner ***
---------------------------------------------
November 12, 2012 The anti-virus lab of Doctor Web - the Russian IT security vendor - has been informed of another piece of bootkit malware that is capable of concealing itself in an infected system. This application, added into virus databases under the name Trojan.Gapz.1, employs fairly interesting mechanisms to infect user computers. One of the rootkit´s purposes in an infected PC is to create an environment for loading its core modules which feature various functions.
---------------------------------------------
http://news.drweb.com/show/?i=2979&lng=en&c=9
*** How to report a computer crime: SQL injection website attack ***
---------------------------------------------
"Do you know how to report a computer crime? Or even who you would report it to? So far, weve looked at unauthorised email account access and malware in our series of articles on how to report a computer crime...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/11/15/computer-crime-sql-injection/
*** [papers] - Guidelines for Pentesting a Joomla Based Site ***
---------------------------------------------
Guidelines for Pentesting a Joomla Based Site
---------------------------------------------
http://www.exploit-db.com/download_pdf/22763
*** VMware security updates for vSphere API and ESX Service Console ***
---------------------------------------------
VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2012-0016.html
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 14-11-2012 18:00 − Donnerstag 15-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Battery-Powered Transmitter Could Crash A Citys 4G Network ***
---------------------------------------------
DavidGilbert99 writes "With a £400 transmitter, a laptop and a little knowledge you could bring down an entire citys high-speed 4G network. This information comes from research carried out in the U.S. into the possibility of using LTE networks as the basis for a next-generation emergency response communications system. Jeff Reed, director of the wireless research group at Virginia Tech, along with research assistant Marc Lichtman, described the vulnerabilities to the National
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RXIyRXl8838/story01.htm
*** Hacker Grabs 150k Adobe User Accounts Via SQL Injection ***
---------------------------------------------
CowboyRobot writes "Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do, he
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xRkFposRNps/story01.htm
*** Free hacking tool kits fuel cyber arms race ***
---------------------------------------------
"Ryan Linns hacks into corporate networks have become almost a matter of routine. On one recent morning, he woke up at his home near the Research Triangle in eastern North Carolina and walked down to an extra bedroom that he uses as an office. He sat at a workbench laden with computers, signed on to one of them and loaded a program called Metasploit...."
---------------------------------------------
http://www.smh.com.au/it-pro/security-it/free-hacking-tool-kits-fuel-cyber-…
*** Top 25 passwords of 2012 revealed ***
---------------------------------------------
"Just under a year ago we published a blog about the most popular passwords on the web as announced by security app company SplashData. The ranking is based on password information from compromised accounts posted by hackers online. This year, the list is back!..."
---------------------------------------------
http://blogs.avg.com/consumer/top-25-passwords-2012-revealed/?utm_source=AV…
*** Obama segnet angeblich Direktive zur Cyber-Sicherheit ab ***
---------------------------------------------
US-Präsident Obama hat vor einigen Wochen eine geheime Anweisung unterzeichnet, die die Operationen der USA im Cyberspace neu regeln soll. Das berichtete die Washington Post und beruft sich auf mehrere Quellen, die sich jedoch nicht öffentlich dazu äußern dürften.
---------------------------------------------
http://www.heise.de/security/meldung/Obama-segnet-angeblich-Direktive-zur-C…
*** NASA To Encrypt All of Its Laptops ***
---------------------------------------------
pev writes "After losing another laptop containing personal information, NASA wants to have all of its laptops encrypted within a months time with an intermediate ban of laptops containing sensitive information leaving its facilities. Between April 2009 and April 2011 it lost or had stolen 48 mobile computing devices. I wonder how it will be before other large organisations start following suit as a sensible precaution?" Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/vvQZvrqrp34/story01.htm
*** Opera site served Blackhole malvertising, says antivirus firm ***
---------------------------------------------
No need to issue a press release, firm tells press Opera has suspended ad-serving on its portal as a precaution while it investigates reports that surfers were being exposed to malware simply by visiting the Norwegian browser firms home page.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/15/opera_black…
*** Sicherheitsupdate für Mac Office 2008 und 2011 ***
---------------------------------------------
Microsoft hat in der Nacht zum Donnerstag für zwei Versionen seines Büropakets größere Aktualisierungen online gestellt. Laut Aussage des Konzerns beheben das Office 2008 for Mac 12.3.5 Update sowie Office for Mac 2011 14.2.5 signifikante Sicherheitslücken.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-Mac-Office-2008…
*** Bugzilla Informartion Leak & Cross Site Scripting ***
---------------------------------------------
Topic: Bugzilla Informartion Leak & Cross Site Scripting Risk: Medium Text:Summary = Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following securit...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/IoQFDSoFWoc/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 13-11-2012 18:00 − Mittwoch 14-11-2012 18:21
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Skype Disables Password Resets After Huge Security Hole Discovered ***
---------------------------------------------
another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)" concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XnPnK6MWZdY/story01.htm
*** Wichtige Updates für alle Windows-Nutzer ***
---------------------------------------------
An seinem November-Patchday hat Microsoft kritische Lücken in allen noch unterstützen Windows-Versionen geschlossen - von Windows XP SP3 bis hin zu dem gerade erst veröffentlichten Windows 8.
