=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 24-01-2013 18:00 − Freitag 25-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Web server hackers install rogue Apache modules and SSH backdoors, researchers say ***
---------------------------------------------
"A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users. The hackers are replacing all of the SSH binary files on the compromised servers with backdoored versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from Web security firm Sucuri
---------------------------------------------
http://www.computerworld.com.au/article/451689/web_server_hackers_install_r…
*** Playing chess with APTs ***
---------------------------------------------
During a briefing from the top security analyst at one of the
Washington-area cyber centers, I got the idea that resisting targeted
attacks from sophisticated adversaries (so-called advanced persistent
threats, or APTs) is a bit like playing chess at the grand master level.
---------------------------------------------
http://blogs.gartner.com/dan-blum/2012/12/28/playing-chess-with-apts-2/
*** Silly gits upload private crypto keys to public GitHub projects ***
---------------------------------------------
Amazing what you can find searching for BEGIN RSA PRIVATE KEY Scores of programmers uploaded their private cryptographic keys to public source-code repositories on GitHub, exposing their login credentials to world+dog. The discovery was made just before the website hit the kill switch on its search engine or, more likely, the service collapsed under the weight of curious users trawling for the sensitive data.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/25/github_ssh_…
*** Are Cyber Criminals Using Plus-Sized Malware To Fool AV? ***
---------------------------------------------
"Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well. After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that theyre seeing just the opposite: simple malware wrapped within obscenely large executables in one case, over 200 megabytes...."
---------------------------------------------
http://securityledger.com/are-cyber-criminals-using-plus-sized-malware-to-f…
*** Identifying People from their Writing Style ***
---------------------------------------------
"Its called stylometry, and its based on the analysis of things like word choice, sentence structure, syntax and punctuation. In one experiment, researchers were able to identify 80% of users with a 5,000-word writing sample. More Information: -http://www...."
---------------------------------------------
http://www.schneier.com/blog/archives/2013/01/identifying_peo_3.html
*** Vulnerability Scans via Search Engines (Request for Logs) ***
---------------------------------------------
We had a reader this week submit the following web log to us: GET /geography/slide.php?image_name=Free+gay+black+moviesslide_file= script%E2%84%91_id=0+union+select+0x3f736372aca074200372 HTTP/1.1 The request, as you can probably tell, is an attempt to detect SQL Injection and likely XSS vulnerabilities. As such, it isnt really all that special. What makes this more interesting is the fact that it came from Microsoft +http://www.bing.com/bingbot.html) Client IP Address: 157.55.52.58 This
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15010&rss
*** Inside the Gozi Bulletproof Hosting Facility ***
---------------------------------------------
Nate Anderson at Ars Technica has a good story about how investigators tracked down "Virus," the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, Ive been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had.Related Posts:Three Charged in Connection with Gozi
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/u48Al_9RZnE/
*** China Accused Of Java, IE Zero Day Attacks ***
---------------------------------------------
"Recently disclosed vulnerabilities in Java and Internet Explorer have been used in targeted attacks that appear to be aimed at critics of the Chinese government. Tuesday, Jindrich Kubec, director of threat intelligence for Prague-based antivirus software developer Avast, reported that multiple websites had been compromised by attackers and used to infect visitors via JavaScript drive-by attacks. If successful, the attacks infected PCs with a remote access Trojan (RAT), thus giving
---------------------------------------------
http://www.informationweek.com/security/attacks/china-accused-of-java-ie-ze…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 23-01-2013 18:00 − Donnerstag 24-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Cisco Prime LAN Management Solution Command Execution Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Prime LAN Management Solution (LMS) Virtual Appliancecontains a vulnerability that could allow an unauthenticated, remoteattacker to execute arbitrary commands with the privileges of the root user. Thevulnerability is due to improper validation of authentication andauthorization commands sent to certain TCP ports. An attackercould exploit this vulnerability by connecting to the affected systemand sending
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Prime LAN Management Solution Command Execution Vulnerability&vs_k=1
*** Phisher missbrauchen URL-Weiterleitung der Arbeitsagentur ***
---------------------------------------------
PayPal-Phishing ist ein alter Hut. Neu ist, dass die Phishing-Links auf Arbeitsagentur.de zeigen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27d32215/l/0L0Sheise0Bde0Cmel…
*** Megas erster Krypto-Fauxpas ***
---------------------------------------------
Ein eigentlich cleveres Konzept zum Nachladen von Code entpuppt sich als potentielle Hintertür, weil dabei ungeeignete Krypto-Funktionen zum Einsatz kommen. So könnten Dritte Teile des Mega-Codes manipulieren.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27d24431/l/0L0Sheise0Bde0Cmel…
*** DNS attacks increase by 170% ***
---------------------------------------------
"Radware identified a number of new attack methods representative of todays increasingly sophisticated and severe DDoS threat. Their latest report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. While security organizations have focused their efforts and attention on the pre and post-phases of defense, attackers now launch prolonged attacks that last days or weeks...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14285
*** Most exploit kits originated in Russia, say researchers ***
---------------------------------------------
"58 percent of the vulnerabilities targeted by the most popular exploit kits in Q4 were more than two years old and 70 percent of exploit kits reviewed were released or developed in Russia, reveals Solutionary SERTs Q4 2012 Quarterly Research Report. In reviewing 26 commonly used exploit kits, SERT identified exploit code dating as far back as 2004, serving as evidence that old vulnerabilities continue to prove fruitful for cyber criminals. The fact that 58 percent of the vulnerabilities
---------------------------------------------
http://www.net-security.org/secworld.php?id=14286
*** Most US banks were DDoSed last year - survey ***
---------------------------------------------
One in 10 banking IT bods say budget constraints an issue Nearly two-thirds of retail banks experienced at least one distributed denial of service (DDoS) attack in the past year, according to a new survey.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/24/ddos_survey…
*** Malware - USA sind Botnet-Standort Nummer Eins ***
---------------------------------------------
Mehr Zombie-Rechner-Netzwerke als in China und Russland zusammen.
---------------------------------------------
http://derstandard.at/1358304537265/USA-sind-Botnet-Standort-Nummer-Eins
*** Spammer entdecken WhatsApp ***
---------------------------------------------
Spammer missbrauchen den beliebten Messaging-Dienst WhatsApp derzeit offenbar verstärkt als Transportmittel für ihre dubiosen Werbebotschaften.
