=======================
= End-of-Shift report =
=======================
Timeframe: Montag 07-01-2013 18:00 − Dienstag 08-01-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Bugtraq: Chrome for Android - Cookie theft from Chrome by malicious Android app ***
---------------------------------------------
Chrome for Android - Cookie theft from Chrome by malicious Android app
---------------------------------------------
http://www.securityfocus.com/archive/1/525222
*** Bugtraq: Chrome for Android - Android APIs exposed to JavaScript ***
---------------------------------------------
Chrome for Android - Android APIs exposed to JavaScript
---------------------------------------------
http://www.securityfocus.com/archive/1/525220
*** Foxit Reader <= 5.4.4.1128 npFoxitReaderPlugin.dll Stack Buffer Overflow ***
---------------------------------------------
Topic: Foxit Reader
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/mNx5SSGJYF4/WLB-20…
*** Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities ***
---------------------------------------------
Topic: Drupal 6.x->7.18 getimagesize()
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/2AwbWS10dFQ/WLB-20…
*** Bugtraq: Facebook for Android - Information Diclosure Vulnerability ***
---------------------------------------------
Facebook for Android - Information Diclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525223
*** Symantec plays down PGP hole ***
---------------------------------------------
"Symantec has quenched fears about a vulnerability in its PGP technology. According to a Pastebin statement, the pgpwded. sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability in the handling of IOCTL 0x80022058...."
---------------------------------------------
http://news.hitb.org/content/symantec-plays-down-pgp-hole
*** ‘Value of a Hacked PC’ Graphic Goes Global ***
---------------------------------------------
The Value of a Hacked PC graphic, which I published on this blog a few months ago to explain bad guy uses for your PC, is getting a makeover. I’m honored to say that the SANS Institute, a security training group, has taken the idea and run with it as an educational tool, and is in [...]
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ehmnqBEd8q0/
*** Abgeschottetes Android für Unternehmen ***
---------------------------------------------
Eine speziell angepasste Version des Mobilbetriebssystems überwacht, was der User mit seinem Gerät tun kann – basierend auf der jeweiligen Nutzungssituation.
---------------------------------------------
http://www.heise.de/meldung/Abgeschottetes-Android-fuer-Unternehmen-1767696…
*** Vuln: OpenIPMI ipmievd Daemon PID Files Insecure File Permissions Vulnerability ***
---------------------------------------------
OpenIPMI ipmievd Daemon PID Files Insecure File Permissions Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51036
*** Vuln: PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities ***
---------------------------------------------
PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/27163
*** ENISA Names Drive-By Exploits as Biggest Emerging Threat of 2012 ***
---------------------------------------------
"The European Network and Information Security Agency (ENISA) has released its Cyber Threat Landscape analysis of 2012. The study, based on over 120 threat reports, highlights the top threats and their trends. According to the report, drive-by exploits malicious code injects used to exploit web browser vulnerabilities are the number one threat...."
---------------------------------------------
http://news.softpedia.com/news/ENISA-Names-Drive-By-Exploits-as-Biggest-Eme…
*** [webapps] - Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability ***
---------------------------------------------
Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/23968
*** Wichtiges Sicherheitsupdate für MoinMoin-Wiki ***
---------------------------------------------
Das Update auf Version 1.9.6 behebt unter anderem eine kritische Schwachstelle, die bereit aktiv von Cyber-Kriminellen ausgenutzt wird.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/274e0d0f/l/0L0Sheise0Bde0Cmel…
*** Payment Card Fraud in the European Union ***
---------------------------------------------
"The criminal market of payment card fraud (PCF) within the European Union (EU) is dominated by well structured and globally active organised crime groups (OCGs). Criminal networks have managed to affect non-cash payments in the EU to the extent that protection measures are very expensive and need to be implemented on a global level. Consequently, the use of payment cards can be inconvenient and no longer fully secure for EU cardholders...."
---------------------------------------------
https://www.europol.europa.eu/sites/default/files/publications/1public_full…
*** Angriffe auf ungepatchte ColdFusion-Lücken ***
---------------------------------------------
Adobe warnt davor, dass Cyber-Kriminelle durch bislang nicht geschlossene Sicherheitslöcher in ColdFusion-Server einsteigen. Ein passender Patch ist frühestens in einer Woche fertig.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/274f87d4/l/0L0Sheise0Bde0Cmel…
*** Bugtraq: ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability ***
---------------------------------------------
ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525229
*** [webapps] - WordPress Plugin Google Document Embedder Arbitrary File Disclosure ***
---------------------------------------------
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
---------------------------------------------
http://www.exploit-db.com/exploits/23970
*** Kritische Schwachstellen in Asterisk ***
---------------------------------------------
Digium hat einige kritische Schwachstellen in der quelloffenen Telefonanlagen-Software Asterisk geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Bei den Lücken handelt es sich um Pufferüberläufe auf dem Stack, die über die Protokolle HTTP, SIP und XMPP ausgenutzt werden können. Nur bei XMPP ist hierzu eine aktive Sitzung nötig.
---------------------------------------------
http://www.heise.de/meldung/Kritische-Schwachstellen-in-Asterisk-1779526.ht…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 04-01-2013 18:00 − Montag 07-01-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Patch for IE Zero Day Wont Be Among Microsoft Security Updates Next Week ***
---------------------------------------------
"Microsoft plans to release a pair of critical bulletins on Tuesday for its first round of 2013 monthly security updates, but still has no announcement regarding a patch for the zero day vulnerability and exploit in Internet Explorer reported over the Christmas holiday. Users are urged to apply a Fix It released Dec. 31 for the vulnerability in IE 6, 7 and 8 that was at the heart of an attack on the Council on Foreign Relations website as well as that of energy manufacturer Capstone...
---------------------------------------------
http://threatpost.com/en_us/blogs/patch-ie-zero-day-wont-be-among-microsoft…
*** Dutch Government Aims to Shape Ethical Hackers Disclosure Practices ***
---------------------------------------------
"The Dutch governments cyber security center has published guidelines that it hopes will encourage ethical hackers to disclose security vulnerabilities in a responsible way."Persons who report an IT vulnerability have an important social responsibility," the Dutch ministry of Security and Justice said on Thursday, announcing guidelines for ethical hacking that were published by the countrys National Cyber Security Center (NCSC). White-hat hackers and security researchers play an...
---------------------------------------------
http://www.cio.com/article/725400/Dutch_Government_Aims_to_Shape_Ethical_Ha…
*** FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection ***
---------------------------------------------
Topic: FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection Risk: Medium Text:# Exploit Title: SQL injection in FreePBX 2.7.0.3 / Elastix 2.3.0 # Google Dork: N/A # Date: 05/01/2013 # Exploit Author: S...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/DfqeYKHkuXM/WLB-20…
*** pfSense 2.0.1 XSS & CSRF & Command Execution ***
---------------------------------------------
Topic: pfSense 2.0.1 XSS & CSRF & Command Execution Risk: High Text: # # Exploit Title: pfSense 2.0.1 XSS & CSRF Remote root Access # Date: 04/01/2013 # Author: Yann CAM ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/1o3q8BIwTZs/WLB-20…
*** MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection ***
---------------------------------------------
Topic: MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection Risk: Medium Text:# Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS # Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/lZtyzTcL-Tc/WLB-20…
*** BSI release Draft Cyber Security standard - PAS 555\ ***
---------------------------------------------
"This PAS specifies a framework for the governance and management of cyber security risk. The requirements of this PAS define the overall outcomes of effective cyber security, and include technical, physical, cultural and behavioural measures alongside effective leadership and governance. While there are many standards and guidelines available that can help tackle cyber security risk, they tend to define good practice as to how elements of effective cyber security might be...
---------------------------------------------
http://drafts.bsigroup.com/Home/Details/49890
*** Adobe ColdFusion Security Advisory, (Sat, Jan 5th) ***
---------------------------------------------
Adobe released a security advisory which identifies three vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631) affecting ColdFusion for Windows, Macintosh and Unix. They have received reports that these vulnerabilities are actively being exploited. Adobe is currently planning to release a fix for January 15, 2013. Additional information and mitigations options available here. [1] http://www.adobe.com/support/security/advisories/apsa13-01.html ----------- Guy Bruneau IPSS Inc.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14827&rss
*** Neuer Exploit für Lücke im Internet Explorer ***
---------------------------------------------
Einer Sicherheitsfirma gelang es nach eigenen Angaben, Microsofts provisorischen Patch für die kritische IE-Lücke auszutricksen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2738e1e8/l/0L0Sheise0Bde0Cmel…
*** Malware targets Java HTTP servers ***
---------------------------------------------
"A malware that strikes at Java HTTP servers and allows attackers to gain control on underlying systems has been spotted by security researchers of anti-virus vendor Trend Micro Inc. Using a password cracking tool, cybercriminals are able to login and gain manager/administrative rights allowing the deployment of Web application archive (WAR) file packages with the backdoor to the server, according to a post last Thursday on the Trend Labs. & Once done, the backdoor can now browse,
---------------------------------------------
http://www.itworldcanada.com/news/malware-targets-java-http-servers/146535
*** Symantec links latest Microsoft zero-day with skilled hacker gang ***
---------------------------------------------
"Symantec is crediting a hacker group with an impressive track record as responsible for finding the latest as yet unpatched vulnerability in older versions of Microsofts Internet Explorer browser. A gang Symantec calls the Elderwood group appears to have found the latest zero-day vulnerability in IE, which can allow a malicious website to automatically infect a persons computer.[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to...
