Daily January 2013

daily@lists.cert.at

1 participants
22 discussions

Tageszusammenfassung - Donnerstag 3-01-2013
by Daily end-of-shift report 03 Jan '13

03 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 02-01-2013 18:00 − Donnerstag 03-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** BSI warnt vor Sicherheitslücke im VLC Media Player *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik rät Nutzern der populären quelloffenen Videoabspielsoftware, auf die aktuelle Version 2.0.5 umzusteigen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27218c1d/l/0L0Sheise0Bde0Cmel… *** Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack *** --------------------------------------------- "This weeks watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturers website has been serving malware related to the attack since September. Researcher Eric Romang said that Capstone Turbine Corp., which builds power generation equipment for utilities, has been infected with malware exploiting CVE 2012-4969 for four months and the latest IE --------------------------------------------- http://threatpost.com/en_us/blogs/energy-manufacturer-also-victimized-ie-ze… *** 6 Big cyber security predictions for 2013 *** --------------------------------------------- "If there is any weakness in security, you can guarantee the criminals will try to exploit it. And if a cyber criminal discovers a weakness in one community, it wont be long before that isolated crime turns into a trend. The commercialization of malware is rapidly becoming a well-organized and highly lucrative business...." --------------------------------------------- http://venturebeat.com/2013/01/02/6-big-cyber-security-predictions-for-2013/ *** Malware SNEAK dons cunning disguise, opens creaky back door to servers *** --------------------------------------------- Java-based exploit targets web-hosting servers A malicious backdoor designed to infect web servers poses a severe threat, Trend Micro warns. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/03/web_server_… *** A New Way of Detecting Cybersecurity Attacks *** --------------------------------------------- "Rajeev Bhargava is an acknowledged pioneer in the networking and software industry, and CEO of Toronto-based Decision Zone Inc. His career spans more than 30 years within the engineering and IT industry, and he has been closely associated with many of its major developments. Rajeev has advised many of North Americas largest organizations within the telecom, financial, high tech, military, retail, aerospace and government industries. He is the inventor of an anomaly detection solution used --------------------------------------------- http://www.digitalcommunities.com/articles/A-New-Way-of-Detecting-Cyber-Sec… *** Lücke in Ruby on Rails erlaubt SQL-Injections *** --------------------------------------------- Alle aktuellen Versionen des Fameworks Ruby on Rails sind von einer Sicherheitslücke betroffen, die das Einschleusen von beliebigem SQL-Code ermöglicht. Nutzer sollten ihre Software möglichst schnell aktualisieren. --------------------------------------------- http://www.heise.de/meldung/Luecke-in-Ruby-on-Rails-erlaubt-SQL-Injections-… *** Virenverseuchte Dia-Scanner bei Tchibo verkauft *** --------------------------------------------- Der Kaffeeröster Tchibo hat in der Vorweihnachtszeit des vergangenen Jahres einen virenverseuchten Dia-Scanner verkauft. Das Gerät wurde ab dem 11. Dezember 2012 für 60 Euro über die Filialen und den Tchibo-Onlineshop angeboten. --------------------------------------------- http://www.heise.de/meldung/Virenverseuchte-Dia-Scanner-bei-Tchibo-verkauft… *** Invasion of the Botnets *** --------------------------------------------- "Millions and millions of PCs have been silently infiltrated with bot malware, creating massive bot armies, poised to steal and inflict maximum damage when triggered by their Bot Commander. There are several botnets each comprising millions of compromised PCs, such as Zeus, Conficker, Mariposa, ZeroAccess and BredoLab, waiting for the next command from their Bot Commander, so that they can spring into action and obediently carry out their strike orders like a well-disciplined and --------------------------------------------- http://dwaterson.com/2013/01/02/invasion-of-the-botnets/ *** Cloud security to be most disruptive technology of 2013 *** --------------------------------------------- "The Security for Business Innovation Council, comprised of IT security professionals from 19 companies worldwide, called cloud computing the main disruptive force for 2013. In its report, "Information Security Shake-Up," the group said it was evident many organizations are preparing to move more business processes to the cloud. This year, it will even be "mission-critical apps and regulated data" consigned to the cloud...." --------------------------------------------- http://www.networkworld.com/news/2013/010313-cloud-security-265437.html *** Facebook-Lücke erlaubte unbemerkte Webcam-Aufnahmen *** --------------------------------------------- Rund vier Monate nachdem zwei Sicherheitsforscher eine Schwachstelle in Facebooks Video-Upload-Funktion meldeten, soll de Lücke geschlossen worden sein. Die Entdecker sind überrascht über die Höhe der von Facebook gezahlten Belohnung. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2729d37e/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 2-01-2013
by Daily end-of-shift report 02 Jan '13