---------------------------------------------
http://www.heise.de/meldung/Spammer-entdecken-WhatsApp-1790526.html/from/at…
*** New Trojan fakes search results ***
---------------------------------------------
January 15, 2013 Russian anti-virus company Doctor Web is warning users about a malicious program dubbed BackDoor.Finder which fakes search result pages and redirects browsers to bogus websites. When launched in an infected system, BackDoor.Finder creates a copy of itself in the current users % APPDATA% folder and makes corresponding changes in the branch of the Windows registry responsible for application startup. After that this malware injects its code into all running processes. If it
---------------------------------------------
http://news.drweb.com/show/?i=3218&lng=en&c=9
*** Backdoors Found in Barracuda Networks Gear ***
---------------------------------------------
A broad variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.Related Posts:Amnesty International Site Serving Java ExploitNew
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/OyYLL3kGjlo/
*** Update-Probleme mit Microsofts Gratis-Virenscanner ***
---------------------------------------------
Auf einigen Systemen aktualisieren die Microsoft Security Essentials seit einigen Tagen ihre Signatur nicht mehr selbstständig. Abhilfe schafft das manuelle Einspielen eines Signaturpakets.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27dc0058/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 22-01-2013 18:00 − Mittwoch 23-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Have a Wi-Fi-Enabled Phone? Stores Are Tracking You ***
---------------------------------------------
jfruh writes "Call it Google Analytics for physical storefronts: if youve got a phone with wi-fi, stores can detect your MAC address and track your comings and goings, determining which aisles you go to and whether youre a repeat customer. The creator of one of the most popular tracking software packages says that the addresses are hashed and not personally identifiable, but it might make you think twice about leaving your phone on when you head to the mall." Read more of this
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RGkVUafw2-M/story01.htm
*** Skype becomes a malware minefield ***
---------------------------------------------
"Skype users should be careful when using the service these days. First CSIS researchers unearthed a campaign misusing Skype to replicate and spread the Shylock banking Trojan with a plugin called msg. gsm that, when it was first spotted five days ago, was detected by none of the AV solutions used by VirusTotal...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2383
*** Red October spy ring also used "Rhino" Java exploit ***
---------------------------------------------
"A cyber espionage campaign that was recently unearthed by researchersused a now-patched vulnerability in Java software as another tool to exploit victims machines. Security firm Seculert published a blog post Tuesday saying that the "Red October" spy campaign, in addition to leveraging weaknesses in Microsoft Office, also spread malware by taking advantage of a Java flaw in the Rhino Script Engine, CVE-2011- 3544, fixed in October 2011. After investigating the
---------------------------------------------
http://cyberwarzone.com/red-october-spy-ring-also-used-rhino-java-exploit
*** Paypal.com Blind SQL Injection ***
---------------------------------------------
Topic: Paypal.com Blind SQL Injection Risk: Medium Text:Title: Paypal Bug Bounty #18 - Blind SQL Injection Vulnerability Date: == 2013-01-22 References: == http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/7mPYfOLfMHQ/WLB-20…
*** DDoS Attacks as Constitutional Problem: Germanys Experience ***
---------------------------------------------
"A distributed denial of service (DDoS) attack targets a computer systems resources by flooding it with requests beyond its capacity in hopes of negatively impacting its functionality. Does society consider DDoS attacks a legitimate form of protest? When an anonymously posted petition appeared on the White Houses We the People page and advocated the legalization of DDoS attacks most commentators didnt look to kindly at the idea...."
---------------------------------------------
http://blog.cyveillance.com/general-cyberintel/right-to-bear-low-orbit-ion-…
*** SCADA Password-Cracking Tool For Siemens S7 PLCs Released ***
---------------------------------------------
FROM: Matthias Fraidl <fraidl(a)cert.at>
http://www.darkreading.com/vulnerability-management/167901026/security/vuln…
---------------------------------------------
/taranis/mod_assess/show_mail.pl?id=2361
*** Beware of fake Java updates ***
---------------------------------------------
"Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime. The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11. jar" that contains two
---------------------------------------------
http://reviews.cnet.com/8301-13727_7-57565035-263/beware-of-fake-java-updat…
*** Twitter flaw gave private message access to third-party apps, researcher says ***
---------------------------------------------
"Users who signed into third-party Web or mobile applications using their Twitter accounts might have given those applications access to their Twitter private "direct" messages without knowing it, according to Cesar Cerrudo, the chief technology officer of security consultancy firm IOActive. The issue is the result of a flaw in Twitters API (application programming interface) that led to users not being properly informed about what permissions an application will have on their
---------------------------------------------
http://www.computerworld.com/s/article/9236024/Twitter_flaw_gave_private_me…
*** Multiple Vulnerabilities in Cisco Wireless LAN Controllers ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! The Cisco Wireless LAN Controller (Cisco WLC) product family is affected by the following four vulnerabilities: Cisco Wireless LAN Controllers Wireless Intrusion Prevention System (wIPS) Denial of Service Vulnerability Cisco Wireless LAN Controllers Session Initiation Protocol Denial of Service Vulnerability Cisco Wireless LAN Controllers HTTP Profiling Remote Code Execution Vulnerability Cisco Wireless LAN
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Multiple Vulnerabilities in Cisco Wireless LAN Controllers&vs_k=1
*** Three Men Charged in Connection with Gozi Trojan ***
---------------------------------------------
Federal investigators are expected to announce today criminal charges against three men alleged to be responsible for creating and distributing the Gozi Trojan, an extremely sophisticated strain of malicious software that was sold to cyber crooks and was tailor-made to attack specific financial institutions targeted by each buyer. According to charging documents filed in the U.S. [...]Related Posts:New Findings Lend Credence to Project BlitzkriegU.S. Charges 37 Alleged Money Mules19 Arrested in
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/2TTqn06NSJo/
*** Summary for January 2013 - Version: 3.0 ***
---------------------------------------------
With the release of the security bulletins for January 2013, this bulletin summary replaces the bulletin advance notification originally issued January 3, 2013 and the out-of-band advance notification issued January 13, 2013.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
*** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57416
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 21-01-2013 23:28 − Dienstag 22-01-2013 23:28
Handler: L. Aaron Kaplan
Co-Handler: Christian Wojner
*** Vuln: libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability ***
---------------------------------------------
libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54270
*** First Google wants to know all about you, now it wants a RING on your finger ***
---------------------------------------------
For those whove always wanted to give the web giant the finger Top Google bods are mulling over using cryptographic finger-ring gadgets and other ways for users to securely log into websites and other services.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/21/google_pass…
*** Linksys WRT54GL CSRF Attacke ***
---------------------------------------------
Linksys WRT54GL CSRF Attacke21. Jänner 2013Wir bitten um Beachtung folgender CSRF Attacke gegen den allseits beliebten und weit verbreiteten Linksys WRT54GL:http://www.securityfocus.com/archive/1/525368/30/0/threadedWir haben in Oesterreich derzeit laut Shodan mindestens 1065 betroffene Linksysen, die direkt via Internet ansprechbar sind (also mit Admin Interface auf einer public IP). Der WRT54GL ist ein Dauerrenner bei WLAN Routern und durchaus weit verbreitet. (quelle:
---------------------------------------------
http://www.cert.at/services/blog/20130121222847-705.html
*** The LulzSec Press Twitter Account Hacked And Exposed By Indonesian Hacker Hmei7 ***
---------------------------------------------
"Indonesian hacker going by the name of Hmei7 published a document on pastebin,exposing @TheLulzSecPress, by stating they they have been stealing others hack. The document has been well organised,giving an introduction section followed by Hacking Incidents analysis,where comparison was made between original hacks of some genuine hackers and the stolen hacks by thelulzsecpress. A total of 5 issues were compared which hmei7 has been naming as FAIL NO...."