---------------------------------------------
http://www.infoworld.com/d/security/symantec-links-latest-microsoft-zero-da…
*** Crimeware Author Funds Exploit Buying Spree ***
---------------------------------------------
"The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes. An...
---------------------------------------------
http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-sp…
*** Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
Topic: Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability Risk: Low Text: ## # # Exploit Title : Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability # # Author : IrI...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ESFCnSJbmkU/WLB-20…
*** Wordpress wilderness SQL injection ***
---------------------------------------------
Topic: Wordpress wilderness SQL injection Risk: Medium Text:# Exploit Title: Wordpress wilderness SQL injection # Google Dork: inurl:/wp-content/themes/wilderness/gallery.php # Date: 20...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/6WtYRSMSzoI/WLB-20…
*** Vuln: CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability ***
---------------------------------------------
CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56494
*** Sicherheit - Ubisofts Spieleplattform Uplay gehackt ***
---------------------------------------------
Spielehersteller arbeitet bereits an Lösung und ruft zu besseren Passwörtern auf
---------------------------------------------
http://derstandard.at/1356426935498/Ubisofts-Spieleplattform-Uplay-gehackt
*** Google, Yahoo, Microsoft und Amazon anfällig für Clickjacking ***
---------------------------------------------
Ein Sicherheitsforscher demonstriert an populären Webseiten wie Amazon, Google, Yahoo und Microsoft Live, dass viele Webseiten immer noch schlecht gegen Clickjacking geschützt sind.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/274546ad/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 03-01-2013 18:00 − Freitag 04-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Apache Malware Installs Zeus ***
---------------------------------------------
"The worlds most widely used web server, Apache, is a conduit to inject malicious content into web pages served by an infected Linux server, without the knowledge of the website owner. Those are the results of an analysis of a malicious Apache module, detected by ESET. They called the malware Linux/Chapro.A. Although the malware can serve practically any type of content, in this specific case it installs a variant of Win32/Zbot, malware designed to steal information from online banking
---------------------------------------------
http://www.isssource.com/apache-malware-installs-zeus/
*** Bugtraq: Aastra IP Telephone encrypted .tuz configuration file leakage ***
---------------------------------------------
Aastra IP Telephone encrypted .tuz configuration file leakage
---------------------------------------------
http://www.securityfocus.com/archive/1/525190
*** Browser vendors rush to block fake google.com site cert ***
---------------------------------------------
Turkish authoritys goof could compromise data Google and other browser vendors have taken steps to block an unauthorized digital certificate for the " *.google.com" domain that fraudsters could have used to impersonate the search giants online services.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/04/turkish_fak…
*** Holey code, Batman! Microsoft to patch 12 vulns on Tuesday ***
---------------------------------------------
Christmas zero-day flaw not included Microsoft has issued its pre Patch Tuesday report, saying it will issue seven patches fixing 12 code flaws next week but it wont provide a permanent fix for the exploit discovered during the recent holidays that is already being used in the wild.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/04/microsoft_p…
*** Canadian Government Acknowledges Security Breach ***
---------------------------------------------
"An employee of Human Resources and Skills Development Canada (HRSDC) recently misplaced an unencrypted USB drive containing sensitive data on approximately 5,000 Canadian citizens."The lost data, which was reported to the HRSDC on Nov. 17, included names, Social Insurance Numbers (similar to Social Security numbers) and other information criminals could use to defraud victims," writes TechNewsDailys Ben Weitzenkorn."The department, which handles a variety of files including
---------------------------------------------
http://www.esecurityplanet.com/network-security/canadian-government-acknowl…
*** Nicht zimperlich - DDoS-Attacken, gestohlene Daten: Harte Bandagen bei Lieferservices ***
---------------------------------------------
Strafbefehle gegen sieben Führungskräfte von Lieferheld wegen entwendeter Datenbank eines Konkurrenten
---------------------------------------------
http://derstandard.at/1356426716898/DDoS-Attacken-gestohlene-Daten-Harte-Ba…
*** Over 18,000 PayPal Phishing Websites Identified in December 2012 ***
---------------------------------------------
"Phishing websites, ones created by cybercriminals to harvest sensitive information from unsuspecting users, have become highly problematic lately. Because theyre so effective, crooks have launched a considerable number of sites that replicate popular companies. For instance, according to a study performed by Trend Micro for December 2012, a total of 18,947 phishing websites have been found to replicate PayPal...."
---------------------------------------------
http://news.softpedia.com/news/Over-18-000-PayPal-Phishing-Websites-Identif…
*** Major global Facebook Botnet taken down ***
---------------------------------------------
"A fraud ring worth around 525 million has been taken out of action by the joint efforts of Facebooks own security team and local police forces in the UK, Peru, the US and a number of other countries. The gang managed to steal the massive sum from Facebook users by secretly planting spyware on victims computers that would steal credit and bank card details. Along with financial details, personal information with worth on the black market was also lifted...."
---------------------------------------------
http://www.journalism.co.uk/press-releases/major-global-facebook-botnet-tak…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-01-2013 18:00 − Donnerstag 03-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** BSI warnt vor Sicherheitslücke im VLC Media Player ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik rät Nutzern der populären quelloffenen Videoabspielsoftware, auf die aktuelle Version 2.0.5 umzusteigen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27218c1d/l/0L0Sheise0Bde0Cmel…
*** Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack ***
---------------------------------------------
"This weeks watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturers website has been serving malware related to the attack since September. Researcher Eric Romang said that Capstone Turbine Corp., which builds power generation equipment for utilities, has been infected with malware exploiting CVE 2012-4969 for four months and the latest IE
---------------------------------------------
http://threatpost.com/en_us/blogs/energy-manufacturer-also-victimized-ie-ze…
*** 6 Big cyber security predictions for 2013 ***
---------------------------------------------
"If there is any weakness in security, you can guarantee the criminals will try to exploit it. And if a cyber criminal discovers a weakness in one community, it wont be long before that isolated crime turns into a trend. The commercialization of malware is rapidly becoming a well-organized and highly lucrative business...."
---------------------------------------------
http://venturebeat.com/2013/01/02/6-big-cyber-security-predictions-for-2013/
*** Malware SNEAK dons cunning disguise, opens creaky back door to servers ***
---------------------------------------------
Java-based exploit targets web-hosting servers A malicious backdoor designed to infect web servers poses a severe threat, Trend Micro warns.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/03/web_server_…
*** A New Way of Detecting Cybersecurity Attacks ***
---------------------------------------------
"Rajeev Bhargava is an acknowledged pioneer in the networking and software industry, and CEO of Toronto-based Decision Zone Inc. His career spans more than 30 years within the engineering and IT industry, and he has been closely associated with many of its major developments. Rajeev has advised many of North Americas largest organizations within the telecom, financial, high tech, military, retail, aerospace and government industries. He is the inventor of an anomaly detection solution used
---------------------------------------------
http://www.digitalcommunities.com/articles/A-New-Way-of-Detecting-Cyber-Sec…
*** Lücke in Ruby on Rails erlaubt SQL-Injections ***
---------------------------------------------
Alle aktuellen Versionen des Fameworks Ruby on Rails sind von einer Sicherheitslücke betroffen, die das Einschleusen von beliebigem SQL-Code ermöglicht. Nutzer sollten ihre Software möglichst schnell aktualisieren.
---------------------------------------------
http://www.heise.de/meldung/Luecke-in-Ruby-on-Rails-erlaubt-SQL-Injections-…
*** Virenverseuchte Dia-Scanner bei Tchibo verkauft ***
---------------------------------------------
Der Kaffeeröster Tchibo hat in der Vorweihnachtszeit des vergangenen Jahres einen virenverseuchten Dia-Scanner verkauft. Das Gerät wurde ab dem 11. Dezember 2012 für 60 Euro über die Filialen und den Tchibo-Onlineshop angeboten.
---------------------------------------------
http://www.heise.de/meldung/Virenverseuchte-Dia-Scanner-bei-Tchibo-verkauft…
*** Invasion of the Botnets ***
---------------------------------------------
"Millions and millions of PCs have been silently infiltrated with bot malware, creating massive bot armies, poised to steal and inflict maximum damage when triggered by their Bot Commander. There are several botnets each comprising millions of compromised PCs, such as Zeus, Conficker, Mariposa, ZeroAccess and BredoLab, waiting for the next command from their Bot Commander, so that they can spring into action and obediently carry out their strike orders like a well-disciplined and
---------------------------------------------
http://dwaterson.com/2013/01/02/invasion-of-the-botnets/
*** Cloud security to be most disruptive technology of 2013 ***
---------------------------------------------
"The Security for Business Innovation Council, comprised of IT security professionals from 19 companies worldwide, called cloud computing the main disruptive force for 2013. In its report, "Information Security Shake-Up," the group said it was evident many organizations are preparing to move more business processes to the cloud. This year, it will even be "mission-critical apps and regulated data" consigned to the cloud...."