02 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-12-2012 18:00 − Mittwoch 02-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Microsoft Warns of New Gaming Malware *** --------------------------------------------- "According to a recent report by Marianne Mallen of the Microsoft Malware Protection Center (MMPC), Microsoft researchers recently came across three new Trojans that specifically target Korean gamers."According to the ... MMPC, whoever is responsible for these pieces of malware is attempting to pilfer user login credentials, credit card information that is used to pay for in-game money and assorted upgrades, Korean ID numbers (a sort of Korean-variety Social Security number often --------------------------------------------- http://www.esecurityplanet.com/malware/microsoft-warns-of-new-gaming-malwar… *** Microsoft - Windows XP wird zum Sicherheitsrisiko *** --------------------------------------------- Die Zeitschrift ct warnt: "Ab 2014 kann man einen XP-Rechner nur noch in völliger Isolation betreiben" --------------------------------------------- http://text.derstandard.at/1356426331198/Windows-XP-wird-zum-Sicherheitsris… *** 29C3 - erfolgreicher Angriff auf verschlüsselnde Festplatten *** --------------------------------------------- Auch bei automatisch verschlüsselnden Festplatten (Self-Encrypting Drives, SED) können Angreifer die Daten mit wenigen Handgriffen auslesen: Der Informatiker Tilo Müller demonstrierte am Freitag auf dem 29. Hacker-Kongress des Chaos Computer Clubs (29C3) in Hamburg, wie sich die Hardware-Verschlüsselung von Desktop-Computern oder Laptops angreifen lässt. --------------------------------------------- http://www.heise.de/meldung/29C3-erfolgreicher-Angriff-auf-verschluesselnde… *** Windows 8 Will Be Harder to Hack - Security Expert *** --------------------------------------------- "Windows 8 has already been attacked by hackers who wanted to activate the operating system at no cost, but theres no doubt its one of the most secure Windows iterations released so far. And Microsoft uses this argument to promote Windows 8 with every single occasion, while security companies across the globe confirm that its harder to attack the new OS. McAfee said in its 2013 predictions report that Windows 8 may become hackers next big target, but Rapid7 CISO and Metasploit founder HD... --------------------------------------------- http://news.softpedia.com/news/Windows-8-Will-Be-Harder-to-Hack-Security-Ex… *** Bugtraq: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption *** --------------------------------------------- GnuPG 1.4.12 and lower - memory access errors and keyring database corruption --------------------------------------------- http://www.securityfocus.com/archive/1/525167 *** Worst email scams of 2012 *** --------------------------------------------- "The scammers have continued to flood us with dodgy emails this year. Here are some of the worst ones weve spotted. Identity fraud and theft continues to be a big issue in the UK...." --------------------------------------------- http://www.lovemoney.com/news/scams-and-rip-offs/scams/18904/worst-email-sc… *** Provisorischer Fix für kritische Lücke im Internet Explorer *** --------------------------------------------- Im Internet Explorer bis einschließlich Version 8 klafft eine kritische Sicherheitslücke. Microsoft hat nun ein Fix-It-Tool herausgegeben, mit dem sich Nutzer der betroffenen IE-Versionen schützen können, bis ein Patch fertig ist. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27194e91/l/0L0Sheise0Bde0Cmel… *** Piraterie - Gecrackte Apps: Neue Dienste kapern iOS auch ohne Jailbreak *** --------------------------------------------- Nachfolger von Installous könnten wesentlich mehr User erreichen --------------------------------------------- http://derstandard.at/1356426557392/Gecrackte-Apps-Neue-Dienste-kapern-iOS-…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily January 2013