---------------------------------------------
http://riduan-anonymous.blogspot.in/2013/01/the-lulzsec-press-twitter-accou…
*** [SECURITY] [DSA 2611-1] movabletype-opensource security update ***
Debian Security Advisory DSA-2611-1 security(a)debian.org
http://www.debian.org/security/ Yves-Alexis Perez
January 22, 2013 http://www.debian.org/security/faq
*** Operation Red October Attackers Wielded Spear Phishing ***
---------------------------------------------
"The Red October malware network is one of the most advanced online espionage operations thats ever been discovered. Thats the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October--"Rocra" for short--in October 2012."The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North
---------------------------------------------
http://www.informationweek.com/security/attacks/operation-red-october-attac…
*** DHS: Industrial control systems subject to 200 attacks in 2012 ***
---------------------------------------------
"A DHS report released last week revealed that industrial control systems, which are used to monitor and control critical infrastructure facilities, were hit with 198 documented cyberattacks in 2012, and that many of these attacks were serious. Forty percent of those attacks were on energy firms, according to the Industrial Control Systems (ICS) and Cyber Emergency Response Team (CERT), which reviewed every incident. Water utilities came in second, with 15 percent of the attacks focused on
---------------------------------------------
http://www.homelandsecuritynewswire.com/dr20130114-dhs-industrial-control-s…
*** Google bezahlt für Daten-Traffic an Orange ***
---------------------------------------------
Der französische Mobilfunkbetreiber Orange hat mit Google einen Vertrag darüber geschlossen, wonach Google für den Transport der Daten des Video-Portals YouTube zahlt. Das französische Regierung will mit Google zudem über eine "Internet-Steuer" für die Sammlung persönlicher Daten verhandeln.
---------------------------------------------
http://futurezone.at/b2b/13616-google-bezahlt-fuer-daten-traffic-an-orange.…
*** Vuln: Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability ***
---------------------------------------------
Cisco VPN Client for Windows CVE-2012-5429 Local Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57483
*** Spent Fuel Pool ***
---------------------------------------------
Spent Fuel Pool What if I took a swim in a typical spent nuclear fuel pool? Would I need to dive to actually experience a fatal amount of radiation? How long could I stay safely at the surface? Assuming you're a reasonably good swimmer, you could probably survive treading water anywhere from 10 to 40 hours. At that point, you would black out from fatigue and drown. This is also true for a pool without nuclear fuel in the bottom.Spent fuel from nuclear
---------------------------------------------
http://what-if.xkcd.com/29/
*** iOS 6 jailbreak nearly there, say iPhone hackers ***
---------------------------------------------
"Two iPhone hackers hinted theyre making progress towards developing a new jailbreak for the latest version of Apples mobile operating system. One of the hackers, who goes by "@pod2g" on Twitter, said yesterday that they found two "new vulnerabilities in a day," but whats missing is an "initial code execution" for a public jailbreak. Pod2g is working with David Wang, known as "@planetbeing" on Twitter, to develop a way to remotely exploit iOS 6,
---------------------------------------------
http://news.techworld.com/security/3421528/ios-6-jailbreak-nearly-there-say…
*** Security researchers cripple Virut botnet ***
---------------------------------------------
"Many of the domain names used by a cybercriminal gang to control computers infected with the Virut malware were disabled last week in a coordinated takedown effort, Spamhaus, an organization dedicated to fighting spam, announced Saturday. The Virut malware spreads by inserting malicious code into clean executable files and by copying itself to fixed, attached and shared network drives. Some variants also infects HTML, ASP and PHP files with rogue code that distributes the threat...."
---------------------------------------------
http://www.computerworld.com/s/article/9235991/Security_researchers_cripple…
*** SOL14138: XML External Entity Injection (XXE) from authenticated source CVE-2012-2997 ***
---------------------------------------------
http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html
---------------------------------------------
*** Netzpolitik - Deutschland plant Firmen-Meldepflicht für Cyber-Angriffe ***
---------------------------------------------
Neuer Gesetzentwurf sieht Prüfung der Sicherheitsstandards vor
---------------------------------------------
http://derstandard.at/1358304341673/Deutschland-plant-Firmen-Meldepflicht-f…
*** Bugtraq: [SECURITY] [DSA 2611-1] movabletype-opensource security update ***
---------------------------------------------
[SECURITY] [DSA 2611-1] movabletype-opensource security update
---------------------------------------------
http://www.securityfocus.com/archive/1/525380
*** Red October closes as Kaspersky publishes more details ***
---------------------------------------------
"Almost as soon as Kaspersky began publishing details about the Red October cyberespionage network, the command and control systems behind the apparently five-year-old digital spying ring began closing down. According to a posting on Kasperskys threatpost, the researchers who exposed the network on Monday say that "not only [are] the registrars killing the domains and the hosting providers killing the command-and-control servers but perhaps the attackers shutting down the whole
---------------------------------------------
http://www.h-online.com/security/news/item/Red-October-closes-as-Kaspersky-…
*** Vuln: Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57416
=======================
= End-of-Shift report =
=======================
Timeframe: Samstag 19-01-2013 18:18 − Montag 21-01-2013 18:18
Handler: L. Aaron Kaplan
Co-Handler: Christian Wojner
*** Android Botnet Infects 1 Million Plus Phones ***
---------------------------------------------
Trailrunner7 writes "Up to a million Android users in China could be part of a large mobile botnet, according to research unveiled by Kingsoft Security, a Hong Kong-based security company, this week. The botnet has spread across phones running the Android operating system via Android.Troj.mdk, a Trojan that researchers said exists in upwards of 7,000 applications available from non-Google app marketplaces, including the popular Temple Run and Fishing Joy games." Update: 01/19 12:54
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QL1JqKgnwOU/story01.htm
*** In Syria, the Cyberwar Intensifies ***
---------------------------------------------
"The front pages have been dominated for more than a year by photos of young Syrian rebel fighters, armed and proud, battling an increasingly isolated Syrian military. But amid the shooting, the atrocities and the bombings, there is a parallel war a sophisticated cyber insurgency battling a shadowy team working on behalf of the Assad regime. The Syrians online conflict may be the most active cyberwar in recent memory, with extraordinary efforts by both sides to sabotage, disrupt and
---------------------------------------------
http://www.defensenews.com/article/20130118/C4ISR01/301180018/In-Syria-Cybe…
*** Malware shuts down US power company ***
---------------------------------------------
"A computer virus attacked a turbine control system at a US power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a US government website. The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident...."
---------------------------------------------
http://articles.timesofindia.indiatimes.com/2013-01-17/security/36393196_1_…
*** Vuln: Oracle MySQL Server Heap Overflow Vulnerability ***
---------------------------------------------
Oracle MySQL Server Heap Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56768
*** Beware: malware masquerading as Java patch ***
---------------------------------------------
"Opportunist hackers are capitalising on fears over Java vulnerabilities by spreading malware posing as patches for the under fire computer platform. Oracle has endured a torrid week over Javas security, having already issued Update 11 to fix critical flaw CVE-2013-0422 a threat deemed serious enough for the US Department of Homeland Security to recommend that users completely disable Java from their computers...."