---------------------------------------------
http://www.networkworld.com/news/2013/010313-cloud-security-265437.html
*** Facebook-Lücke erlaubte unbemerkte Webcam-Aufnahmen ***
---------------------------------------------
Rund vier Monate nachdem zwei Sicherheitsforscher eine Schwachstelle in Facebooks Video-Upload-Funktion meldeten, soll de Lücke geschlossen worden sein. Die Entdecker sind überrascht über die Höhe der von Facebook gezahlten Belohnung.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2729d37e/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 28-12-2012 18:00 − Mittwoch 02-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Microsoft Warns of New Gaming Malware ***
---------------------------------------------
"According to a recent report by Marianne Mallen of the Microsoft Malware Protection Center (MMPC), Microsoft researchers recently came across three new Trojans that specifically target Korean gamers."According to the ... MMPC, whoever is responsible for these pieces of malware is attempting to pilfer user login credentials, credit card information that is used to pay for in-game money and assorted upgrades, Korean ID numbers (a sort of Korean-variety Social Security number often
---------------------------------------------
http://www.esecurityplanet.com/malware/microsoft-warns-of-new-gaming-malwar…
*** Microsoft - Windows XP wird zum Sicherheitsrisiko ***
---------------------------------------------
Die Zeitschrift ct warnt: "Ab 2014 kann man einen XP-Rechner nur noch in völliger Isolation betreiben"
---------------------------------------------
http://text.derstandard.at/1356426331198/Windows-XP-wird-zum-Sicherheitsris…
*** 29C3 - erfolgreicher Angriff auf verschlüsselnde Festplatten ***
---------------------------------------------
Auch bei automatisch verschlüsselnden Festplatten (Self-Encrypting Drives, SED) können Angreifer die Daten mit wenigen Handgriffen auslesen: Der Informatiker Tilo Müller demonstrierte am Freitag auf dem 29. Hacker-Kongress des Chaos Computer Clubs (29C3) in Hamburg, wie sich die Hardware-Verschlüsselung von Desktop-Computern oder Laptops angreifen lässt.
---------------------------------------------
http://www.heise.de/meldung/29C3-erfolgreicher-Angriff-auf-verschluesselnde…
*** Windows 8 Will Be Harder to Hack - Security Expert ***
---------------------------------------------
"Windows 8 has already been attacked by hackers who wanted to activate the operating system at no cost, but theres no doubt its one of the most secure Windows iterations released so far. And Microsoft uses this argument to promote Windows 8 with every single occasion, while security companies across the globe confirm that its harder to attack the new OS. McAfee said in its 2013 predictions report that Windows 8 may become hackers next big target, but Rapid7 CISO and Metasploit founder HD...
---------------------------------------------
http://news.softpedia.com/news/Windows-8-Will-Be-Harder-to-Hack-Security-Ex…
*** Bugtraq: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption ***
---------------------------------------------
GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
---------------------------------------------
http://www.securityfocus.com/archive/1/525167
*** Worst email scams of 2012 ***
---------------------------------------------
"The scammers have continued to flood us with dodgy emails this year. Here are some of the worst ones weve spotted. Identity fraud and theft continues to be a big issue in the UK...."
---------------------------------------------
http://www.lovemoney.com/news/scams-and-rip-offs/scams/18904/worst-email-sc…
*** Provisorischer Fix für kritische Lücke im Internet Explorer ***
---------------------------------------------
Im Internet Explorer bis einschließlich Version 8 klafft eine kritische Sicherheitslücke. Microsoft hat nun ein Fix-It-Tool herausgegeben, mit dem sich Nutzer der betroffenen IE-Versionen schützen können, bis ein Patch fertig ist.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27194e91/l/0L0Sheise0Bde0Cmel…
*** Piraterie - Gecrackte Apps: Neue Dienste kapern iOS auch ohne Jailbreak ***
---------------------------------------------
Nachfolger von Installous könnten wesentlich mehr User erreichen
---------------------------------------------
http://derstandard.at/1356426557392/Gecrackte-Apps-Neue-Dienste-kapern-iOS-…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 27-12-2012 18:00 − Freitag 28-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** ICS-CERT Closes-out Two Alerts ***
---------------------------------------------
"Today the folks at DHS ICS-CERT published two advisories for different systems that were based upon uncoordinated disclosures reported earlier by ICS-CERT. Actually ICS-CERT only notes that one is based upon an earlier alert, but records show that both were. The affected systems are from RuggecCom and Carlo Gavazzi Automation...."
---------------------------------------------
http://chemical-facility-security-news.blogspot.nl/2012/12/ics-cert-closes-…
*** RealPlayer RealMedia File Handling Buffer Overflow ***
---------------------------------------------
Topic: RealPlayer RealMedia File Handling Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bi_N1sR5TgU/WLB-20…
*** Joomla bch and Content Shell Upload ***
---------------------------------------------
Topic: Joomla bch and Content Shell Upload Risk: High Text: [ Joomla com_content Shell Upload Vulnerability] [x] Author : Agd_Scorp [x] Home : www.turkguvenligi.info ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vUggqlfFDmw/WLB-20…
*** Vuln: Real Networks RealPlayer Multiple Security Vulnerabilities ***
---------------------------------------------
Real Networks RealPlayer Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56956
Next End-of-Shift report on 2013-01-02
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 21-12-2012 18:00 − Donnerstag 27-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Vuln: Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability ***
---------------------------------------------
Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55465
*** Java 7 update offers more security options ***
---------------------------------------------
"A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox. The plethora of security attacks that exploit flaws in the Java platform means that disallowing Java from browsers has long been recommended by security...
---------------------------------------------
http://www.fiercecio.com/techwatch/story/java-7-update-offers-more-security…
*** India Developing Its Own Secure Operating System ***
---------------------------------------------
"According to The Times of India, 150 engineers from all across the country have already been working on the project for over one year and a half, but it will take another three before the operating systems can be rolled out. The director general of the DRDO has explained that India needs its own operating system to strengthen cyber security. He has emphasized that the current operating systems used in India, regardless whether theyre Windows or Linux-based, contain numerous security...
---------------------------------------------
http://news.softpedia.com/news/India-Developing-Its-Own-Secure-Operating-Sy…
*** Vuln: WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability ***
---------------------------------------------
WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56988
*** Hook Analyser Malware Tool 2.2 ***
---------------------------------------------
"Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes: The UI and modules of the project have been re-written...."
---------------------------------------------
http://packetstormsecurity.org/files/119087
*** PHP-CGI Argument Injection Remote Code Execution ***
---------------------------------------------
Topic: PHP-CGI Argument Injection Remote Code Execution Risk: High Text:#!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution T...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/HMIGwX9uCpo/WLB-20…
*** [remote] - IBM Lotus Notes Client URL Handler Command Injection ***
---------------------------------------------
IBM Lotus Notes Client URL Handler Command Injection
---------------------------------------------
http://www.exploit-db.com/exploits/23650
*** [remote] - Microsoft SQL Server Database Link Crawling Command Execution ***
---------------------------------------------
Microsoft SQL Server Database Link Crawling Command Execution
---------------------------------------------
http://www.exploit-db.com/exploits/23649
*** NVidia Display Driver Service (nvvsvc.exe) Exploit ***
---------------------------------------------
Topic: NVidia Display Driver Service (nvvsvc.exe) Exploit Risk: High Text:/* NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE = (@...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/RWnidJO9giU/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout ***
---------------------------------------------
Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/m7FLRoPAp58/WLB-20…
*** HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03577598
*** Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability ***
---------------------------------------------
Squid cachemgr.cgi Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56957
*** QNAP-NAS anfällig für cross-site-scripting (XSS) ***
---------------------------------------------
Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird.
So ist z.B. die Photostation und die TVStation anfällig für XSS.
---------------------------------------------
http://sdcybercom.wordpress.com/
*** CA20121220-01: Security Notice for CA IdentityMinder ***
---------------------------------------------
CA Technologies Support is alerting customers to two potential risks in
CA IdentityMinder (formerly known as CA Identity Manager). Two
vulnerabilities exist that can allow a remote attacker to execute
arbitrary commands, manipulate data, or gain elevated access. CA
Technologies has issued patches to address the vulnerability.
---------------------------------------------
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B…
*** VMWare posts some updates, (Fri, Dec 21st) ***
---------------------------------------------
Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that).... .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch! -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14740&rss
Next End-of-Shift report on 2012-12-27
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 19-12-2012 18:00 − Donnerstag 20-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Sweet Orange Exploit Kit Offers Customers Higher Infection Rates ***
---------------------------------------------
"The newly emerging Sweet Orange Exploit Kit boasts a 10 to 25 percent infection rate and is promising to drive 150,000 unique visitors per day to the websites of its customers, according to Jeff Doty and Chris Larsen of Blue Coat Security. If the claims of Sweet Oranges authors reflect reality, it means that users of the kit can expect to add anywhere between 15,000 and 37,500 machines to their botnet per day. Sweet Orange has 45 dedicated IP addresses and 267 unique domains, which Doty...
---------------------------------------------
http://threatpost.com/en_us/blogs/sweet-orange-exploit-kit-offers-customers…
*** MyBB MyYoutube Cross Site Scripting ***
---------------------------------------------
Topic: MyBB MyYoutube Cross Site Scripting Risk: Low Text:# Exploit Title: MyYoutube MyBB Stored XSS # Date: 17.12.2012 # Exploit Author: limb0 # Vendor Homepage: http://www.mybb-es....
