Daily December 2012

daily@lists.cert.at

1 participants
17 discussions

Tageszusammenfassung - Freitag 28-12-2012
by Daily end-of-shift report 28 Dec '12

28 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-12-2012 18:00 − Freitag 28-12-2012 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** ICS-CERT Closes-out Two Alerts *** --------------------------------------------- "Today the folks at DHS ICS-CERT published two advisories for different systems that were based upon uncoordinated disclosures reported earlier by ICS-CERT. Actually ICS-CERT only notes that one is based upon an earlier alert, but records show that both were. The affected systems are from RuggecCom and Carlo Gavazzi Automation...." --------------------------------------------- http://chemical-facility-security-news.blogspot.nl/2012/12/ics-cert-closes-… *** RealPlayer RealMedia File Handling Buffer Overflow *** --------------------------------------------- Topic: RealPlayer RealMedia File Handling Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bi_N1sR5TgU/WLB-20… *** Joomla bch and Content Shell Upload *** --------------------------------------------- Topic: Joomla bch and Content Shell Upload Risk: High Text: [ Joomla com_content Shell Upload Vulnerability] [x] Author : Agd_Scorp [x] Home : www.turkguvenligi.info ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/vUggqlfFDmw/WLB-20… *** Vuln: Real Networks RealPlayer Multiple Security Vulnerabilities *** --------------------------------------------- Real Networks RealPlayer Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56956 Next End-of-Shift report on 2013-01-02

1 0

Tageszusammenfassung - Donnerstag 27-12-2012
by Daily end-of-shift report 27 Dec '12

27 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-12-2012 18:00 − Donnerstag 27-12-2012 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Vuln: Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability *** --------------------------------------------- Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55465 *** Java 7 update offers more security options *** --------------------------------------------- "A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox. The plethora of security attacks that exploit flaws in the Java platform means that disallowing Java from browsers has long been recommended by security... --------------------------------------------- http://www.fiercecio.com/techwatch/story/java-7-update-offers-more-security… *** India Developing Its Own Secure Operating System *** --------------------------------------------- "According to The Times of India, 150 engineers from all across the country have already been working on the project for over one year and a half, but it will take another three before the operating systems can be rolled out. The director general of the DRDO has explained that India needs its own operating system to strengthen cyber security. He has emphasized that the current operating systems used in India, regardless whether theyre Windows or Linux-based, contain numerous security... --------------------------------------------- http://news.softpedia.com/news/India-Developing-Its-Own-Secure-Operating-Sy… *** Vuln: WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability *** --------------------------------------------- WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56988 *** Hook Analyser Malware Tool 2.2 *** --------------------------------------------- "Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes: The UI and modules of the project have been re-written...." --------------------------------------------- http://packetstormsecurity.org/files/119087 *** PHP-CGI Argument Injection Remote Code Execution *** --------------------------------------------- Topic: PHP-CGI Argument Injection Remote Code Execution Risk: High Text:#!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution T... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/HMIGwX9uCpo/WLB-20… *** [remote] - IBM Lotus Notes Client URL Handler Command Injection *** --------------------------------------------- IBM Lotus Notes Client URL Handler Command Injection --------------------------------------------- http://www.exploit-db.com/exploits/23650 *** [remote] - Microsoft SQL Server Database Link Crawling Command Execution *** --------------------------------------------- Microsoft SQL Server Database Link Crawling Command Execution --------------------------------------------- http://www.exploit-db.com/exploits/23649 *** NVidia Display Driver Service (nvvsvc.exe) Exploit *** --------------------------------------------- Topic: NVidia Display Driver Service (nvvsvc.exe) Exploit Risk: High Text:/* NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE = (@... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/RWnidJO9giU/WLB-20…

1 0

Tageszusammenfassung - Freitag 21-12-2012
by Daily end-of-shift report 21 Dec '12

21 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout *** --------------------------------------------- Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/m7FLRoPAp58/WLB-20… *** HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03577598 *** Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability *** --------------------------------------------- Squid cachemgr.cgi Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56957 *** QNAP-NAS anfällig für cross-site-scripting (XSS) *** --------------------------------------------- Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird. So ist z.B. die Photostation und die TVStation anfällig für XSS. --------------------------------------------- http://sdcybercom.wordpress.com/ *** CA20121220-01: Security Notice for CA IdentityMinder *** --------------------------------------------- CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. --------------------------------------------- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B… *** VMWare posts some updates, (Fri, Dec 21st) *** --------------------------------------------- Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that).... .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch! -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14740&rss Next End-of-Shift report on 2012-12-27