---------------------------------------------
http://www.itproportal.com/2013/01/18/beware-malware-masquerading-java-patc…
*** Hackers Leak 1.7 GB of Data from Azerbaijans Special State Protection Service ***
---------------------------------------------
"The information leaked by the hacktivists doesnt belong only to the Special State Protection Service, but also to other organizations linked to it, including ING Geneva, Sumato Energy, BNP Paribas, Taurus Petroleum and even security solutions provider Prolexic. The hackers say the files contain passport scans, reports, confidential shareholder documents, account statements, letters of credit, and details of oil drilling technologies. At the beginning of January, the hackers leaked
---------------------------------------------
http://news.softpedia.com/news/Hackers-Leak-1-7-GB-of-Data-from-Azerbaijan-…
*** Google zahlt Durchleitungsentgelte an Orange ***
---------------------------------------------
http://www.heise.de/meldung/Google-zahlt-Durchleitungsentgelte-an-Orange-17…
*** Google will Passwörter durch Ring ersetzen ***
---------------------------------------------
Google testet derzeit Möglichkeiten die klassische Passworteingabe durch Hardware abzulösen. So könnte man sich zukünftig per USB-Stick in sein Google-Konto anmelden. Auch eine NFC-Lösung mittels Ring am Finger wäre für Google denkbar.
---------------------------------------------
http://futurezone.at/future/13609-google-will-passwoerter-durch-ring-ersetz…
*** Netzpolitik - Webadresse von Kärntner Jugendreferat führte zu Pornoseite ***
---------------------------------------------
Hackerangriff vermutet - Problem mittlerweile behoben
---------------------------------------------
http://derstandard.at/1358304202191/Webadresse-von-Kaerntner-Jugendreferat-…
*** Shylock banking malware spreads via Skype ***
---------------------------------------------
"The banking Trojan known as Shylock has been updated with new functionality, including the ability to spread over Skype. The program was discovered in 2011 that steals online banking credentials and other financial information from infected computers. Shylock, named after a character from Shakespeares "The Merchant of Venice"...."
---------------------------------------------
http://thehackernews.com/2013/01/shylock-banking-malware-spreads-via.html?u…
*** Arguing Against Voluntary Standards - CEOs See Provisions over Infosec Standards as Distraction ***
---------------------------------------------
"The idea of the U.S. federal government and industry jointly developing IT security best practices will do little to help critical infrastructure operators defend against cyber-risk, says Business Roundtable Vice President Liz Gasster. "It makes an underlying assumption that the point of best practices will, in fact, be effective in addressing cybersecurity risk," Gasster says in an interview with Information Security Media Group. "And that while best practices are a useful
---------------------------------------------
http://www.healthcareinfosecurity.com/interviews/arguing-against-voluntary-…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 17-01-2013 18:00 − Freitag 18-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Linksys vuln: Cisco responds ***
---------------------------------------------
Working on fix for WRT54GL router Cisco has identified the Linksys router affected by the vulnerability published by DefenseCode on January 14...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/17/cisco_respo…
*** Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting ***
---------------------------------------------
Topic: Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting Risk: Low Text:: + Vendor info Anti-Spam SMTP Proxy Server 2.2.1 => Cross Site Scripting (CWE-79) http://sourceforge.net/projects/assp/ ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/l6FeQIUUAbY/WLB-20…
*** Vuln: Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability ***
---------------------------------------------
Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57445
*** Outbank 2 mit Passwort-Leck ***
---------------------------------------------
Die Mac-Version der neuen Banking-Software legt das Programmkennwort in einer Standard-Logdatei ab – unverschlüsselt. Ein Update steht noch aus.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27a7a138/l/0L0Sheise0Bde0Cmel…
*** Why the Java threat rang every alarm ***
---------------------------------------------
"If the IT industry had a color-coded threat-level advisory system, the alerts would have spiked to red this week -- and in a way they did when the Department of Homeland Security, no less, urged users to disable or uninstall Java because of a serious security vulnerability. Judging by the ensuing avalanche of ink (mea culpa for adding to the pileup), you might think this attack took the industry by surprise. Far from it -- as Twitter engineer and security expert Charlie Miller told...
---------------------------------------------
http://www.infoworld.com/t/security/why-the-java-threat-rang-every-alarm-21…
*** Bugtraq: CVE-2012-6452 Axway Secure Messenger Username Disclosure ***
---------------------------------------------
CVE-2012-6452 Axway Secure Messenger Username Disclosure
---------------------------------------------
http://www.securityfocus.com/archive/1/525346
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 16-01-2013 18:00 − Donnerstag 17-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Vuln: HP PKI ActiveX Control Denial of Service Vulnerability ***
---------------------------------------------
HP PKI ActiveX Control Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51341
*** Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass ***
---------------------------------------------
Topic: Drupal Core 6.x / 7.x Cross Site Scripting & Access Bypass Risk: High Text:View online: http://drupal.org/SA-CORE-2013-001 * Advisory ID: DRUPAL-SA-CORE-2013-001 * Project: Drupal core [1] * ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Vol8aq1w-iY/WLB-20…
*** Yet ANOTHER Java zero-day claimed - but this time youre laughing, right? ***
---------------------------------------------
"Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit. This one, it seems, targets an exploitable vulnerability even in Oracles most recent release, Version 7 Update 11, also known as 7u11. Details of the exploit are sketchy, because the underworld is playing this one very close to its chest...."
---------------------------------------------
http://nakedsecurity.sophos.com/2013/01/17/yet-another-java-zero-day-claime…
*** Heads-Up - Security Researchers Expose X-ray Machine Bug ***
---------------------------------------------
"A pair of researchers best known for poking holes in industrial control systems (ICS) products found that medical devices suffer similar security woes after they were able to easily hack into a Philips x-ray machine. Terry McCorkle and Billy Rios, both of Cylance, here today demonstrated how a rudimentary fuzzer they wrote basically gave them privileged user status on the XPER x-ray machine. The machine has inherently weak remote authentication...."
---------------------------------------------
http://www.darkreading.com/vulnerability-management/167901026/security/atta…
*** Novell schließt gefährliche Lücke in eDirectory-Server ***
---------------------------------------------
Novell hat einen Patch für seinen eDirectory-Server bereitgestellt, der einen möglichen Pufferüberlauf beseitigt. Angreifern hätte die Lücke das Erlangen von Administrator-Rechten auf dem Zielrechner ermöglicht...
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/279f3d9d/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 15-01-2013 18:00 − Mittwoch 16-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** When Disabling IE6 (or Java, or whatever) is not an Option..., (Tue, Jan 15th) ***
---------------------------------------------
Were getting a whole lot of bad advice regarding the latest crop of vulnerabilities. Folks are saying things like disable Java, or Migrate away from IE6/7/8, or even Migrate to IE10 or Firefox. While these will certainly mitigate the current vulnerability, its often not a practical way to go. If you pick the right week, almost anything could be your target disable that component - everyone has a zero day at one time or another. Specific to this weeks issues, there are lots of business...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14947&rss
*** January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck ***
---------------------------------------------
Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/01/15/january-2013-out-of-band…
*** Bugtraq: Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability ***
---------------------------------------------
Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525317
*** Oracles Januar-Patches schließen 86 Lücken ***
---------------------------------------------
Mit dem jetzt veröffentlichten regulären Critical Patch Update behebt Oracle unter anderem 24 Sicherheitslücken in seinen Datenbankprodukten, davon 18 in MySQL. Einige davon ließen sich übers Netz ohne Anmeldung ausnutzen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27929ccc/l/0L0Sheise0Bde0Cmel…
*** Security hotfix released for ColdFusion (APSB13-03) ***
---------------------------------------------
Today, a Security Bulletin (APSB13-03) has been posted in regards to a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the security bulletin. This posting is provided “AS IS” with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2013/01/security-hotfix-released-for-coldfusio…
*** Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! A vulnerability in Cisco Adaptive Security Appliance (ASA) Software for the Cisco ASA 1000V Cloud Firewall may cause the Cisco ASA 1000V to reload after processing a malformed H.323 message. Cisco ASA 1000V Cloud Firewall is affected when H.323 inspection is enabled.Cisco has released free software updates that address this vulnerability.This advisory is posted at the following...