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/C8aZDfreDmo/WLB-20…
*** MyBB Xbox Live ID Cross Site Scripting ***
---------------------------------------------
Topic: MyBB Xbox Live ID Cross Site Scripting Risk: Low Text:# Exploit Title: Xbox Live ID MyBB Plugin Stored XSS # Date: 13/12/2012 # Exploit Author: limb0 # Vendor Homepage: http://ww...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/qUghUFk2MwE/WLB-20…
*** Vuln: Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities ***
---------------------------------------------
Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56906
*** Bugtraq: EMC Avamar: World writable cache files ***
---------------------------------------------
EMC Avamar: World writable cache files
---------------------------------------------
http://www.securityfocus.com/archive/1/525095
*** Apache plug-in doles out Zeus attack ***
---------------------------------------------
Points victims to Sweet Orange exploit server, slurps banking credentials Anti-virus outfit Eset has discovered a malicious Apache module in the wild that serves up malware designed to steal banking credentials.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/apache_dang…
*** SurgeFTP Remote Command Execution ***
---------------------------------------------
Topic: SurgeFTP Remote Command Execution Risk: High Text:require msf/core class Metasploit3
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/iwcAssIZcxo/WLB-20…
*** Drupal Core 6.x & 7.x Access Bypass & Code Execution ***
---------------------------------------------
Topic: Drupal Core 6.x & 7.x Access Bypass & Code Execution Risk: High Text:View online: http://drupal.org/SA-CORE-2012-004 * Advisory ID: DRUPAL-SA-CORE-2012-004 * Project: Drupal core [1] * ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bLFpBaVeTdc/WLB-20…
*** ENISA on Smart Grids: a Risk-Based Approach Is Key to Secure Implementation ***
---------------------------------------------
"The European Network and Information Security Agency (ENISA) has released a new report to help smart grid providers properly secure their infrastructures against cyberattacks. The European Union hopes to achieve a 20% increase in renewable energy, a 20% reduction in CO2 emissions, and a 20% increase in energy efficiency by 2020. Smart grids can help a lot in achieving these goals, but they must be rolled out in a secure way...."
---------------------------------------------
http://news.softpedia.com/news/ENISA-on-Smart-Grids-a-Risk-Based-Approach-I…
*** Vuln: Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities ***
---------------------------------------------
Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56982
*** PGP, TrueCrypt-encrypted files CRACKED by £300 tool ***
---------------------------------------------
Plod at the door? Better yank out that power cable ElcomSoft has built a utility that forages for encryption keys in snapshots of a PCs memory to decrypt PGP and TrueCrypt-protected data.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/elcomsoft_t…
*** Sicherheitslücke in AMDs Catalyst-Control-Center ***
---------------------------------------------
Eigentlich soll das Catalyst-Control-Center von AMD helfen die Treiber für Grafikkarten so aktuell wie möglich zu halten - über ein Ausnutzen der Update-Benachrichtigung kann vermutlich ein manipulierter Treiber untergejubelt werden.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/26cbb061/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 18-12-2012 18:00 − Mittwoch 19-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** The Only 2013 Cybersecurity Predictions List You Need to Read ***
---------------------------------------------
"Please, allow me to save you some time reading all of those Top 10 Cybersecurity Threats of 2013 lists from journalists, bloggers, analysts, vendors and other crackpots. Nearly all of them will include the 10 following threats, in varying orders:The Cloud Lots of vulnerabilities out there. BYOD/Mobile malware Its a problem dealing with all these devices...."
---------------------------------------------
http://blogs.cio.com/security/17647/only-2013-cybersecurity-predictions-lis…
*** 1-15 December 2012 Cyber Attacks Timeline ***
---------------------------------------------
"Christmas is coming quickly, we have just passed the first half of December, and hence its time for the first update of the Cyber Attacks Timeline for December. The Team GhostShell has decided to close the year with a clamorous Cyber Attack, and hence,as part of the project ProjectWhiteFox, has leaked 1. 6 million of accounts from several organizations all over the world...."
---------------------------------------------
http://hackmageddon.com/2012/12/17/1-15-december-2012-cyber-attack-timeline/
*** Enterpriser16 LB 7.1 Cross Site Scripting ***
---------------------------------------------
Topic: Enterpriser16 LB 7.1 Cross Site Scripting Risk: Low Text:Title: Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: == 2012-12-12 References: == http://ww...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Pv935OaGGFY/WLB-20…
*** [webapps] - SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability ***
---------------------------------------------
SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/23498
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 17-12-2012 18:00 − Dienstag 18-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56846
*** Vuln: Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56847
*** Vuln: TWiki Multiple Security Vulnerabilities ***
---------------------------------------------
TWiki Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56950
*** Reminder: Java 6 end-of-live February 2013 , (Mon, Dec 17th) ***
---------------------------------------------
Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here: http://www.oracle.com/technetwork/java/javase/eol-135779.html ---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14719&rss
*** Bugtraq: IPv6 Neighbor Discovery security (new documents) ***
---------------------------------------------
IPv6 Neighbor Discovery security (new documents)
---------------------------------------------
http://www.securityfocus.com/archive/1/525063
*** Cyber Security Bulletin (SB12-352) - Vulnerability Summary for the Week of December 10, 2012 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability...
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB12-352.html
*** Carberp-in-the-Mobile found on Google Play ***
---------------------------------------------
"Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play cant be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps. Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2362
*** Lookout Predicts 18 Million Android Malware Infections by End of 2013 ***
---------------------------------------------
"Lookout Mobile Security recently published its mobile threat predictions for 2013, anticipating that 18 million Android users will encounter mobile malware between the beginning of 2012 and the end of 2013."The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0. 20 percent in Japan to 0. 40 percent in the US and as high as 34...."
---------------------------------------------
http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-…
*** Trojan Upclicker malware infecting PCs via mouse input ***
---------------------------------------------
"Windows PC owners be warned theres a new strain of malware out there that befuddles users into helping it accomplish its dirty deeds via mouse clicks. Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors. FireEye researchers Abhishek Singh and Yasir Khalid noted that Trojan Upclicker is a variant...
---------------------------------------------
http://www.itproportal.com/2012/12/17/trojan-upclicker-malware-infecting-pc…
*** EU to propose mandatory reporting of cyber incidents ***
---------------------------------------------
"The European Union may force companies operating critical infrastructure in areas such as banking, energy and stock exchanges to report major online attacks and reveal security breaches, according to draft report by the European Commission. The European Commission is due to present a proposal on cybersecurity in February once it has received feedback from the European Parliament and EU countries. The proposal was initially announced in May for the third quarter this year but has been...
---------------------------------------------
http://www.euractiv.com/infosociety/eu-propose-mandatory-reporting-c-news-5…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 14-12-2012 18:00 − Montag 17-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: MyBB DyMy User Agent Plugin SQL Injection Vulnerability ***
---------------------------------------------
MyBB DyMy User Agent Plugin SQL Injection Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56931
*** Bugtraq: Wordpress Pingback Port Scanner ***
---------------------------------------------
Wordpress Pingback Port Scanner
---------------------------------------------
http://www.securityfocus.com/archive/1/525045
*** Bugtraq: DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) ***
---------------------------------------------
DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)
---------------------------------------------
http://www.securityfocus.com/archive/1/525044
*** ENISA - Introduction to Return on Security Investment ***
---------------------------------------------
"As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention...."
---------------------------------------------
http://www.enisa.europa.eu/activities/cert/other-work/introduction-to-retur…
*** Foswiki Remote code execution and other vulnerabilities in MAKETEXT ***
---------------------------------------------
Topic: Foswiki Remote code execution and other vulnerabilities in MAKETEXT Risk: High Text: + Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/8WkKh9Nz_ZM/WLB-20…
*** Eurograbber: A Smart Trojan Attack - Hackers Methods Reveal Banking Know-How ***
---------------------------------------------
"The Eurograbber banking Trojan is an all-in-one hit, researchers say. It successfully compromises desktops and mobile devices, and has gotten around commonly used two-factor authentication practices in Europe. How can banking institutions defend themselves and their customers against this super-Trojan attack?..."
---------------------------------------------
http://www.bankinfosecurity.com/eurograbber-smart-trojan-attack-a-5359?rf=2…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-12-2012 18:00 − Freitag 14-12-2012 18:00
Handler: Christian Wojner
Co-Handler: n/a
*** Internet Explorer rats out the mouse - Update ***
---------------------------------------------
"Company Spider. io warns that Internet Explorer allows a users mouse position to be determined even if the mouse cursor is located outside of the browser window or the browser window isnt being displayed at all either because it is minimised or the user has switched to view another tab or window. This is potentially dangerous because it enables web pages to intercept sensitive data that is being entered via virtual keyboards and virtual keypads, say the researchers...."
---------------------------------------------
http://www.h-online.com/security/news/item/Internet-Explorer-rats-out-the-m…
*** Bugtraq: Addressbook v8.1.24.1 Group Name XSS ***
---------------------------------------------
Addressbook v8.1.24.1 Group Name XSS
---------------------------------------------
http://www.securityfocus.com/archive/1/525027
*** New Trojan attempts SMS fraud on OS X users ***
---------------------------------------------
"The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud. The new malware is a Trojan horse, dubbed "Trojan. SMSSend...."