1 0

Tageszusammenfassung - Donnerstag 20-12-2012
by Daily end-of-shift report 20 Dec '12

20 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-12-2012 18:00 − Donnerstag 20-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Sweet Orange Exploit Kit Offers Customers Higher Infection Rates *** --------------------------------------------- "The newly emerging Sweet Orange Exploit Kit boasts a 10 to 25 percent infection rate and is promising to drive 150,000 unique visitors per day to the websites of its customers, according to Jeff Doty and Chris Larsen of Blue Coat Security. If the claims of Sweet Oranges authors reflect reality, it means that users of the kit can expect to add anywhere between 15,000 and 37,500 machines to their botnet per day. Sweet Orange has 45 dedicated IP addresses and 267 unique domains, which Doty... --------------------------------------------- http://threatpost.com/en_us/blogs/sweet-orange-exploit-kit-offers-customers… *** MyBB MyYoutube Cross Site Scripting *** --------------------------------------------- Topic: MyBB MyYoutube Cross Site Scripting Risk: Low Text:# Exploit Title: MyYoutube MyBB Stored XSS # Date: 17.12.2012 # Exploit Author: limb0 # Vendor Homepage: http://www.mybb-es.... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/C8aZDfreDmo/WLB-20… *** MyBB Xbox Live ID Cross Site Scripting *** --------------------------------------------- Topic: MyBB Xbox Live ID Cross Site Scripting Risk: Low Text:# Exploit Title: Xbox Live ID MyBB Plugin Stored XSS # Date: 13/12/2012 # Exploit Author: limb0 # Vendor Homepage: http://ww... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/qUghUFk2MwE/WLB-20… *** Vuln: Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities *** --------------------------------------------- Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56906 *** Bugtraq: EMC Avamar: World writable cache files *** --------------------------------------------- EMC Avamar: World writable cache files --------------------------------------------- http://www.securityfocus.com/archive/1/525095 *** Apache plug-in doles out Zeus attack *** --------------------------------------------- Points victims to Sweet Orange exploit server, slurps banking credentials Anti-virus outfit Eset has discovered a malicious Apache module in the wild that serves up malware designed to steal banking credentials. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/apache_dang… *** SurgeFTP Remote Command Execution *** --------------------------------------------- Topic: SurgeFTP Remote Command Execution Risk: High Text:require msf/core class Metasploit3 --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/iwcAssIZcxo/WLB-20… *** Drupal Core 6.x & 7.x Access Bypass & Code Execution *** --------------------------------------------- Topic: Drupal Core 6.x & 7.x Access Bypass & Code Execution Risk: High Text:View online: http://drupal.org/SA-CORE-2012-004 * Advisory ID: DRUPAL-SA-CORE-2012-004 * Project: Drupal core [1] * ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bLFpBaVeTdc/WLB-20… *** ENISA on Smart Grids: a Risk-Based Approach Is Key to Secure Implementation *** --------------------------------------------- "The European Network and Information Security Agency (ENISA) has released a new report to help smart grid providers properly secure their infrastructures against cyberattacks. The European Union hopes to achieve a 20% increase in renewable energy, a 20% reduction in CO2 emissions, and a 20% increase in energy efficiency by 2020. Smart grids can help a lot in achieving these goals, but they must be rolled out in a secure way...." --------------------------------------------- http://news.softpedia.com/news/ENISA-on-Smart-Grids-a-Risk-Based-Approach-I… *** Vuln: Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities *** --------------------------------------------- Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56982 *** PGP, TrueCrypt-encrypted files CRACKED by £300 tool *** --------------------------------------------- Plod at the door? Better yank out that power cable ElcomSoft has built a utility that forages for encryption keys in snapshots of a PCs memory to decrypt PGP and TrueCrypt-protected data. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/elcomsoft_t… *** Sicherheitslücke in AMDs Catalyst-Control-Center *** --------------------------------------------- Eigentlich soll das Catalyst-Control-Center von AMD helfen die Treiber für Grafikkarten so aktuell wie möglich zu halten - über ein Ausnutzen der Update-Benachrichtigung kann vermutlich ein manipulierter Treiber untergejubelt werden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/26cbb061/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 19-12-2012
by Daily end-of-shift report 19 Dec '12