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 14-01-2013 18:00 − Dienstag 15-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Bugtraq: Updated - CA20121018-01: Security Notice for CA ARCserve Backup ***
---------------------------------------------
Updated - CA20121018-01: Security Notice for CA ARCserve Backup
---------------------------------------------
http://www.securityfocus.com/archive/1/525303
*** Cyber Security Bulletin (SB13-014) - Vulnerability Summary for the Week of January 7, 2013 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB13-014.html
*** DefenseCode turns up Linksys zero-day ***
---------------------------------------------
World awaits patch With more than 70 million home networking devices in service, a zero-day for Linksys has a very wide reach. According to DefenseCode, an information security consultancy that’s just what turned up in a recent product evaluation for a client.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/14/cisco_links…
*** Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow ***
---------------------------------------------
Topic: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow Risk: High Text: Title: Novell NCP Pre-Auth Remote Stack-Based Buffer Overflow. Author: David Klein (davi...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013010133
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 11-01-2013 18:00 − Montag 14-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header ***
---------------------------------------------
Topic: Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header Risk: High Text:Summary = Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013010107
*** Java SE 5/6/7 critical security issue ***
---------------------------------------------
Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2012090223
*** Sysinternals Updates, (Sun, Jan 13th) ***
---------------------------------------------
A handlers shift usually doesnt go by without Roseman writing in telling us that Microsoft have released another Sysinternals update and today is one of those days. A couple of days has passed since Microsoft announced: Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12: This Procdump update fixes a bug introduced in v5.11...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14926&rss
*** ICS-CERT berichtet von Viren-Infektionen bei US-Stromversorgern ***
---------------------------------------------
Über USB-Sticks werden die industriellen Steuerungssysteme eines US-Stromversorgers und eines Elektrizitätswerks mit Schadsoftware infiziert. Das ICS-CERT begrenzt den Schaden. Das "Project Shine" kann auf Schwachstellen aufmerksam machen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/277bb6fc/l/0L0Sheise0Bde0Cmel…
*** Microsoft to release emergency Internet Explorer patch on Monday ***
---------------------------------------------
"Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem. The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victims computer if the person merely visits the website...."
---------------------------------------------
http://www.computerworld.com.au/article/446389/microsoft_release_emergency_…
*** Vuln: Qt QSslSocket::sslErrors() Certificate Validation Security Weakness ***
---------------------------------------------
Qt QSslSocket::sslErrors() Certificate Validation Security Weakness
---------------------------------------------
http://www.securityfocus.com/bid/57162
*** Heads-Up - Oracle Critical Patch Update Pre-Release Announcement - January 2013 ***
---------------------------------------------
"DescriptionThis Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2013, which will be released on Tuesday, January 15, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities...."
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
*** Emergency patch for Java fails to fix cybercrime holes, warn experts ***
---------------------------------------------
ORACLE released an emergency update to its Java software for surfing the
Web last night, but security experts said the update fails to protect
PCs from attack by hackers intent on committing cyber crimes.
---------------------------------------------
http://www.independent.ie/business/technology/emergency-patch-for-java-fail…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 10-01-2013 18:00 − Freitag 11-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** European Cybercrime Centre opens for business ***
---------------------------------------------
"The European Cybercrime Centre (EC3) will officially start operating on 11 January with a mission to protect European citizens and businesses from cybercrime. "Cybercriminals are smart and quick in using new technologies for criminal purposes; the EC3 will help us become even smarter and quicker to help prevent and fight their crimes" said European Commissioner for Home Affairs Cecilia Malmstrm at the launch of the EC3 project ahead of the official opening of the centre at...
---------------------------------------------
http://www.h-online.com/security/news/item/European-Cybercrime-Centre-opens…
*** Bugtraq: DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit ***
---------------------------------------------
DefenseCode Security Advisory (UPCOMING): Cisco Linksys Remote Preauth 0day Root Exploit
---------------------------------------------
http://www.securityfocus.com/archive/1/525269
*** Bugtraq: Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee) ***
---------------------------------------------
Detailed examples of two vulnerabilities in whitelisting software: SE46 (Cryptzone) and Application Control (McAfee)
---------------------------------------------
http://www.securityfocus.com/archive/1/525268
*** What Else runs Telnets? Or, Pentesters Love Video Conferencing Units Too!, (Thu, Jan 10th) ***
---------------------------------------------
As a side note to todays iSeries / Mainframe story, and a follow-up to one I wrote last year (https://isc.sans.edu/diary/12103), another thing Im seeing is more and more on telnets (tcp port 992 - https://isc.sans.edu/port.html?port=992) is voice gateway and videoconferencing unit problems. Specifically, when scanning for port tcp/992, you will likely run across more videoconferencing systems than mainframes. Theyll often show up with less fingerprinting than the SNA platforms we discussed,...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14902&rss
*** HPSBMU02838 SSRT100789 rev.1 - HP Serviceguard on Linux, Remote Denial of Service (DoS) ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03621178
*** TYPO3-EXT-SA-2013-001: Several vulnerabilities in third party extensions ***
---------------------------------------------
Several vulnerabilities have been found in the following third-party
TYPO3 extensions: news, onetimeaccount, phpunit, div2007, t3mootools,
t3jquery, oneclicklogin
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-…
*** .NET-Update beeinträchtigt Windows Server 2012 ***
---------------------------------------------
Ein seit Dienstag ausgeliefertes Update für die .NET-Laufzeitumgebung 4.5 führt unter Windows Server 2012 zu Problemen mit dem Failover Cluster Manager. Microsoft hat das Problem bereits bestätigt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/276e67d9/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 09-01-2013 18:00 − Donnerstag 10-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability ***
---------------------------------------------
GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57188
*** Police Arrest Alleged ZeuS Botmaster “bx1″ ***
---------------------------------------------
A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed "bx1," a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/D_NUNHSTfy8/
*** Zero-Day Java Exploit Debuts in Crimeware ***
---------------------------------------------
The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/x8J2sRZ5128/
*** Vuln: Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability ***
---------------------------------------------
Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57113
*** Web Application Vulnerability Statistics of 2012 ***
---------------------------------------------
"With years of experience and valuable insights from our cloud based application security testing, we thought of conducting a study to discover the prevailing website vulnerability trends. The study is based on our original research on more than 5000 tests covering 300+ customers distributed globally. How was the study conducted?..."