---------------------------------------------
http://www.heise.de/security/meldung/Wichtige-Updates-fuer-alle-Windows-Nut…
*** Lockheed Martin: dramatischer Anstieg von Cyber-Angriffen ***
---------------------------------------------
Die Anzahl der Attacken auf das Firmennetzwerk des US-Rüstungskonzerns Lockheed Martin haben sich in den letzten Jahren deutlich verstärkt. Das erklärte die Lockheed-Vizepräsidentin Chandra McMahon, wie die BBC berichtete.
---------------------------------------------
http://www.heise.de/security/meldung/Lockheed-Martin-dramatischer-Anstieg-v…
*** Trojan Horses, Malware and Other Cyber Attack Tools are Just a Click Away ***
---------------------------------------------
"Ryan Linns hacks into corporate networks have become almost a matter of routine. On one recent morning, he woke up at his home near the Research Triangle in eastern North Carolina and walked down to an extra bedroom that he uses as an office. He sat at a workbench laden with computers, signed on to one of them and loaded a program called Metasploit...."
---------------------------------------------
http://www.oregonlive.com/newsflash/index.ssf/story/trojan-horses-malware-a…
*** Online-Banking-Trojaner mit Android-Komplizen ***
---------------------------------------------
Online-Ganoven versuchen offenbar verstärkt auch die Smartphones von Online-Banking-Nutzern zu infizieren, um mTans abzugreifen. Bei der Berliner Polizei sind "in den letzten Wochen" mehrere Strafanzeigen von Opfern betrügerischer Geldabbuchungen eingegangen, bei denen die Smartphones der Opfer eine entscheidende Rolle spielten.
---------------------------------------------
http://www.heise.de/security/meldung/Online-Banking-Trojaner-mit-Android-Ko…
*** Windows 8 security is like a swiss cheese flak jacket - sez AV firm ***
---------------------------------------------
"The knives are out for Windows Defender, the basic anti-malware protection bundled with Windows 8: makers of rival antivirus products are lining up to criticise Microsofts efforts to secure its operating system. Windows 8 can be infected by 16 percent of the most common malware families, even with Windows Defender activated, according to tests by Romanian antivirus vendor Bitdefender. The latest version of Microsofts OS was compromised by 61 of 385 malware samples flung at it by
---------------------------------------------
http://www.theregister.co.uk/2012/11/13/win_defender_inadequate/
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 12-11-2012 18:00 − Dienstag 13-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stefan Lenzhofer
*** Ruby-Update behebt DoS-Lücke ***
---------------------------------------------
Die Entwickler der Programmiersprache Ruby schließen mit Version 1.9.3-p327 eine Schwachstelle, die es Angreifern erlaubt, ein System durch hohe CPU-Last lahm zu legen (Denial of Service, DoS). Der Fehler tritt beim Verarbeiten speziell präparierter Zeichenketten durch die Hash-Funktion MurmurHash auf.
---------------------------------------------
http://www.heise.de/security/meldung/Ruby-Update-behebt-DoS-Luecke-1748451.…
*** Cybercriminals start spamvertising Xmas themed scams and malware campaigns ***
---------------------------------------------
"Security researchers from Symantec are warning about a recently intercepted flood of Xmas themed malicious and fraudulent campaigns. Isn't it too early for such type of campaigns to be launched, or are the spammers behind these campaigns relying on a different set of marketing tactics? The campaign is a great example of a flawed event-based social engineering attempt...."
---------------------------------------------
http://www.zdnet.com/cybercriminals-start-spamvertising-xmas-themed-scams-a…
*** Firefox users slowest to update browser, Kaspersky Lab finds out ***
---------------------------------------------
"Nearly one in four PC users run out-of-date or obsolete versions of the most popular browsers for a month or longer with Mozilla Firefox users the slowest to update their software, Kaspersky Lab has found. The company looked at the browsers installed on a random 10-million sample of its antivirus user base, finding that Internet Explorer was marginally the most common default browser on 37,8 percent of users...."