19 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-12-2012 18:00 − Mittwoch 19-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** The Only 2013 Cybersecurity Predictions List You Need to Read *** --------------------------------------------- "Please, allow me to save you some time reading all of those Top 10 Cybersecurity Threats of 2013 lists from journalists, bloggers, analysts, vendors and other crackpots. Nearly all of them will include the 10 following threats, in varying orders:The Cloud Lots of vulnerabilities out there. BYOD/Mobile malware Its a problem dealing with all these devices...." --------------------------------------------- http://blogs.cio.com/security/17647/only-2013-cybersecurity-predictions-lis… *** 1-15 December 2012 Cyber Attacks Timeline *** --------------------------------------------- "Christmas is coming quickly, we have just passed the first half of December, and hence its time for the first update of the Cyber Attacks Timeline for December. The Team GhostShell has decided to close the year with a clamorous Cyber Attack, and hence,as part of the project ProjectWhiteFox, has leaked 1. 6 million of accounts from several organizations all over the world...." --------------------------------------------- http://hackmageddon.com/2012/12/17/1-15-december-2012-cyber-attack-timeline/ *** Enterpriser16 LB 7.1 Cross Site Scripting *** --------------------------------------------- Topic: Enterpriser16 LB 7.1 Cross Site Scripting Risk: Low Text:Title: Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: == 2012-12-12 References: == http://ww... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Pv935OaGGFY/WLB-20… *** [webapps] - SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability *** --------------------------------------------- SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/23498

1 0

Tageszusammenfassung - Dienstag 18-12-2012
by Daily end-of-shift report 18 Dec '12

18 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-12-2012 18:00 − Dienstag 18-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/56846 *** Vuln: Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/56847 *** Vuln: TWiki Multiple Security Vulnerabilities *** --------------------------------------------- TWiki Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56950 *** Reminder: Java 6 end-of-live February 2013 , (Mon, Dec 17th) *** --------------------------------------------- Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here: http://www.oracle.com/technetwork/java/javase/eol-135779.html --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14719&rss *** Bugtraq: IPv6 Neighbor Discovery security (new documents) *** --------------------------------------------- IPv6 Neighbor Discovery security (new documents) --------------------------------------------- http://www.securityfocus.com/archive/1/525063 *** Cyber Security Bulletin (SB12-352) - Vulnerability Summary for the Week of December 10, 2012 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability... --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB12-352.html *** Carberp-in-the-Mobile found on Google Play *** --------------------------------------------- "Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play cant be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps. Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2362 *** Lookout Predicts 18 Million Android Malware Infections by End of 2013 *** --------------------------------------------- "Lookout Mobile Security recently published its mobile threat predictions for 2013, anticipating that 18 million Android users will encounter mobile malware between the beginning of 2012 and the end of 2013."The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0. 20 percent in Japan to 0. 40 percent in the US and as high as 34...." --------------------------------------------- http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-… *** Trojan Upclicker malware infecting PCs via mouse input *** --------------------------------------------- "Windows PC owners be warned theres a new strain of malware out there that befuddles users into helping it accomplish its dirty deeds via mouse clicks. Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors. FireEye researchers Abhishek Singh and Yasir Khalid noted that Trojan Upclicker is a variant... --------------------------------------------- http://www.itproportal.com/2012/12/17/trojan-upclicker-malware-infecting-pc… *** EU to propose mandatory reporting of cyber incidents *** --------------------------------------------- "The European Union may force companies operating critical infrastructure in areas such as banking, energy and stock exchanges to report major online attacks and reveal security breaches, according to draft report by the European Commission. The European Commission is due to present a proposal on cybersecurity in February once it has received feedback from the European Parliament and EU countries. The proposal was initially announced in May for the third quarter this year but has been... --------------------------------------------- http://www.euractiv.com/infosociety/eu-propose-mandatory-reporting-c-news-5…

1 0

Tageszusammenfassung - Montag 17-12-2012
by Daily end-of-shift report 17 Dec '12

17 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-12-2012 18:00 − Montag 17-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: MyBB DyMy User Agent Plugin SQL Injection Vulnerability *** --------------------------------------------- MyBB DyMy User Agent Plugin SQL Injection Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56931 *** Bugtraq: Wordpress Pingback Port Scanner *** --------------------------------------------- Wordpress Pingback Port Scanner --------------------------------------------- http://www.securityfocus.com/archive/1/525045 *** Bugtraq: DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) *** --------------------------------------------- DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) --------------------------------------------- http://www.securityfocus.com/archive/1/525044 *** ENISA - Introduction to Return on Security Investment *** --------------------------------------------- "As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention...." --------------------------------------------- http://www.enisa.europa.eu/activities/cert/other-work/introduction-to-retur… *** Foswiki Remote code execution and other vulnerabilities in MAKETEXT *** --------------------------------------------- Topic: Foswiki Remote code execution and other vulnerabilities in MAKETEXT Risk: High Text: + Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/8WkKh9Nz_ZM/WLB-20… *** Eurograbber: A Smart Trojan Attack - Hackers Methods Reveal Banking Know-How *** --------------------------------------------- "The Eurograbber banking Trojan is an all-in-one hit, researchers say. It successfully compromises desktops and mobile devices, and has gotten around commonly used two-factor authentication practices in Europe. How can banking institutions defend themselves and their customers against this super-Trojan attack?..." --------------------------------------------- http://www.bankinfosecurity.com/eurograbber-smart-trojan-attack-a-5359?rf=2…