---------------------------------------------
http://news.cnet.com/8301-1009_3-57558780-83/new-trojan-attempts-sms-fraud-…
*** Apple updates OS X malware definitions for new fake-installer/SMS trojan ***
---------------------------------------------
"MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as TrojanSMSSend...."
---------------------------------------------
http://9to5mac.com/2012/12/13/apple-updates-os-x-malware-definitions-for-ne…
*** Backdoor Found at NDIS Level ***
---------------------------------------------
"It is one thing to have a piece of malware that can focus on targeted attacks, but it is quite another to have it also be nearly invisible. That is just what a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel. A, is able to do, said researchers at Microsofts Malware Protection Center...."
---------------------------------------------
http://www.isssource.com/backdoor-found-at-ndis-level/
*** New Attacks from Gameover Gang ***
---------------------------------------------
"Millions of emails, which pose as coming from major U.S. banks, are spamming out, according to Dell SecureWorks Counter Threat Unit. The fake but convincing-looking emails appeal to a more security-minded banking customer: You have received a new encrypted message or a secure message from [XYZ] Bank, one of the email campaigns said, noting the bank has set up a secure email exchange for its customers as a way to allay privacy and security concerns. The message includes an infected
---------------------------------------------
http://www.isssource.com/new-attacks-from-gameover-gang/
*** Yet another eavesdrop vulnerability in Cisco phones ***
---------------------------------------------
Security groundhog day A university student presenting at the Amphion Forum has demonstrated turning a Cisco VoIP phone into a listening device, even when it's on the hook.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/13/cisco_voip_…
*** Dexter malware targets point of sale systems worldwide ***
---------------------------------------------
"You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems. First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking providers...."
---------------------------------------------
http://www.theregister.co.uk/2012/12/14/dexter_malware_targets_pos_systems/
*** Top 7 security predictions for 2013 ***
---------------------------------------------
"A seismic shift in who controls the Internet? Another Mac malware outbreak? Your smart TV being highjacked for a DDoS attack?..."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14120
*** [DNB] Joomla, WordPress Sites Hit by IFrame Injection Attacks ***
---------------------------------------------
'....Users of the popular Joomla content management system are being
urged by security experts to upgrade to the latest version after
reports of exploits being used to compromise websites built on the
platform......'
---------------------------------------------
https://threatpost.com/en_us/blogs/joomla-wordpress-sites-hit-iframe-inject…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 12-12-2012 18:00 − Donnerstag 13-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Researchers uncover Tor-powered Skynet botnet ***
---------------------------------------------
"Rapid7 researchers have recently unearthed an unusual piece of malware that turned out to be crucial to the formation of an elusive botnet - dubbed Skynet by the researchers - whose existence has been documented in a very popular Reddit "I Am A" thread. The Trojan in question has DDoS and Bitcoin-mining capabilities, but its main function is to steal banking credentials. The botnet operator spreads the malware via the Usenet discussion forum, which is also a popular platform for...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2357
*** "Dexter" malware steals credit card data from point-of-sale terminals ***
---------------------------------------------
"A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30...
---------------------------------------------
http://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-d…
*** New Findings Lend Credence to Project Blitzkrieg ***
---------------------------------------------
"Project Blitzkrieg," a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2013, was met with skepticism from some in the security community after news of the scheme came to light in October. Many assumed it was a law enforcement sting, or merely the ramblings of a wannabe criminal mastermind. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/RgJgMJ51mKo/
*** Cybersecurity company using hackers own devices against them ***
---------------------------------------------
"A California cybersecurity start-up, marketing itself as a private cyber intelligence agency, works to identify foreign attackers who are attempting to steal corporate secrets; it does so by using the attackers own techniques and vulnerabilities against them; the company also collects data on hackers and tricks intruders into stealing false information Shawn Henry, the head of the FBI cyber crimes division, this year left agency after twenty-four years to become the president CrowdStrike,...
---------------------------------------------
http://www.homelandsecuritynewswire.com/dr20121213-cybersecurity-company-us…
*** Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10 ***
---------------------------------------------
"Facebooks security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions. The arrests were carried out yesterday in the U.S., U.K., the Balkans, South America and New Zealand in connection with spreading the Yahos malware on Facebook from 2010 to this October. Yahos compromised more than 11 million computers, the FBI said...."
---------------------------------------------
http://threatpost.com/en_us/blogs/facebook-security-fbi-take-down-butterfly…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 11-12-2012 18:00 − Mittwoch 12-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** First fake-installer Trojan for Mac OS ***
---------------------------------------------
December 11, 2012 Russian anti-virus company Doctor Web informs users about a new Trojan for Mac OS X dubbed Trojan.SMSSend.3666. The malicious scheme used to spread this Trojan is notorious among many Windows users but until now it hasnt been employed to deceive owners of Macs. Trojan.SMSSend is a fake installer which can be downloaded from various sites under the guise of useful software. Trojan.SMSSend programs are found in large numbers on the Internet. These are fake installers available
---------------------------------------------
http://news.drweb.com/show/?i=3138&lng=en&c=9
*** Web-Seiten identifizieren Besucher über deren soziale Netze ***
---------------------------------------------
Der New Yorker Sumit Suman staunte nicht schlecht. Nach seinem Besuch der Web-Seiten von UberVu bekam er am nächsten Tag eine persönliche E-Mail mit Werbeangeboten der Firma.
---------------------------------------------
http://www.heise.de/security/meldung/Web-Seiten-identifizieren-Besucher-ueb…
*** Dezember-Patchday bei Microsoft und Adobe ***
---------------------------------------------
Microsoft und Adobe haben ihre Dezember-Patchdays abgehalten und dabei zahlreiche kritische Lücke geschlossen. Während Microsoft die meisten Windows-Versionen, den Internet Explorer, Word und einige Server-Produkte abgesichert hat, gab es von Adobe Patches für den Flash Player, AIR und ColdFusion.
---------------------------------------------
http://www.heise.de/security/meldung/Dezember-Patchday-bei-Microsoft-und-Ad…
*** Microsoft Internet Explorer 610 Mouse Tracking ***
---------------------------------------------
Topic: Microsoft Internet Explorer 610 Mouse Tracking Risk: Medium Text:Summary: Unprivileged attackers can track your system-wide mouse movements from any IE page, even when the page is unfocused o...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/GTaeIyspNpM/WLB-20…
*** Samsungs smart TVs wide open to exploits ***
---------------------------------------------
The downside to being more like a PC Samsungs Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/smart_tv_pw…
*** Russian space research org targeted by mystery malware attack ***
---------------------------------------------
Korean message forum becomes cyber-espionage hub Security researchers have discovered a targeted attack against Russian hi-tech firm that appears to originate in Korea.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/russian_cyb…
*** North America and Europe Most Threatened by Money-Stealing Android Trojans ***
---------------------------------------------
"If youre living in Europe or North America and if youre an Android user, the mobile malware that targets you is most likely designed to steal your money. On the other hand, if you live in Asia, youre more likely to be bombarded with aggressive adware and annoying ads. These are the results of a study performed by security firm Bitdefender with the aid of its mobile security solution, between January 1 and December 1, 2012...."
---------------------------------------------
http://news.softpedia.com/news/North-America-and-Europe-Most-Threatened-by-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 10-12-2012 18:00 − Dienstag 11-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Beware of Bitcoin miner posing as Trend Micro AV ***
---------------------------------------------
"Malware almost always comes in disguise, but some malware peddlers try to do a better job than others. Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself off as "Trend Micro AntiVirus Plus AntiSpyware" (click on the screenshot to enlarge it):Unfortunately for whose who get fooled, the software in question is a Trojan that creates the process svchost. exe and downloads additional malicious components such as a Bitcoin miner application
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2349
*** Multipurpose Necurs Trojan infects over 83,000 computers ***
---------------------------------------------
"The polivalent Necurs malware family has been wreaking havoc in November by infecting over 83,000 unique computers - and that are only the ones detected by Microsofts solutions! The Necurs Trojan is capable of:Modifying the computers registry in order to make itself start after every reboot. Dropping additional components that prevents a large number of security applications from functioning correctly, including the ones manufactured by Avira, Kaspersky Lab, Symantec and
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2350
*** 200,000 new malicious programs detected every day ***
---------------------------------------------
"Kaspersky Lab released its annual Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2012. The report revealed significant growth of Mac-specific malware and an explosive growth in the number of threats targeting the Android platform. Overall, Kaspersky Lab detected and blocked more than 1...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2352
*** Necurs Rootkit Infections Way Up ***
---------------------------------------------
"Infections from a nasty bit of malware, generally delivered by the Black Hole Exploit Kit, surged in November, hitting more than 83,000 machines. Microsofts Malware Protection Center rates the Necurs rootkit threat as severe. Dubbed a rootkit by Kaspersky Lab, Necurs has many dimensions to it...."
---------------------------------------------
http://threatpost.com/en_us/blogs/necurs-rootkit-infections-way-120712?