---------------------------------------------
http://news.techworld.com/security/3410386/firefox-users-slowest-update-bro…
*** First Windows 8 and Windows RT Security Updates Due Next Week ***
---------------------------------------------
"Plenty is happening on the Microsoft patch management front. First, Adobe agreed to sync up its patch release cycles with Microsofts on the second Tuesday of every month, moving away from quarterly releases. And now on Tuesday, Microsoft will release its first security updates since the release of Windows 8...."
---------------------------------------------
http://threatpost.com/en_us/blogs/first-windows-8-and-windows-rt-security-u…
*** New report warns of SCADA CYBERGEDDON* ***
---------------------------------------------
In the worst case. The industrial control system fright machine is getting another kick along today, via a survey by Russian vendor Positive Technologies.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/12/scada_vulne…
*** Samsung Galaxy S3 sichert Passwörter im Klartext ***
---------------------------------------------
Beim beliebten Samsung Galaxy S3 ist eine Sicherheitslücke gefunden worden. Die interne App S-Memo speichert Passwörter im Klartext. Damit wird es möglich, dass jeder, der sich Zugriff beschaffen kann und weiß, wo das entsprechende File liegt, dieses auch tatsächlich lesen kann.
---------------------------------------------
http://futurezone.at/digitallife/12422-galaxy-s3-sichert-passwoerter-im-kla…
*** Even a CHILD can make a Trojan to pillage Windows Phone 8 ***
---------------------------------------------
Whippersnapper will reveal all in the Malcon tent A teenager has crafted prototype malware for Windows Phone 8 just weeks after the official unveiling of the smartphone platform.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/13/windows_pho…
*** BSI-Test: Verwundbarkeit von Windows-Rechnern im Netz ***
---------------------------------------------
Windows-Systeme soll man stets auf dem aktuellen Stand halten, beim Browser greift man am besten zu Google Chrome, auf Java verzichtet man möglichst ganz - das predigen sowohl c't als auch das Bundesamt für Sicherheit in der Informationstechnik (BSI).
---------------------------------------------
http://www.heise.de/security/meldung/BSI-Test-Verwundbarkeit-von-Windows-Re…
*** Top 5 Security Predictions for 2013 from Symantec ***
---------------------------------------------
"With this year quickly coming to an end, its time for us at Symantec to publish our predictions on what we expect will happen in the world of cybersecurity for the coming year. Most of us at Symantec tend to be fact-based, data-driven individuals. However, predicting the future always involves a bit of speculation...."
---------------------------------------------
http://www.symantec.com/connect/blogs/top-5-security-predictions-2013-syman…
*** Vuln: libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability ***
---------------------------------------------
libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55909
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 09-11-2012 18:00 − Montag 12-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Webmix - 26 Terabyte Webseiten zu Österreich gesammelt ***
---------------------------------------------
Web@rchiv Österreich umfasst mittlerweile eine Milliarde Einzeldateien
---------------------------------------------
http://text.derstandard.at/1350260844999/26-Terabyte-Webseiten-zu-Oesterrei…
*** Windows 8 Defeats 85% of Malware Detected In the Past 6 Months ***
---------------------------------------------
An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsofts latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware thats already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HOHG0NiFov4/windows-8-defea…
*** Stuxnet Infected Chevrons IT Network ***
---------------------------------------------
"Stuxnet, a sophisticated computer virus created by the United States and Israel, to spy on and attack Irans nuclear enrichment facilities in Natanz also infected Chevron s network in 2010, shortly after it escaped from its intended target. Chevron found Stuxnet in its systems after the malware was first reported in July 2010, said Mark Koelmel, general manager of the earth sciences department at Chevron. I dont think the U.S. government even realized how far it had spread, he told CIO
---------------------------------------------
http://www.cyberwarzone.com/stuxnet-infected-chevron%E2%80%99s-it-network
*** Hintergrund: Dropbox ist "ziemlich sicher" ***
---------------------------------------------
Die beiden Sicherheitsexperten Florian Ledoux und Nicolas Ruff aus der IT-Abteilung von EADS haben einen kritischen Blick auf Dropbox geworfen und ihre Ergebnisse kürzlich auf der Security-Koferenz hack.lu vorgestellt.