1 0

Tageszusammenfassung - Freitag 14-12-2012
by Daily end-of-shift report 14 Dec '12

14 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-12-2012 18:00 − Freitag 14-12-2012 18:00 Handler: Christian Wojner Co-Handler: n/a *** Internet Explorer rats out the mouse - Update *** --------------------------------------------- "Company Spider. io warns that Internet Explorer allows a users mouse position to be determined even if the mouse cursor is located outside of the browser window or the browser window isnt being displayed at all either because it is minimised or the user has switched to view another tab or window. This is potentially dangerous because it enables web pages to intercept sensitive data that is being entered via virtual keyboards and virtual keypads, say the researchers...." --------------------------------------------- http://www.h-online.com/security/news/item/Internet-Explorer-rats-out-the-m… *** Bugtraq: Addressbook v8.1.24.1 Group Name XSS *** --------------------------------------------- Addressbook v8.1.24.1 Group Name XSS --------------------------------------------- http://www.securityfocus.com/archive/1/525027 *** New Trojan attempts SMS fraud on OS X users *** --------------------------------------------- "The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud. The new malware is a Trojan horse, dubbed "Trojan. SMSSend...." --------------------------------------------- http://news.cnet.com/8301-1009_3-57558780-83/new-trojan-attempts-sms-fraud-… *** Apple updates OS X malware definitions for new fake-installer/SMS trojan *** --------------------------------------------- "MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as TrojanSMSSend...." --------------------------------------------- http://9to5mac.com/2012/12/13/apple-updates-os-x-malware-definitions-for-ne… *** Backdoor Found at NDIS Level *** --------------------------------------------- "It is one thing to have a piece of malware that can focus on targeted attacks, but it is quite another to have it also be nearly invisible. That is just what a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel. A, is able to do, said researchers at Microsofts Malware Protection Center...." --------------------------------------------- http://www.isssource.com/backdoor-found-at-ndis-level/ *** New Attacks from Gameover Gang *** --------------------------------------------- "Millions of emails, which pose as coming from major U.S. banks, are spamming out, according to Dell SecureWorks Counter Threat Unit. The fake but convincing-looking emails appeal to a more security-minded banking customer: You have received a new encrypted message or a secure message from [XYZ] Bank, one of the email campaigns said, noting the bank has set up a secure email exchange for its customers as a way to allay privacy and security concerns. The message includes an infected --------------------------------------------- http://www.isssource.com/new-attacks-from-gameover-gang/ *** Yet another eavesdrop vulnerability in Cisco phones *** --------------------------------------------- Security groundhog day A university student presenting at the Amphion Forum has demonstrated turning a Cisco VoIP phone into a listening device, even when it's on the hook. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/13/cisco_voip_… *** Dexter malware targets point of sale systems worldwide *** --------------------------------------------- "You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems. First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking providers...." --------------------------------------------- http://www.theregister.co.uk/2012/12/14/dexter_malware_targets_pos_systems/ *** Top 7 security predictions for 2013 *** --------------------------------------------- "A seismic shift in who controls the Internet? Another Mac malware outbreak? Your smart TV being highjacked for a DDoS attack?..." --------------------------------------------- http://www.net-security.org/secworld.php?id=14120 *** [DNB] Joomla, WordPress Sites Hit by IFrame Injection Attacks *** --------------------------------------------- '....Users of the popular Joomla content management system are being urged by security experts to upgrade to the latest version after reports of exploits being used to compromise websites built on the platform......' --------------------------------------------- https://threatpost.com/en_us/blogs/joomla-wordpress-sites-hit-iframe-inject…

1 0

Tageszusammenfassung - Donnerstag 13-12-2012
by Daily end-of-shift report 13 Dec '12