*** Joomla (and WordPress) Bulk Exploit Going on, (Mon, Dec 10th) ***
---------------------------------------------
Weve gotten some reports and discussion around many Joomla (and some WordPress) sites exploited and hosting IFRAMES pointing to bad places. Well get to the downloaded in a second, but the interesting thing to note is that it doesnt seem to be a scanner exploiting one vulnerability but some tool thats basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. Wed like PCAPs or weblogs if youre seeing something similar in your environment.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14677&rss
*** Russian ransomware strikes Queensland doctor ***
---------------------------------------------
Seven years of patients files encrypted by crooks. A medical practice in the Australian state of Queensland, the Miami Family Medical Centre, has been hit by ransomware said to originate in Russia.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/queensland_…
*** Unzuverlässige Trojaner-Warnungen durch Android 4.2 ***
---------------------------------------------
Nur 15 Prozent der in einer Analyse eingesetzten Schadsoftware hat der mit Googles Betriebssystem Jelly Bean (Android 4.2) kommende App Verification Service entdeckt.
---------------------------------------------
http://www.heise.de/security/meldung/Unzuverlaessige-Trojaner-Warnungen-dur…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 07-12-2012 18:00 − Montag 10-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Sophos Security Threat Report 2013, today... tomorrow ***
---------------------------------------------
"Sophos was one of the first security firms that has published a report, Sophos Security Threat Report 2013, on current status of security landscape making predictions for incoming year. The document propose an interesting overview on most common and dangerous cyber threats attempting to determine the level of penetration by different countries. The factors that have primary contributed to the diffusion of new cyber threats are the increasing in use of social networks platforms and
---------------------------------------------
http://www.infosecisland.com/blogview/22771-Sophos-Security-Threat-Report-2…
*** Onlinebanking lieber per Althandy ***
---------------------------------------------
Derzeit droht Nutzern von Internet-Banking-Diensten Gefahr durch den Trojaner Eurograbber, der Geld von mehr als 30 000 Bankkonten erbeutet haben soll. Er greift Online-Banking-Teilnehmer, die PC und Smartphone kombiniert einsetzen, gezielt an und fängt durch geschickte Fragen sowohl Kontodaten als auch Transaktionsnummern seiner Opfer ab. Internetnutzer können sich jedoch mit ein paar Tricks schützen.
---------------------------------------------
http://www.heise.de/security/meldung/Onlinebanking-lieber-per-Althandy-1764…
*** My Little Pronny: Autorun worms continue to turn ***
---------------------------------------------
"Malware activity exploiting Autorun on Windows computers has been generating quite a few calls to ESET support lines lately, reminding us that old infection techniques seldom die and USB flash drives can still be an effective means of getting malicious code onto a computer. USB drives can be used to infect computers that automatically execute files on removable media when that media is inserted. On Windows machines this is known as the Autorun feature (referred to as Autoplay in Windows
---------------------------------------------
http://blog.eset.com/2012/12/07/autorun-worm-continues-to-turn
*** 16-30 November 2012 Cyber Attacks Timeline ***
---------------------------------------------
"November has gone and its time to review this months cyber landscape. From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the
---------------------------------------------
http://hackmageddon.com/category/security/cyber-attacks-timeline/
*** That square QR barcode on the poster? Check its not a sticker ***
---------------------------------------------
Crooks slap on duff codes leading to evil sites Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/10/qr_code_sti…
*** Trojans spread from compromised Dalai Lama website ***
---------------------------------------------
December 5, 2012 Russian anti-virus company Doctor Web is informing users that several Trojans are being spread from compromised websites. In particular, malware is being downloaded from the official site of the Dalai Lama. Mac OS X systems are in danger as well as Windows PCs. Several days ago Doctor Web was informed that the official site of Tibet's spiritual leader, the Dalai Lama, had been compromised. Doctor Webs analysts discovered that when loading a page from the site in a
---------------------------------------------
http://news.drweb.com/show/?i=3124&lng=en&c=9
*** DDoS Attacks: Lessons Learned - 4 Thought Leaders Share Insights About Bank Attacks ***
---------------------------------------------
"Distributed-denial-of-service attacks waged against leading U.S. banks between mid-September and mid-October led to improved information sharing about threats. And that exchange proved effective in minimizing disruptions. Inter-bank and industry communication helped financial institutions targeted later in the DDoS campaign suffer less severe outages than those targeted earlier, says Mike Smith, a DDoS specialist at Web security vendor Akamai Technologies...."
---------------------------------------------
http://www.bankinfosecurity.com/ddos-attacks-lessons-learned-a-5343?rf=2012…
*** The "hidden" backdoor - VirTool:WinNT/Exforel.A ***
---------------------------------------------
Recently we discovered an advanced backdoor sample -
VirTool:WinNT/Exforel.A. Unlike traditional backdoor samples, this
backdoor is implemented at the NDIS (Network Driver Interface
Specification) level.
https://blogs.technet.com/b/mmpc/archive/2012/12/09/the-quot-hidden-quot-ba…
*** Vuln: TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities ***
---------------------------------------------
TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56602
*** VLC Media Player 2.0.4 Buffer Overflow ***
---------------------------------------------
Topic: VLC Media Player 2.0.4 Buffer Overflow Risk: High Text:Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : http:/...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JsOQvc6gSeY/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-12-2012 18:00 − Freitag 07-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Sieben Microsoft-Patches auf einen Streich am Patchday ***
---------------------------------------------
Microsoft kündigte an, anlässlich seines Dezember-Patchdays am kommenden Dienstag sieben Patch-Pakete (Bulletins) herauszugeben, die insgesamt elf Sicherheitslücken schließen. Fünf der Patch-Pakete stuft das Unternehmen als kritisch ein; sie schließen Lücken, die das Einschleusen von Schadcode aus der Ferne erlauben.
---------------------------------------------
http://www.heise.de/security/meldung/Sieben-Microsoft-Patches-auf-einen-Str…
*** Viele beliebte Windows-Programme unzureichend gesichert ***
---------------------------------------------
Der Autor der Software SlopFinder beschreibt, dass viele beliebte Windows-Programme selbst grundlegende Schutzmechanismen nicht verwenden. So soll bei DEP (Data Execution Prevention) der Prozessor über ein Flag (NX-Bit) die Ausführung von eingeschleustem Schadcode im Datenbereich verhindern.
---------------------------------------------
http://www.heise.de/security/meldung/Viele-beliebte-Windows-Programme-unzur…
*** RSA boss predicts "catastrophic" cyber attack ***
---------------------------------------------
"A large-scale attack on critical infrastructure will soon become a reality, according to RSA chief executive Art Coviello. The security boss said that poor government security protections combined with increasingly sophisticated attack techniques has left critical infrastructure at risk for attacks which could cause widespread damage."I abhor the phrase Cyber Pearl Harbor because I think it is a poor metaphor to describe the state I believe we are in," Coviello
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2229201/rsa-boss-art-coviello-predicts-catas…
*** Skynet, a Tor-powered botnet straight from Reddit ***
---------------------------------------------
FROM: Matthias Fraidl <fraidl(a)cert.at>
Following is an overview of this malware labelled by the creator as
Skynet: a Tor-powered trojan with DDoS, Bitcoin mining and Banking
capabilities, that we observed spreading through the veins of Usenet.
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor…
---------------------------------------------
/taranis/mod_assess/show_mail.pl?id=1826
*** BlackHole Exploit Kit Has Difficulties in Infecting Chrome Users, Experts Say ***
---------------------------------------------
"The notorious BlackHole exploit kit has been around for quite some time now, with new iterations being released periodically. While it can be considered one of the most efficient cybercriminal tools, BlackHole doesnt like it when its victims utilize Googles Chrome web browser. According to experts from Blue Coat, when potential victims are tricked into clicking on links that point to BlackHole-infested websites, theyre presented with a loading or a please wait message, while in the
---------------------------------------------
http://news.softpedia.com/news/BlackHole-Exploit-Kit-Has-Difficulties-in-In…
*** New Trojan Exploits Mobile Channel - Eurograbber Defeats Two-Factor Authentication ***
---------------------------------------------
"Eurograbber is more than just another banking Trojan. Its an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Points Darrell Burkey. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks...."
---------------------------------------------
http://www.bankinfosecurity.com/interviews/new-trojan-exploits-mobile-chann…
*** WhatsApp schließt Lücke erneut, aber nicht überall ***
---------------------------------------------
Das Katz-und-Maus-Spiel um die Sicherheit von WhatsApp geht in die nächste Runde: Nachdem heise Security vor rund einer Woche demonstriert hatte, dass die Android-Version nach wie vor anfällig für Account-Hijacking ist, bietet der Betreiber nun WhatsApp-Version 2.8.8968 über Google Play an, die eine verbesserte Rufnummern-Verifikation verspricht.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-schliesst-Luecke-erneut-aber-…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-12-2012 18:00 − Mittwoch 05-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** SHA1-Schwäche begünstigt Passwortknacker ***
---------------------------------------------
Jens Steube, einer der Autoren des populären Passwortknackers Hashcat, hat eine "Schwäche im kryptografischen Hash-Verfahren SHA1" (PDF-Datei) ausgemacht, die es ihm erlaubt, das Knacken von Passwörtern um etwa 20 Prozent zu beschleunigen.