---------------------------------------------
http://www.heise.de/security/artikel/Dropbox-ist-ziemlich-sicher-1746596.ht…
*** Weaponized Malware: Top Four Cyberattack Tools ***
---------------------------------------------
"Over the past two years, four pieces of malware have emerged as veritable weapons and have been used for destructive purposes or to assist in such attacks.1. Stuxnet is the most widely known of the four. Stuxnet was designed with a highly specialized malware payload that targeted SCADA systems that control specific industrial processes...."
---------------------------------------------
http://cyberwarzone.com/weaponized-malware-top-four-cyberattack-tools
*** Ransom malware gangs making huge profits, Symantec discovers ***
---------------------------------------------
"The problem of ransom malware has reached epidemic proportions and could be extracting fraudulent payments from as many as 3 percent of victims, a Symantec report has calculated. In a world already afflicted by botnets, banking Trojans and established problems such as keyloggers and spam, ransomware programs that lock victims computers or files until a ransom payment is made - has grown into a major problem, with surprisingly little coverage from security vendors until recently. Symantecs
---------------------------------------------
http://news.techworld.com/security/3410078/ransom-malware-gangs-making-huge…
*** Critical Vulnerabilities In Call of Duty: Modern Warfare 3, CryEngine 3 ***
---------------------------------------------
hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-players computer." "Once you
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/itbD8UlgSco/critical-vulner…
*** Sandy turned off the lights, the phones, and the heat. A cyber attack could make it all happen again ***
---------------------------------------------
"Verizons chief technology officer surveyed a flooded major switching facility in lower Manhattan and put it bluntly: "There is nothing working here. Quite frankly, this is wider than the impacts of 9/11." Damage from Sandy is estimated to reach $20 billion, and interrupted phone service is among the least of it. Flooding in New Yorks century-old subway system is without parallel...."
---------------------------------------------
http://www.foreignpolicy.com/articles/2012/11/07/network_news?page=0,0
*** Malware Spy Network Targeted Israelis, Palestinians ***
---------------------------------------------
Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. The discovery, by Oslo-based antivirus and security firm Norman ASA, is the latest in a series of revelations involving digital surveillance activity of unknown origin that [...]
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/k12j_R4yBAo/
*** Telekom regt Sicherheits-Allianz der Unternehmen an ***
---------------------------------------------
Die Deutsche Telekom wirbt verstärkt um ein gemeinsames Vorgehen der Wirtschaft im Kampf gegen Gefahren aus dem Internet. Der Chef der Geschäftskundentochter T-Systems, Reinhard Clemens, macht sich jetzt für eine gemeinsame IT-Sicherheitstruppe mit der Gründung eines spezialisierten Unternehmens stark, wie die Financial Times Deutschland berichtet.
---------------------------------------------
http://www.heise.de/security/meldung/Telekom-regt-Sicherheits-Allianz-der-U…
*** Citadel Trojan Tough for Banks to Beat ***
---------------------------------------------
"The banking Trojan known as Citadel, which debuted in underground forums in January 2012, has evolved to become one of the financial industrys greatest worries, cybersecurity experts say. Citadel, an advanced variant of Zeus, is a keylogger that steals online-banking credentials by capturing keystrokes. Fraudsters then use stolen login IDs and passwords to access online accounts, take them over and schedule fraudulent transactions...."
---------------------------------------------
http://www.bankinfosecurity.com/citadel-trojan-tough-for-banks-to-beat-a-52…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 08-11-2012 18:00 − Freitag 09-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Matthias Fraidl
*** PixSteal-A Trojan Steals Images, Uploads to Iraqi FTP Server ***
---------------------------------------------
"A new Trojan has been identified that has the capability of stealing images from infected computers, setting the stage for anything from identity theft to blackmail. PixSteal-A also pilfers . dmp, or Windows memory dump files that contain data on system crashes and sends all stolen data to a remote FTP server in Iraq, according to Sophos. This isnt the first malware to target non text-based files...."
---------------------------------------------
http://threatpost.com/en_us/blogs/pixsteal-trojan-steals-images-uploads-ira…
*** Microsoft Security Bulletin Advance Notification for November 2012 ***
---------------------------------------------
"This is an advance notification of security bulletins that Microsoft is intending to release on November 13, 2012. This bulletin advance notification will be replaced with the November bulletin summary on November 13, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...."
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
*** QRishing Study: Curiosity Is the Largest Motivating Factor for Scanning QR Codes ***
---------------------------------------------
"Researchers from the Carnegie Mellon Universitys CyLab have released the results of a study QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks which focuses on phishing attacks that rely on QR (Quick Response) codes. QRishing is a term utilized for phishing attacks initiated via the scanning of QR codes. Such attacks are not new, but in the past period researchers have started examining them because theyre becoming more and more common...."