---------------------------------------------
http://www.ivizsecurity.com/blog/penetration-testing/web-application-vulner…
*** Exploit für Ruby on Rails im Umlauf ***
---------------------------------------------
Die Sicherheitslücke in Ruby-On-Rails erweist sich als akut gefährlich; erste Exploits sind im Umlauf und Berichte über gekaperte Web-Server laufen ein. Administratoren sollten dringend handeln.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2763d32a/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 08-01-2013 18:00 − Mittwoch 09-01-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Serious Password Reset Hole In Accellion Secure FTP ***
---------------------------------------------
chicksdaddy writes "A security researcher who was looking for vulnerabilities in Facebooks platform instead stumbled on a much larger hole that could affect scores of firms who rely on a secure file transfer platform from Accellion. Writing on his blog on Monday, Israeli researcher Nir Goldshlager said he discovered the password reset vulnerability while analyzing a Accellion deployment that is used, internally, by Facebook employees. Goldshlager used public knowledge of the Accellion...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/BpSzZxCpN3k/story01.htm
*** Microsoft Updates for Multiple Vulnerabilities ***
---------------------------------------------
The Microsoft Security Bulletin Summary for January 2013 describes
multiple vulnerabilities in Microsoft software. Microsoft has
released updates to address the vulnerabilities.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
*** Adobe Security Bulletins Posted ***
---------------------------------------------
Today, we released the following Security Bulletins: APSB13-01 Security updates available for Adobe Flash Player APSB13-02 Security updates available for Adobe Reader and Acrobat Customers of the affected products should consult the relevant Security Bulletin(s) for details. This posting is provided "AS IS" with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2013/01/adobe-security-bulletins-posted-4.html
*** Experts Identify, Analyze Botnet Used to Launch DDOS Attacks Against US Banks ***
---------------------------------------------
"Researchers have been constantly analyzing the distributed denial-of-service (DDOS) attacks launched by Izz ad-Din al-Qassam Cyber Fighters against United States financial institutions but, up until now, little was known about the resources used by the hacktivists. Incapsula, a cloud-based security and acceleration service provider, has uncovered some interesting details about the cyberattacks and the botnet that powers them after noticing that the website of a new customer was...
---------------------------------------------
http://news.softpedia.com/news/Experts-Identify-Analyze-Botnet-Used-to-Laun…
*** Mobile Browser Security: Problem Exists Between Device and Chair ***
---------------------------------------------
"Last month, a Georgia Tech study found that mobile browsers frequently left even expert users insufficient information to judge if a site was potentially dangerous, because of user interface limitations. The item that is most problematic is how SSL information is displayed. Compared to desktops, mobile browsers have far more limited ways to show if a site is using SSL...."
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-browser-s…
*** Kritische Lücken in Firefox, Thunderbird und SeaMonkey geschlossen ***
---------------------------------------------
Mit den jüngsten Updates haben die Entwickler zahlreiche Schwachstellen in den Mozilla-Programmen beseitigt. Man sollte daher sicherstellen, dass man jeweils die aktuelle Version nutzt.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2758df0f/l/0L0Sheise0Bde0Cmel…
*** First confirmed hard victim of Ruby on Rails Zero-Day Dutch DigiD Government Service. All services ***
---------------------------------------------
"After having alerted on a new SQL Injection Vulnerability in Ruby on rails on 3 january, Bricade alerted on a second, even more serious, Zero Day on 8 January. The Dutch Government DigiD Service reported today 9th of January on their website that the DigiD service was not available today. See https://www...."
---------------------------------------------
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-1…
*** Aktuelle Foxit-Reader-Version führt Schadcode aus ***
---------------------------------------------
In Browser-Plug-in des PDF-Anzeigeprogramms klafft eine hochkritische Sicherheitslücke, weshalb man es umgehend abschalten sollte.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/275a0b01/l/0L0Sheise0Bde0Cmel…
*** Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability ***
---------------------------------------------
Advisory ID: cisco-sa-20130109-lms
---------------------------------------------
Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a
vulnerability that could allow an unauthenticated, remote attacker to
execute arbitrary commands with the privileges of the root user.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 07-01-2013 18:00 − Dienstag 08-01-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Bugtraq: Chrome for Android - Cookie theft from Chrome by malicious Android app ***
---------------------------------------------
Chrome for Android - Cookie theft from Chrome by malicious Android app
---------------------------------------------
http://www.securityfocus.com/archive/1/525222
*** Bugtraq: Chrome for Android - Android APIs exposed to JavaScript ***
---------------------------------------------
Chrome for Android - Android APIs exposed to JavaScript
---------------------------------------------
http://www.securityfocus.com/archive/1/525220
*** Foxit Reader <= 5.4.4.1128 npFoxitReaderPlugin.dll Stack Buffer Overflow ***
---------------------------------------------
Topic: Foxit Reader
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/mNx5SSGJYF4/WLB-20…
*** Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities ***
---------------------------------------------
Topic: Drupal 6.x->7.18 getimagesize()
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/2AwbWS10dFQ/WLB-20…
*** Bugtraq: Facebook for Android - Information Diclosure Vulnerability ***
---------------------------------------------
Facebook for Android - Information Diclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525223
*** Symantec plays down PGP hole ***
---------------------------------------------
"Symantec has quenched fears about a vulnerability in its PGP technology. According to a Pastebin statement, the pgpwded. sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability in the handling of IOCTL 0x80022058...."
---------------------------------------------
http://news.hitb.org/content/symantec-plays-down-pgp-hole
*** ‘Value of a Hacked PC’ Graphic Goes Global ***
---------------------------------------------
The Value of a Hacked PC graphic, which I published on this blog a few months ago to explain bad guy uses for your PC, is getting a makeover. I’m honored to say that the SANS Institute, a security training group, has taken the idea and run with it as an educational tool, and is in [...]
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ehmnqBEd8q0/
*** Abgeschottetes Android für Unternehmen ***
---------------------------------------------
Eine speziell angepasste Version des Mobilbetriebssystems überwacht, was der User mit seinem Gerät tun kann – basierend auf der jeweiligen Nutzungssituation.
---------------------------------------------
http://www.heise.de/meldung/Abgeschottetes-Android-fuer-Unternehmen-1767696…
*** Vuln: OpenIPMI ipmievd Daemon PID Files Insecure File Permissions Vulnerability ***
---------------------------------------------
OpenIPMI ipmievd Daemon PID Files Insecure File Permissions Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51036
*** Vuln: PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities ***
---------------------------------------------
PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/27163
*** ENISA Names Drive-By Exploits as Biggest Emerging Threat of 2012 ***
---------------------------------------------
"The European Network and Information Security Agency (ENISA) has released its Cyber Threat Landscape analysis of 2012. The study, based on over 120 threat reports, highlights the top threats and their trends. According to the report, drive-by exploits malicious code injects used to exploit web browser vulnerabilities are the number one threat...."