13 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 12-12-2012 18:00 − Donnerstag 13-12-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Researchers uncover Tor-powered Skynet botnet *** --------------------------------------------- "Rapid7 researchers have recently unearthed an unusual piece of malware that turned out to be crucial to the formation of an elusive botnet - dubbed Skynet by the researchers - whose existence has been documented in a very popular Reddit "I Am A" thread. The Trojan in question has DDoS and Bitcoin-mining capabilities, but its main function is to steal banking credentials. The botnet operator spreads the malware via the Usenet discussion forum, which is also a popular platform for... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2357 *** "Dexter" malware steals credit card data from point-of-sale terminals *** --------------------------------------------- "A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30... --------------------------------------------- http://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-d… *** New Findings Lend Credence to Project Blitzkrieg *** --------------------------------------------- "Project Blitzkrieg," a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2013, was met with skepticism from some in the security community after news of the scheme came to light in October. Many assumed it was a law enforcement sting, or merely the ramblings of a wannabe criminal mastermind. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/RgJgMJ51mKo/ *** Cybersecurity company using hackers own devices against them *** --------------------------------------------- "A California cybersecurity start-up, marketing itself as a private cyber intelligence agency, works to identify foreign attackers who are attempting to steal corporate secrets; it does so by using the attackers own techniques and vulnerabilities against them; the company also collects data on hackers and tricks intruders into stealing false information Shawn Henry, the head of the FBI cyber crimes division, this year left agency after twenty-four years to become the president CrowdStrike,... --------------------------------------------- http://www.homelandsecuritynewswire.com/dr20121213-cybersecurity-company-us… *** Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10 *** --------------------------------------------- "Facebooks security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions. The arrests were carried out yesterday in the U.S., U.K., the Balkans, South America and New Zealand in connection with spreading the Yahos malware on Facebook from 2010 to this October. Yahos compromised more than 11 million computers, the FBI said...." --------------------------------------------- http://threatpost.com/en_us/blogs/facebook-security-fbi-take-down-butterfly…

1 0

Tageszusammenfassung - Mittwoch 12-12-2012
by Daily end-of-shift report 12 Dec '12

12 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-12-2012 18:00 − Mittwoch 12-12-2012 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** First fake-installer Trojan for Mac OS *** --------------------------------------------- December 11, 2012 Russian anti-virus company Doctor Web informs users about a new Trojan for Mac OS X dubbed Trojan.SMSSend.3666. The malicious scheme used to spread this Trojan is notorious among many Windows users but until now it hasnt been employed to deceive owners of Macs. Trojan.SMSSend is a fake installer which can be downloaded from various sites under the guise of useful software. Trojan.SMSSend programs are found in large numbers on the Internet. These are fake installers available --------------------------------------------- http://news.drweb.com/show/?i=3138&lng=en&c=9 *** Web-Seiten identifizieren Besucher über deren soziale Netze *** --------------------------------------------- Der New Yorker Sumit Suman staunte nicht schlecht. Nach seinem Besuch der Web-Seiten von UberVu bekam er am nächsten Tag eine persönliche E-Mail mit Werbeangeboten der Firma. --------------------------------------------- http://www.heise.de/security/meldung/Web-Seiten-identifizieren-Besucher-ueb… *** Dezember-Patchday bei Microsoft und Adobe *** --------------------------------------------- Microsoft und Adobe haben ihre Dezember-Patchdays abgehalten und dabei zahlreiche kritische Lücke geschlossen. Während Microsoft die meisten Windows-Versionen, den Internet Explorer, Word und einige Server-Produkte abgesichert hat, gab es von Adobe Patches für den Flash Player, AIR und ColdFusion. --------------------------------------------- http://www.heise.de/security/meldung/Dezember-Patchday-bei-Microsoft-und-Ad… *** Microsoft Internet Explorer 610 Mouse Tracking *** --------------------------------------------- Topic: Microsoft Internet Explorer 610 Mouse Tracking Risk: Medium Text:Summary: Unprivileged attackers can track your system-wide mouse movements from any IE page, even when the page is unfocused o... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/GTaeIyspNpM/WLB-20… *** Samsungs smart TVs wide open to exploits *** --------------------------------------------- The downside to being more like a PC Samsungs Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/smart_tv_pw… *** Russian space research org targeted by mystery malware attack *** --------------------------------------------- Korean message forum becomes cyber-espionage hub Security researchers have discovered a targeted attack against Russian hi-tech firm that appears to originate in Korea. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/russian_cyb… *** North America and Europe Most Threatened by Money-Stealing Android Trojans *** --------------------------------------------- "If youre living in Europe or North America and if youre an Android user, the mobile malware that targets you is most likely designed to steal your money. On the other hand, if you live in Asia, youre more likely to be bombarded with aggressive adware and annoying ads. These are the results of a study performed by security firm Bitdefender with the aid of its mobile security solution, between January 1 and December 1, 2012...." --------------------------------------------- http://news.softpedia.com/news/North-America-and-Europe-Most-Threatened-by-…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily December 2012