---------------------------------------------
http://news.softpedia.com/news/QRishing-Study-Curiosity-is-the-Largest-Moti…
*** Windows 8, Surface slabs ALREADY need critical security patch ***
---------------------------------------------
Mega vulns affect ALL Windows kit from XP onward Microsoft will release critical updates for Windows 8 and other software on Novembers Patch Tuesday next week. The upgrades will arrive within weeks of the Win 8 launch at the end of last month.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/09/nov_patch_t…
*** IT-Business - Cisco warnt: "Cyberkriminelle nur einen Mausklick entfernt" ***
---------------------------------------------
Internetumfrage ortet große Mängel in Österreichs Unternehmen
---------------------------------------------
http://derstandard.at/1350260880632/Cisco-warnt-Cyberkriminelle-nur-einen-M…
*** Siemens software targeted by Stuxnet still full of holes ***
---------------------------------------------
Software made by Siemens and targeted by the Stuxnet malware is still full of other dangerous vulnerabilities, according to Russian researchers whose presentation at the Defcon security conference earlier this year was cancelled following a request from the company.
---------------------------------------------
https://www.computerworld.com/s/article/9233378/Siemens_software_targeted_b…
*** Kreditkarte mit Display und Tastatur ***
---------------------------------------------
Mastercard hat eine neue Kreditkarte vorgestellt, die mit einem monochromen LCD-Display und numerischen Tasten ausgestattet ist. Sie bietet laut dem Unternehmen neben den normalen Funktionen einer Kreditkarte auch die Möglichkeit, Einmal-Passworte zur Authentifizierung zu generieren.
---------------------------------------------
http://www.heise.de/security/meldung/Kreditkarte-mit-Display-und-Tastatur-1…
*** Facebook Chat Can Be Used to Launch DOS Attacks, Expert Finds ***
---------------------------------------------
Security researcher Chris C. Russo claims to have discovered a way to use Facebook's chat module to launch denial-of-service (DOS) attack against any user, even if they're not friends with the attacker.
---------------------------------------------
http://news.softpedia.com/news/Facebook-Chat-Can-Be-Used-to-Launch-DOS-Atta…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 07-11-2012 18:00 − Donnerstag 08-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** New Backdoor DDoS Malware Co-Existing on Gh0stRAT-Infected Machines ***
---------------------------------------------
"Gh0st RAT has a new roommate. A new backdoor called ADDNEW has been discovered on machines infected with the Gh0st remote access Trojan, adding new distributed denial of service attack capabilities, as well as a feature that targets passwords and credentials stored on the Firefox browser. Gh0st RAT is a notorious piece of malware having been used in the Aurora attacks on Google, Adobe and other large manufacturers and technology companies...."
---------------------------------------------
http://threatpost.com/en_us/blogs/new-backdoor-ddos-malware-co-existing-gh0…
*** Experts Warn of Zero-Day Exploit for Adobe Reader ***
---------------------------------------------
Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground.The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say theyve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/Kr8ZV2vC2Fc/
*** Malware Forum Logs from Control Systems, Part Deux ***
---------------------------------------------
"Last September, I did a guest blog post titled Online-Malware-Support-Shows-Infected-ICS-Computers, where I searched for HiJackThis posts containing automation software. Basically, there are forums available to users that had been infected with viruses. These users can run a set of programs, including HijackThis, DDS, OTS, and others, to pull information from the system...."
---------------------------------------------
http://www.digitalbond.com/2012/11/07/malware-forum-logs-from-control-syste…
*** Innenministerium plant IT-Sicherheitsgesetz ***
---------------------------------------------
Die IT-Beauftragte der Bundesregierung, Cornelia Rogall-Grothe, hat eine neue Security-Initiative umrissen. Mit einem IT-Sicherheitsgesetz sollten einschlägige Mindeststandards für Betreiber kritischer Infrastrukturen etwa in den Bereichen Energie, Informations- und Kommunikationstechnologien oder der Wasserversorgung verankert werden, erklärte die Staatssekretärin auf einem Symposium in Washington. Sie würden mit dem Vorhaben zudem dazu verpflichtet, "erhebliche IT-Sicherheitsvorfälle" zu melden.