---------------------------------------------
http://news.softpedia.com/news/ENISA-Names-Drive-By-Exploits-as-Biggest-Eme…
*** [webapps] - Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability ***
---------------------------------------------
Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/23968
*** Wichtiges Sicherheitsupdate für MoinMoin-Wiki ***
---------------------------------------------
Das Update auf Version 1.9.6 behebt unter anderem eine kritische Schwachstelle, die bereit aktiv von Cyber-Kriminellen ausgenutzt wird.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/274e0d0f/l/0L0Sheise0Bde0Cmel…
*** Payment Card Fraud in the European Union ***
---------------------------------------------
"The criminal market of payment card fraud (PCF) within the European Union (EU) is dominated by well structured and globally active organised crime groups (OCGs). Criminal networks have managed to affect non-cash payments in the EU to the extent that protection measures are very expensive and need to be implemented on a global level. Consequently, the use of payment cards can be inconvenient and no longer fully secure for EU cardholders...."
---------------------------------------------
https://www.europol.europa.eu/sites/default/files/publications/1public_full…
*** Angriffe auf ungepatchte ColdFusion-Lücken ***
---------------------------------------------
Adobe warnt davor, dass Cyber-Kriminelle durch bislang nicht geschlossene Sicherheitslöcher in ColdFusion-Server einsteigen. Ein passender Patch ist frühestens in einer Woche fertig.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/274f87d4/l/0L0Sheise0Bde0Cmel…
*** Bugtraq: ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability ***
---------------------------------------------
ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525229
*** [webapps] - WordPress Plugin Google Document Embedder Arbitrary File Disclosure ***
---------------------------------------------
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
---------------------------------------------
http://www.exploit-db.com/exploits/23970
*** Kritische Schwachstellen in Asterisk ***
---------------------------------------------
Digium hat einige kritische Schwachstellen in der quelloffenen Telefonanlagen-Software Asterisk geschlossen, durch die ein Angreifer Code in den Server einschleusen kann. Bei den Lücken handelt es sich um Pufferüberläufe auf dem Stack, die über die Protokolle HTTP, SIP und XMPP ausgenutzt werden können. Nur bei XMPP ist hierzu eine aktive Sitzung nötig.
---------------------------------------------
http://www.heise.de/meldung/Kritische-Schwachstellen-in-Asterisk-1779526.ht…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 04-01-2013 18:00 − Montag 07-01-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Patch for IE Zero Day Wont Be Among Microsoft Security Updates Next Week ***
---------------------------------------------
"Microsoft plans to release a pair of critical bulletins on Tuesday for its first round of 2013 monthly security updates, but still has no announcement regarding a patch for the zero day vulnerability and exploit in Internet Explorer reported over the Christmas holiday. Users are urged to apply a Fix It released Dec. 31 for the vulnerability in IE 6, 7 and 8 that was at the heart of an attack on the Council on Foreign Relations website as well as that of energy manufacturer Capstone...
---------------------------------------------
http://threatpost.com/en_us/blogs/patch-ie-zero-day-wont-be-among-microsoft…
*** Dutch Government Aims to Shape Ethical Hackers Disclosure Practices ***
---------------------------------------------
"The Dutch governments cyber security center has published guidelines that it hopes will encourage ethical hackers to disclose security vulnerabilities in a responsible way."Persons who report an IT vulnerability have an important social responsibility," the Dutch ministry of Security and Justice said on Thursday, announcing guidelines for ethical hacking that were published by the countrys National Cyber Security Center (NCSC). White-hat hackers and security researchers play an...
---------------------------------------------
http://www.cio.com/article/725400/Dutch_Government_Aims_to_Shape_Ethical_Ha…
*** FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection ***
---------------------------------------------
Topic: FreePBX 2.7.0.3 & Elastix 2.3.0 SQL injection Risk: Medium Text:# Exploit Title: SQL injection in FreePBX 2.7.0.3 / Elastix 2.3.0 # Google Dork: N/A # Date: 05/01/2013 # Exploit Author: S...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/DfqeYKHkuXM/WLB-20…
*** pfSense 2.0.1 XSS & CSRF & Command Execution ***
---------------------------------------------
Topic: pfSense 2.0.1 XSS & CSRF & Command Execution Risk: High Text: # # Exploit Title: pfSense 2.0.1 XSS & CSRF Remote root Access # Date: 04/01/2013 # Author: Yann CAM ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/1o3q8BIwTZs/WLB-20…
*** MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection ***
---------------------------------------------
Topic: MyBB Profile Wii Friend Code 1.0 Cross Site Scripting and SQL Injection Risk: Medium Text:# Exploit Title: MyBB Profile Wii Friend Code SQLi/Persistent XSS # Dork: intitle:"Profile of" intext:"Wii Friend Code" inurl:...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/lZtyzTcL-Tc/WLB-20…
*** BSI release Draft Cyber Security standard - PAS 555\ ***
---------------------------------------------
"This PAS specifies a framework for the governance and management of cyber security risk. The requirements of this PAS define the overall outcomes of effective cyber security, and include technical, physical, cultural and behavioural measures alongside effective leadership and governance. While there are many standards and guidelines available that can help tackle cyber security risk, they tend to define good practice as to how elements of effective cyber security might be...
---------------------------------------------
http://drafts.bsigroup.com/Home/Details/49890
*** Adobe ColdFusion Security Advisory, (Sat, Jan 5th) ***
---------------------------------------------
Adobe released a security advisory which identifies three vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631) affecting ColdFusion for Windows, Macintosh and Unix. They have received reports that these vulnerabilities are actively being exploited. Adobe is currently planning to release a fix for January 15, 2013. Additional information and mitigations options available here. [1] http://www.adobe.com/support/security/advisories/apsa13-01.html ----------- Guy Bruneau IPSS Inc.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14827&rss
*** Neuer Exploit für Lücke im Internet Explorer ***
---------------------------------------------
Einer Sicherheitsfirma gelang es nach eigenen Angaben, Microsofts provisorischen Patch für die kritische IE-Lücke auszutricksen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2738e1e8/l/0L0Sheise0Bde0Cmel…
*** Malware targets Java HTTP servers ***
---------------------------------------------
"A malware that strikes at Java HTTP servers and allows attackers to gain control on underlying systems has been spotted by security researchers of anti-virus vendor Trend Micro Inc. Using a password cracking tool, cybercriminals are able to login and gain manager/administrative rights allowing the deployment of Web application archive (WAR) file packages with the backdoor to the server, according to a post last Thursday on the Trend Labs. & Once done, the backdoor can now browse,
---------------------------------------------
http://www.itworldcanada.com/news/malware-targets-java-http-servers/146535
*** Symantec links latest Microsoft zero-day with skilled hacker gang ***
---------------------------------------------
"Symantec is crediting a hacker group with an impressive track record as responsible for finding the latest as yet unpatched vulnerability in older versions of Microsofts Internet Explorer browser. A gang Symantec calls the Elderwood group appears to have found the latest zero-day vulnerability in IE, which can allow a malicious website to automatically infect a persons computer.[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to...
---------------------------------------------
http://www.infoworld.com/d/security/symantec-links-latest-microsoft-zero-da…
*** Crimeware Author Funds Exploit Buying Spree ***
---------------------------------------------
"The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes. An...