---------------------------------------------
http://www.heise.de/security/meldung/SHA1-Schwaeche-beguenstigt-Passwortkna…
*** ATM Thieves Swap Security Camera for Keyboard ***
---------------------------------------------
This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like childs play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/kPS5w9ExcfQ/
*** Twitter’s deathless spoofing bug gets the heart-stake again ***
---------------------------------------------
Facebook, Venmo also plug SMS vuln Twitter says it has plugged its years-old SMS spoofing vulnerability after yet-another disclosure, this time by security consultant Jonathan Rudenberg. Facebook and social payments outfit Venmo have also blocked the vulnerability.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/05/twitter_dum…
*** Security Patch released for BIND 9.9.2, (Wed, Dec 5th) ***
---------------------------------------------
A security patch was released for BIND 9.9.2. The patch addresses 26 different bugs and/or security issues. Update your bind DNS server to version 9.9.2-P1. Updates can be downloaded here: http://www.isc.org/downloads/all More information is available here: https://kb.isc.org/article/AA-0082 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14641&rss
*** Apache Tomcat CSRF Prevention Filter Bypass ***
---------------------------------------------
Topic: Apache Tomcat CSRF Prevention Filter Bypass Risk: Low Text:CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/llUlhAAXXjo/WLB-20…
*** Apache Tomcat Security Bypass ***
---------------------------------------------
Topic: Apache Tomcat Security Bypass Risk: Medium Text:CVE-2012-3546 Apache Tomcat Bypass of security constraints Severity: Important Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bHs7rEreGXQ/WLB-20…
*** HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03464042
*** HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS) ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03556108
*** HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
*** Sophos Security Threat Report 2013: Norway Is the Safest Country ***
---------------------------------------------
"Sophos has just released its Security Threat Report 2013. The study focuses on topics such as Mac malware, targeted attacks, polymorphic attacks, ransomware, Android threats, Java attacks, and the BlackHole exploit kit. An interesting part of the report is the one which details the 10 riskiest and the 10 safest countries in the world...."
---------------------------------------------
http://news.softpedia.com/news/Sophos-Security-Threat-Report-2013-Norway-Is…
*** New 25-GPU Monster Devours Strong Passwords In Minutes ***
---------------------------------------------
chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cC50oUE-O1A/story01.htm
*** The Citadel crimeware kit - under the microscope ***
---------------------------------------------
Ever since the source code of the Zeus crimeware kit, also known as
Zbot, was leaked onto the internet in May 2011, many new variants have
appeared. These have typically added new features and improved on the
old code. One particularly prevalent example is Citadel.
---------------------------------------------
http://nakedsecurity.sophos.com/2012/12/05/the-citadel-crimeware-kit-under-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-12-2012 18:00 − Dienstag 04-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Instagram-App anfällig für Account-Hijacking ***
---------------------------------------------
Der Netzwerkverkehr der Instagram-App ist offenbar unzureichend geschützt: Wie der Sicherheitsexperte Carlos Reventlov berichtet, kommuniziert die App der Fotogemeinde unverschlüsselt über HTTP mit dem Instagram-Server. Ein Angreifer kann beim Belauschen des Datenverkehrs laut Reventlov ein Session-Cookie stehlen und damit im Kontext des Belauschten auf den Nutzerbereich von instagram.com zugreifen.
---------------------------------------------
http://www.heise.de/security/meldung/Instagram-App-anfaellig-fuer-Account-H…
*** Bugtraq: FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability ***
---------------------------------------------
FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524894
*** Bugtraq: ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities ***
---------------------------------------------
ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524892
*** Vuln: OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability ***
---------------------------------------------
OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56726
*** Vuln: OpenStack Token Expiration Security Bypass Vulnerability ***
---------------------------------------------
OpenStack Token Expiration Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56727
*** Vrublevsky Sues Kaspersky ***
---------------------------------------------
The co-founder and owner of ChronoPay, one of Russias largest e-payment providers, is suing Russian security firm Kaspersky Lab, alleging that the latter published defamatory blog posts about him in connection with his ongoing cybercrime trial.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/7qcGBLXbf74/
*** Vuln: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability ***
---------------------------------------------
Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56692
*** Bugtraq: SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion ***
---------------------------------------------
SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion
---------------------------------------------
http://www.securityfocus.com/archive/1/524903
*** Snort-2.9.4 has been released, (Mon, Dec 3rd) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14629&rss
*** Vuln: Oracle MySQL acl_get() Buffer Overflow Vulnerability ***
---------------------------------------------
Oracle MySQL acl_get() Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56769
*** Bug Hunter Finds Blended Threat Targeting Yahoo Web Site ***
---------------------------------------------
"A Romanian bug hunter has discovered a "blended threat" targeting Yahoos Developer Network Web site that allows unauthorized access to Yahoo users emails and private profile data. At a security conference Sunday, Sergiu Dragos Bogdan demonstrated an abbreviated version of an attack using the YQL console on developer. yahoo...."
---------------------------------------------
http://threatpost.com/en_us/blogs/bug-hunter-finds-blended-threat-targeting…
*** Rumble in the Tumblr: Troll-worm infected thousands of blogs ***
---------------------------------------------
Infamous crew unleashed JavaScript nasty on trendy journals A worm spread like wildfire across Tumblr on Monday, defacing pages on the blogging website with an abusive message penned by a notorious trolling crew.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/04/tumblr_java…
*** Post aus der Vergangenheit: Security-Fix nach 8 Jahren ***
---------------------------------------------
Das Advisory von Januar 2005 war eines von hunderten, ähnlich gearteten dieser Zeit: Eine PHP-Applikation überprüft die Parameter einer Datenbankabfrage nicht und als Resultat kann ein Angreifer mit speziellen URLs beliebige Datenbankbefehle einschleusen. Das besondere an diesem Bug-Report zu PHP Gift Registry: Nach über 7 Jahren hat sich der Autor der Software die Mühe gemacht, dann doch noch zu antworten.
---------------------------------------------
http://www.heise.de/security/meldung/Post-aus-der-Vergangenheit-Security-Fi…
*** Schnelles Passwort-Knacken bei MySQL ***
---------------------------------------------
Der Hacker mit dem Pseudonym KingCope hat erneut eine Sicherheitsproblematik der beliebten MySQL-Datenbank veröffentlicht. Durch eine bereits bekannte Eigenart der Benutzerverwaltung ist es möglich, die Geschwindigkeit einer BruteForce-Attacke signifikant zu erhöhen. Beim sogenannten "Brute Forcing" wird einfach eine Vielzahl möglicher Passwörter durchprobiert, um so das tatsächliche Passwort des angegriffenen Kontos zu erraten.
---------------------------------------------
http://www.heise.de/security/meldung/Schnelles-Passwort-Knacken-bei-MySQL-1…
*** Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling ***
---------------------------------------------
Topic: Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling Risk: Medium Text:Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in /tmp. I...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/6ZYCFcfGM0w/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 30-11-2012 18:00 − Montag 03-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Bugtraq: NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator ***
---------------------------------------------
NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator
---------------------------------------------
http://www.securityfocus.com/archive/1/524879
*** Schöne Bescherung - Hacker veröffentlicht Exploits für MySQL und SSH ***
---------------------------------------------
Der berüchtigte Hacker mit dem Pseudonym KingCope hat offenbar seine Altbestände ausgemistet und zum ersten Advent eine ganze Reihe von Exploits veröffentlicht, die zum Teil schon aus dem Jahr 2011 stammen. Primäres Ziel ist die mittlerweile von Oracle übernommene Open-Source-Datenbank MySQL; aber auch die SSH-Server der Firma SSH und FreeSSHd/FreeFTPd sind akut gefährdet.
---------------------------------------------
http://www.heise.de/security/meldung/Schoene-Bescherung-Hacker-veroeffentli…
*** The top 25 computing coding errors that lead to 85% of criminal internet activity ***
---------------------------------------------
"The list is being hailed as a major breakthrough that should gradually make theInternet much safer. "When consumers see that most vulnerabilities are caused by amere 25 weaknesses, a new standard for due diligence is likely to emerge," saysKonrad Vesey, a member of the National Security Agencys Information AssuranceDirectorate...."
---------------------------------------------
http://www.sans.org/top25-software-errors/#s4
*** OurWebFTP 5.3.5 Cross Site Scripting ***
---------------------------------------------
Topic: OurWebFTP 5.3.5 Cross Site Scripting Risk: Low Text:HTTPCS Advisory : HTTPCS112 Product : OurWebFTP Version : 5.3.5 Page : /index.php Variables : mwb_control2=Enter&mw...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Z9CTYZ5_rmc/WLB-20…
*** Libsyn Cross Site Scripting ***
---------------------------------------------
Topic: Libsyn Cross Site Scripting Risk: Low Text:As you can see from my publications for last five years, I like holes which are placed at hundreds or millions of web sites. S...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/xmo2Up5J5oE/WLB-20…
*** FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities ***
---------------------------------------------
Topic: FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities Risk: Low Text:Title: FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: == 2012-12-01 References: == http://...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/WC5HCX-SaKI/WLB-20…
*** Critical infrastructure systems should never have moved online, warn security experts ***
---------------------------------------------
"UK businesses linked to critical infrastructure areas have opened themselves up to cyber attacks by prematurely moving key systems online, according to prominent security experts. Co-founder of information security site The Jericho Forum, Paul Simmonds, highlighted the fact that the desire to cut costs by moving systems online has left firms vulnerable to cyber attacks."Im worried were rushing headlong into connecting parts of critical infrastructure items to the internet," ...