---------------------------------------------
http://www.heise.de/security/meldung/Innenministerium-plant-IT-Sicherheitsg…
*** Apple patcht Quicktime für Windows ***
---------------------------------------------
Apple hat die Windows-Ausgabe seines Multimedia-Abspielsystems Quicktime auf Version 7.7.3 aktualisiert. Die neue Ausgabe behebt zahlreiche kritische Sicherheitslücken.
---------------------------------------------
http://www.heise.de/security/meldung/Apple-patcht-Quicktime-fuer-Windows-17…
*** [TYPO3-announce] Announcing TYPO3 CMS 4.5.21, 4.6.14 and 4.7.6 ***
---------------------------------------------
the TYPO3 Community has just released TYPO3 CMS versions 4.5.21, 4.6.14 and 4.7.6 which are now ready for you to download. All versions are
maintenance releases and contain bug fixes and security fixes.
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa…
*** E-Mail-Sicherheit: Hilfe gegen DKIM-Schwäche ***
---------------------------------------------
Lange und wechselnde Schlüssel mit Verfallsdatum sowie der nötige Nachdruck beim E-Mail-Provider helfen laut der Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) gegen die kürzlich bekannt gewordene Lücke bei DKIM, der Authentizitäts-Sicherung von E-Mail-Absendern.
---------------------------------------------
http://www.heise.de/security/meldung/E-Mail-Sicherheit-Hilfe-gegen-DKIM-Sch…
*** Sicherheitslücke im TOR-Client ***
---------------------------------------------
Wie Code-Experte Andrey Karpov bei einer Analyse des TOR-Quellcodes herausfand, verwendet die Anonymisierungssoftware eine Funktion namens memset() zum Löschen von Cache-Daten, welche nicht von allen Compilern unterstützt wird. Das kann unter Umständen dazu führen, dass der TOR-Client vertrauliche Daten wie etwa Passwörter im Speicher zurück lässt, wenn er beendet wird.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-im-TOR-Client-174652…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 06-11-2012 18:00 − Mittwoch 07-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Nachfolger für RFC-Ignorant.Org in Sicht ***
---------------------------------------------
Der Datenbestand der im Oktober außer Betrieb gegangenen Anti-Spam-Blacklist RFC-Ignorant.Org wird unter RFC-Ignorant.de bei einem neuen Hoster weitergepflegt.
---------------------------------------------
http://www.heise.de/security/meldung/Nachfolger-fuer-RFC-Ignorant-Org-in-Si…
*** Epic FAIL: Anonymous didnt hack PayPal, managed to frighten Oz hippies ***
---------------------------------------------
#OpNov5 pyrotechnics disappear in puff of smoke The smoke has cleared from Anonymouss Bonfire Night hacking spree with a denial from PayPal that it had been hacked. The payments-processing firm appeared to have been highest profile target of the hacking spree, but apparently this was an error caused by the tweeting and retweeting of an erroneous post by a cyber security blogger.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/06/anon_opnov5…
*** Adobe Ships Election Day Security Update for Flash ***
---------------------------------------------
Adobe has released a critical security update for its Flash Player and Adobe AIR software that fixes at least seven dangerous vulnerabilities in these products. Updates are available for Windows, Mac, Linux and Android systems.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/czXcgBruHcM/
*** Volunteering falls short on threat information sharing ***
---------------------------------------------
"Critical infrastructure security apparently has its own version of Dont Ask, Dont Tell, despite calls in the public and private sector for better information sharing. And this one goes both ways. The private sector is not telling the government about its vulnerabilities, and government is also keeping threat and vulnerability information from the private sector...."
---------------------------------------------
http://www.csoonline.com/article/720881/volunteering-falls-short-on-threat-…
*** [remote] - EMC Networker Format String ***
---------------------------------------------
EMC Networker Format String
---------------------------------------------
http://www.exploit-db.com/exploits/22525
*** Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability ***
---------------------------------------------
Cisco Secure Access Control System TACACS+ Authentication Bypass
Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue ***
---------------------------------------------
Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2)
Virtual Security Gateway Bypass Issue
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-…
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 05-11-2012 18:00 − Dienstag 06-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56036
*** Vuln: Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56041
*** Vuln: Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56017
*** European Smart Grid Cyber and SCADA Security ***
---------------------------------------------
"Event Name : European Smart Grid Cyber and SCADA SecurityEvent Date : March 11-12, 2013Location : London, United KingdomWebsite : www. smi-online. co. uk/2013cybergrids2...."
---------------------------------------------
http://www.ecoseed.org/more/events/15779-european-smart-grid-cyber-and-scad…
*** [dos] - Adobe Reader 11.0.0 Stack Overflow Crash PoC ***
---------------------------------------------
Adobe Reader 11.0.0 Stack Overflow Crash PoC
---------------------------------------------
http://www.exploit-db.com/exploits/22464
*** Possible Fake-AV Ads from Doubleclick Servers, (Mon, Nov 5th) ***
---------------------------------------------
Reader James ran into a Fake AV ad delivered by Double click. It is not clear if this is the result of a compromise of double click, or a paid ad that slipped through doubleclicks content review process. James started out at a local new paper web site, that like many others features ads served by double click. Luckily, James used a proxy tool (Fiddler) to record the session. Here are some of the excerpts (slightly anonymized and spaces inserted to avoid accidental clicks): GET [...]
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14455&rss
*** Vuln: Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability ***
---------------------------------------------
Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56399
*** Apache Tomcat 6.x / 7.x Denial Of Service ***
---------------------------------------------
Topic: Apache Tomcat 6.x / 7.x Denial Of Service Risk: Medium Text:CVE-2012-2733 Apache Tomcat Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affe...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zhdqQvlbO2c/WLB-20…
*** Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses ***
---------------------------------------------
Topic: Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses Risk: Medium Text:CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses Severity: Moderate Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Suq__thlFNM/WLB-20…
*** Java - Sicherheitsexperte schließt Java-Lücke auf eigene Faust ***
---------------------------------------------
Oracle vertröstet auf Patchday im Februar
---------------------------------------------
http://text.derstandard.at/1350259245198/Sicherheitsexperte-schliesst-Java-…
*** Bugtraq: multiple critical vulnerabilities in sophos products ***
---------------------------------------------
multiple critical vulnerabilities in sophos products
---------------------------------------------
http://www.securityfocus.com/archive/1/524641
*** Bugtraq: Wisecracker 1.0 - A high performance distributed cryptanalysis framework ***
---------------------------------------------
Wisecracker 1.0 - A high performance distributed cryptanalysis framework
---------------------------------------------
http://www.securityfocus.com/archive/1/524640
*** [dos] - Internet Explorer 9 Memory Corruption Crash PoC ***
---------------------------------------------
Internet Explorer 9 Memory Corruption Crash PoC
---------------------------------------------
http://www.exploit-db.com/exploits/22401
*** Bugtraq: [security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure ***
---------------------------------------------
[security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure...
---------------------------------------------
http://www.securityfocus.com/archive/1/524644
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 02-11-2012 18:00 − Montag 05-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Studie: Informationen trotz SSL-Verschlüsselung nicht sicher ***
---------------------------------------------
Mit einer seit Jahren bekannten Angriffstechnik kann man die SSL-Verschlüsselung im Browser austricksen. Wie eine Untersuchung zeigt, setzt kaum jemand den ebenfalls bekannten Schutzmechanismus ein. Auch unterstützen diesen nicht alle aktuellen Browser.
---------------------------------------------
http://www.heise.de/security/meldung/Studie-Informationen-trotz-SSL-Verschl…
*** VUPEN Researchers Say They Have Zero-Day Windows 8 Exploit ***
---------------------------------------------
"Controversial bug hunters and exploit sellers VUPEN claimed to have cracked the low-level security enhancements featured in Windows 8, Microsofts latest operating system. VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled...."
---------------------------------------------
http://threatpost.com/en_us/blogs/vupen-researchers-say-they-have-zero-day-…
*** Deep Inside a DNS Amplification DDoS Attack ***
---------------------------------------------
"A few weeks ago I wrote about DNS Amplification Attacks. These attacks are some of the largest, as measured by the number of Gigabits per second (Gbps), that we see directed toward our network. For the last three weeks, one persistent attacker has been sending at least 20Gbps twenty-four hours a day as an attack against one of our customers...."
---------------------------------------------
http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack
*** How Georgia doxed a Russian hacker (and why it matters) ***
---------------------------------------------
"On October 24, the country of Georgia took an unusual step: it posted to the Web a 27-page writeup (PDF), in English, on how it has been under assault from a hacker allegedly based in Russia. The paper included details of the malware used, how it spread, and how it was controlled. Even more unusually, the Georgians released pictures of the alleged hackertaken with his own webcam after the Georgians hacked the hacker with the help of the FBI and others...."
---------------------------------------------
http://arstechnica.com/tech-policy/2012/11/how-georgia-doxed-a-russian-hack…
*** Firefox gets strict about enforcement of HTTPS protection ***
---------------------------------------------
"Developers of Mozillas Firefox browser are experimenting with a new security feature that connects to a specified set of websites only when presented with a cryptographic certificate validating the connection is secure. A beta version of the open-source browser contains a list of sites known to deploy the HTTP Strict Transport Security mechanism that requires a browser to use the secure sockets layer or transport layer security protocols when communicating. HSTS is designed to provide an...