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2228538/critical-infrastructure-systems-shou…
*** Blogger demonstrieren gewieften Passwortklau ***
---------------------------------------------
Mitarbeitern der Firma Neophasis haben herausgefunden, dass mit relativ einfachen Mitteln Passwörter und andere Nutzerdaten per JavaScript-Modifikationen aus Web-Browsern abgegriffen werden können. Dass der Diebstahl über eine oft genutzte Tastenkombination funktioniert, macht die Schwachstelle gefährlich.
---------------------------------------------
http://www.heise.de/security/meldung/Blogger-demonstrieren-gewieften-Passwo…
*** Opera Web Browser 12.11 WriteAV Vulnerability ***
---------------------------------------------
Topic: Opera Web Browser 12.11 WriteAV Vulnerability Risk: Medium Text:Title : Opera Web Browser 12.11 WriteAV Vulnerability Version : 12.11 Build 1661 and 12.12 Date : 2012-12-03 Vend...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bY9KoqQu62A/WLB-20…
*** Safety First: That Means Mobile Banking ***
---------------------------------------------
"The answer surprises; here is the question: Is it safer to bank using a desktop computer or an app on a mobile phone? The answer is that, all considered, you are vastly safer with that mobile banking app."Fraudsters go after the low-hanging fruit, and that is PC-based banking," said Andreas Baumhof, chief technology officer at ThreatMetrix, in an interview. There is substantially more traffic over online banking channels than there is mobile, and thus the keener interest of ...
---------------------------------------------
http://www.themobilityhub.com/author.asp?section_id=2262&doc_id=254931
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 29-11-2012 18:00 − Freitag 30-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Server der Atombehörde IAEA erneut attackiert ***
---------------------------------------------
Die Internationale Atombehörde IAEA wurde zum zweiten Mal binnen weniger Tage attackiert. Dabei sollen Hacker geheime Daten gestohlen haben. Über die Herkunft der Hacker ist nichts bekannt, bei den zweiten Angreifern könnte es sich allerdings um Mitglieder von Anonymous handeln.
---------------------------------------------
http://futurezone.at/netzpolitik/12741-server-der-atombehoerde-iaea-erneut-…
*** Virtualization Security: Protecting Virtualized Environments ***
---------------------------------------------
"Virtualization changes the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, and changes in IT architecture and deployment life cycles. Whats more, the technologies, best practices, and strategies used for securing physical environments do not provide sufficient protection for virtual environments...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14030
*** Sprachtwittern für Syrer ***
---------------------------------------------
Nachdem Syrien seit Donnerstag nahezu komplett vom Internet abgeschnitten ist haben Google und Twitter den Dienst "speak2tweet" wieder aufgenommen. Der Dienst nimmt Sprachnachrichten unter vier internationalen Rufnummern an, legt sie auf Google-Servern ab und veröffentlicht die Links auf Twitter (siehe da auch #SyriaBlackout).
---------------------------------------------
http://www.heise.de/security/meldung/Sprachtwittern-fuer-Syrer-1760015.html…
*** Mail hackt Router ***
---------------------------------------------
Eine ganze Reihe von Routern von Arcor, Asus und TP-Link sind anfällig für eine ungewollte Fernkonfiguration. Der Sicherheitsforscher Bogdan Calin demonstriert in seinem Blog eindrucksvoll, dass im Netz der Router schon das Anzeigen einer Mail weitreichende Konsequenzen haben kann: Seine speziell präparierte Testmail konfiguriert beim Öffnen den WLAN-Router so um, dass der Internet-Datenverkehr umgeleitet wird.
---------------------------------------------
http://www.heise.de/security/meldung/Mail-hackt-Router-1759354.html/from/at…
*** Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html, (Fri, Nov 30th) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14599&rss
*** Microsoft Security Essentials Loses AV-Test Certificate ***
---------------------------------------------
helix2301 writes "Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didnt pass the test to achieve certification. Although that may not sound that impressive, Microsofts program was the only one which didnt receive AV-Tests certificate. For comparison, the other free antivirus software, including Avast, AVG
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/jXCBvPS16VQ/story01.htm
*** Hotel-Einbrecher werden zu Arduino-Tüftlern ***
---------------------------------------------
Der auf der diesjährigen Hackerkonferenz BlackHat demonstrierte Angriff auf die elektronischen Türschlösser der Marke Onity HT wurde weiter perfektioniert und möglicherweise auch schon von Einbrechern eingesetzt. Inzwischen gibt es im Netz eine Vielzahl detaillierter Anleitungen und Videos über das Aushebeln der Türsperre.
---------------------------------------------
http://www.heise.de/security/meldung/Hotel-Einbrecher-werden-zu-Arduino-Tue…
*** Crooks inject malicious Java applet into FOREX trading website ***
---------------------------------------------
VXers wouldnt give a XXXX for anything else A FOREX trading website has been contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/30/forex_tradi…
*** Latest phishing security test shows Chrome is the best, followed by IE10, Safari, and then Firefox ***
---------------------------------------------
"Phishing scams are becoming more and more prevalent, but thankfully browser makers have also stepped up their game: the average phishing URL catch rate in the top four browsers has jumped from 46 percent in 2009 to 92 percent in 2012 and the average time it took to block a new phishing URL also improved from 16. 43 hours to 4. 87 hours...."
---------------------------------------------
http://thenextweb.com/apps/2012/11/28/latest-phishing-security-test-shows-c…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 28-11-2012 18:00 − Donnerstag 29-11-2012 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** New version of wireshark is available (1.8.4), some security fixes included. , (Wed, Nov 28th) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14587&rss
*** Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime ***
---------------------------------------------
"In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been launched, including stock takings of legal and operational obstacles that prevent collaboration, advice resulting from that, workshops that brought together members of both communities, consultation with members of both communities, etc. It was soon
---------------------------------------------
http://www.enisa.europa.eu/activities/cert/support/fight-against-cybercrime…
*** Vuln: OpenDNSSEC cURL API Security Bypass Vulnerability ***
---------------------------------------------
OpenDNSSEC cURL API Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56679
*** How to Minimize Medical Device Risks - Ethical Hacker Offers Action Items ***
---------------------------------------------
"Malware and hackers present potential security threats to wireless medical devices and safety risks to the patients who use them. But healthcare organizations and device manufacturers can take several steps to curtail those risks, says an ethical hacker who has demonstrated the vulnerability of various devices. Barnaby Jack, director of embedded device security at services firm IOActive, recently demonstrated how an implanted wireless heart defibrillator can be hacked from 50 feet away to
---------------------------------------------
http://www.healthcareinfosecurity.com/how-to-minimize-medical-device-risks-…
*** [webapps] - Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities ***
---------------------------------------------
Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/23004
*** Bugtraq: Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability ***
---------------------------------------------
Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524863
*** WhatsApp: Schwere Sicherheitslücke entdeckt ***
---------------------------------------------
Über die Handynummer sowie die Seriennummer kann relativ einfach das WhatsApp-Passwort erzeugt und so ein fremder Accounts übernommen werden. Das hat das deutsche Online-Portal heise Security aufgedeckt. Die Entwickler von WhatsApp wollen aber offenbar nichts von der Lücke wissen.
---------------------------------------------
http://futurezone.at/produkte/12738-whatsapp-schwere-sicherheitsluecke-entd…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 27-11-2012 18:00 − Mittwoch 28-11-2012 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Java Zero-Day Exploit on Sale for ‘Five Digits’ ***
---------------------------------------------
Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracles Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/P9epzhQazQ0/
*** Cooperation is key for Europes cyber security - Conclusion of ENISA Brussels event ***
---------------------------------------------
"A high-level event organised by Europes cyber security agency, ENISA, recognised closer cyber cooperation and mutual support as key factors for boosting cyber security for Europes citizens, governments and businesses. The meeting, held today (27th November) in Brussels, was led by ENISAs Executive Director, Professor Udo Helmbrecht, and brought together key figures from the European Parliament, European Commission and the computer industry. Participants included Ms Amelia Andersdotter,
---------------------------------------------
http://mb.cision.com/Main/119/9341197/71035.pdf
*** Sysadmin creates tool to scour web for hacked data ***
---------------------------------------------
"A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards. Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin. Or it could scour Stack Exchange for intellectual property code
---------------------------------------------
http://www.itnews.com.au/News/324176,sysadmin-creates-tool-to-scour-web-for…
*** Vuln: Tor Remote Denial of Service Vulnerability ***
---------------------------------------------
Tor Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56675
*** Yahoo zero day exploit goes on sale for $700 ***
---------------------------------------------
"A hacker has begun selling what they claim is a zero-day exploit that will let criminals hijack control of Yahoo Mail users accounts. The hacker, who goes by the moniker TheHell, posted a video marketing a $700 exploit kit on the secretive Darkode cybercrime market on Monday. The video was later spotted and re-posted onto YouTube by security blogger Brian Krebs."Im selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers...."
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2227722/yahoo-zero-day-exploit-goes-on-sale-…
*** DNS servers filled with wrong Kool-Aid, big names waylaid in Romania ***
---------------------------------------------
Microsoft, Yahoo!, Google, PayPal all graffitid A hacker today redirected web surfers looking for Yahoo, Microsoft or Google to a page showing a TV test card by apparently poisoning Googles public DNS system.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/28/google_roma…