---------------------------------------------
http://arstechnica.com/security/2012/11/firefox-gets-strict-about-enforceme…
*** Android Modding for the Security Practitioner ***
---------------------------------------------
"After getting involved in the Android rooting scene, I observed that there is a disconnect between the community interested in "modding" (modifying) their devices and those looking at Android from a security practitioners perspective. In this talk, I will provide technical details on many key concepts in the modding world, including rooting, locked/unlocked bootloaders, S-ON/S-OFF, fastboot, ROM flashing, and various other techniques. Well look at real examples of...
---------------------------------------------
http://www.securitytube.net/video/6080
*** Anonymous ransomware - but who is hiding behind this malwares mask? ***
---------------------------------------------
"Heres an interesting twist of the Reveton/FBI/police ransomware that has been plaguing internet users lately. In this example, the malware that locks you out of your data, and demands 100 be paid via Ukash to gain access back to your files, claims to be from the Anonymous hacktivist group. Of course, just as when ransomware victims see demands from cash on their computer seemingly coming from the police, they should be equally dubious about whether this particular attack originated from...
---------------------------------------------
http://nakedsecurity.sophos.com/2012/11/02/anonymous-ransomware/
*** Shopping The Russian Cybercrime Underground ***
---------------------------------------------
"If you werent already convinced that the Russian cybercrime underground is now a vast, sophisticated, high-volume market, consider this: there are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits, according to a new report...."
---------------------------------------------
http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabi…
*** In Pictures: 20 notorious worms, viruses and botnets ***
---------------------------------------------
"The earliest worms and viruses were created for geeky fun and did little harm - oh, how times have changed. Here are 20 worms, viruses and botnets that show the evolution of malware, from Creeper to Flame. CreeperThe first real computer virus, Creeper was released "in lab" in 1971 by an employee of a company working on building ARPANET, the Internets ancestor, according to Guillaume Lovet, Senior Director, FortiGuard Labs...."
---------------------------------------------
http://www.computerworld.com.au/slideshow/440948/pictures_20_notorious_worm…
*** Searching for Silver Bullets In SCADA and ICS Environments ***
---------------------------------------------
"With Halloween past us, theres an excess of sugar in our blood, and remnant imaginings of monsters under the bed. So perhaps thats why when the topic of silver bullet security recently came up, my mind immediately went to Werewolves. The term was used, as it often is, in a discussion about Application Whitelistingthe industrial automation industrys rightful poster child for endpoint security...."
---------------------------------------------
http://www.securityweek.com/searching-silver-bullets-scada-and-ics-environm…
*** Vuln: Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability ***
---------------------------------------------
Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54395
*** ZPanel <= 10.0.1 CSRF, XSS, SQLi, Password Reset ***
---------------------------------------------
Topic: ZPanel
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/cET4kw8gtsc/WLB-20…
*** Anonymous am Werk? Symantec, ImageShack, Paypal und VMWare gehackt ***
---------------------------------------------
Eine Hackergruppe will zum zweiten Mal den Bilder-Upload-Dienst ImageShack gehackt haben und auch das Sicherheits-Unternehmen Symantec soll ihnen zum Opfer gefallen sein. Der Schaden bei ImageShack soll sich auf die Preisgabe aller vorhandenen, auch als privat eingestuften, Bilder belaufen. Von Symantec sollen nun unter anderem alle Mitarbeiter-E-Mailadressen öffentlich sein. Außerdem haben die Hacker eine Lücke für die OpenSource-Software ZPanel veröffentlicht. Obendrein stellt Anonymous den Kernel von...
---------------------------------------------
http://www.heise.de/security/meldung/Anonymous-am-Werk-Symantec-ImageShack-…
*** Bugtraq: Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client ***
---------------------------------------------
Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client
---------------------------------------------
http://www.securityfocus.com/archive/1/524621
*** New Blackhole Targets Mobile Banking Services ***
---------------------------------------------
"According to a report published by antivirus software developer AVG, there is a significant growth in malicious software and malicious ads with hidden malware behind images posed on social media. The report revealed details about the newly released 2. 0 version of Blackhole Exploit Toolkit that targets mobile banking services...."
---------------------------------------------
http://www.technologybanker.com/security-risk-management/new-blackhole-targ…