---------------------------------------------
http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-sp…
*** Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability ***
---------------------------------------------
Topic: Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability Risk: Low Text: ## # # Exploit Title : Wordpress NextGEN Gallery plugin Cross-Site Scripting Vulnerability # # Author : IrI...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ESFCnSJbmkU/WLB-20…
*** Wordpress wilderness SQL injection ***
---------------------------------------------
Topic: Wordpress wilderness SQL injection Risk: Medium Text:# Exploit Title: Wordpress wilderness SQL injection # Google Dork: inurl:/wp-content/themes/wilderness/gallery.php # Date: 20...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/6WtYRSMSzoI/WLB-20…
*** Vuln: CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability ***
---------------------------------------------
CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56494
*** Sicherheit - Ubisofts Spieleplattform Uplay gehackt ***
---------------------------------------------
Spielehersteller arbeitet bereits an Lösung und ruft zu besseren Passwörtern auf
---------------------------------------------
http://derstandard.at/1356426935498/Ubisofts-Spieleplattform-Uplay-gehackt
*** Google, Yahoo, Microsoft und Amazon anfällig für Clickjacking ***
---------------------------------------------
Ein Sicherheitsforscher demonstriert an populären Webseiten wie Amazon, Google, Yahoo und Microsoft Live, dass viele Webseiten immer noch schlecht gegen Clickjacking geschützt sind.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/274546ad/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 03-01-2013 18:00 − Freitag 04-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Apache Malware Installs Zeus ***
---------------------------------------------
"The worlds most widely used web server, Apache, is a conduit to inject malicious content into web pages served by an infected Linux server, without the knowledge of the website owner. Those are the results of an analysis of a malicious Apache module, detected by ESET. They called the malware Linux/Chapro.A. Although the malware can serve practically any type of content, in this specific case it installs a variant of Win32/Zbot, malware designed to steal information from online banking
---------------------------------------------
http://www.isssource.com/apache-malware-installs-zeus/
*** Bugtraq: Aastra IP Telephone encrypted .tuz configuration file leakage ***
---------------------------------------------
Aastra IP Telephone encrypted .tuz configuration file leakage
---------------------------------------------
http://www.securityfocus.com/archive/1/525190
*** Browser vendors rush to block fake google.com site cert ***
---------------------------------------------
Turkish authoritys goof could compromise data Google and other browser vendors have taken steps to block an unauthorized digital certificate for the " *.google.com" domain that fraudsters could have used to impersonate the search giants online services.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/04/turkish_fak…
*** Holey code, Batman! Microsoft to patch 12 vulns on Tuesday ***
---------------------------------------------
Christmas zero-day flaw not included Microsoft has issued its pre Patch Tuesday report, saying it will issue seven patches fixing 12 code flaws next week but it wont provide a permanent fix for the exploit discovered during the recent holidays that is already being used in the wild.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/04/microsoft_p…
*** Canadian Government Acknowledges Security Breach ***
---------------------------------------------
"An employee of Human Resources and Skills Development Canada (HRSDC) recently misplaced an unencrypted USB drive containing sensitive data on approximately 5,000 Canadian citizens."The lost data, which was reported to the HRSDC on Nov. 17, included names, Social Insurance Numbers (similar to Social Security numbers) and other information criminals could use to defraud victims," writes TechNewsDailys Ben Weitzenkorn."The department, which handles a variety of files including
---------------------------------------------
http://www.esecurityplanet.com/network-security/canadian-government-acknowl…
*** Nicht zimperlich - DDoS-Attacken, gestohlene Daten: Harte Bandagen bei Lieferservices ***
---------------------------------------------
Strafbefehle gegen sieben Führungskräfte von Lieferheld wegen entwendeter Datenbank eines Konkurrenten
---------------------------------------------
http://derstandard.at/1356426716898/DDoS-Attacken-gestohlene-Daten-Harte-Ba…
*** Over 18,000 PayPal Phishing Websites Identified in December 2012 ***
---------------------------------------------
"Phishing websites, ones created by cybercriminals to harvest sensitive information from unsuspecting users, have become highly problematic lately. Because theyre so effective, crooks have launched a considerable number of sites that replicate popular companies. For instance, according to a study performed by Trend Micro for December 2012, a total of 18,947 phishing websites have been found to replicate PayPal...."
---------------------------------------------
http://news.softpedia.com/news/Over-18-000-PayPal-Phishing-Websites-Identif…
*** Major global Facebook Botnet taken down ***
---------------------------------------------
"A fraud ring worth around 525 million has been taken out of action by the joint efforts of Facebooks own security team and local police forces in the UK, Peru, the US and a number of other countries. The gang managed to steal the massive sum from Facebook users by secretly planting spyware on victims computers that would steal credit and bank card details. Along with financial details, personal information with worth on the black market was also lifted...."
---------------------------------------------
http://www.journalism.co.uk/press-releases/major-global-facebook-botnet-tak…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-01-2013 18:00 − Donnerstag 03-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** BSI warnt vor Sicherheitslücke im VLC Media Player ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik rät Nutzern der populären quelloffenen Videoabspielsoftware, auf die aktuelle Version 2.0.5 umzusteigen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27218c1d/l/0L0Sheise0Bde0Cmel…
*** Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack ***
---------------------------------------------
"This weeks watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturers website has been serving malware related to the attack since September. Researcher Eric Romang said that Capstone Turbine Corp., which builds power generation equipment for utilities, has been infected with malware exploiting CVE 2012-4969 for four months and the latest IE
---------------------------------------------
http://threatpost.com/en_us/blogs/energy-manufacturer-also-victimized-ie-ze…
*** 6 Big cyber security predictions for 2013 ***
---------------------------------------------
"If there is any weakness in security, you can guarantee the criminals will try to exploit it. And if a cyber criminal discovers a weakness in one community, it wont be long before that isolated crime turns into a trend. The commercialization of malware is rapidly becoming a well-organized and highly lucrative business...."
---------------------------------------------
http://venturebeat.com/2013/01/02/6-big-cyber-security-predictions-for-2013/
*** Malware SNEAK dons cunning disguise, opens creaky back door to servers ***
---------------------------------------------
Java-based exploit targets web-hosting servers A malicious backdoor designed to infect web servers poses a severe threat, Trend Micro warns.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/03/web_server_…
*** A New Way of Detecting Cybersecurity Attacks ***
---------------------------------------------
"Rajeev Bhargava is an acknowledged pioneer in the networking and software industry, and CEO of Toronto-based Decision Zone Inc. His career spans more than 30 years within the engineering and IT industry, and he has been closely associated with many of its major developments. Rajeev has advised many of North Americas largest organizations within the telecom, financial, high tech, military, retail, aerospace and government industries. He is the inventor of an anomaly detection solution used
---------------------------------------------
http://www.digitalcommunities.com/articles/A-New-Way-of-Detecting-Cyber-Sec…
*** Lücke in Ruby on Rails erlaubt SQL-Injections ***
---------------------------------------------
Alle aktuellen Versionen des Fameworks Ruby on Rails sind von einer Sicherheitslücke betroffen, die das Einschleusen von beliebigem SQL-Code ermöglicht. Nutzer sollten ihre Software möglichst schnell aktualisieren.
---------------------------------------------
http://www.heise.de/meldung/Luecke-in-Ruby-on-Rails-erlaubt-SQL-Injections-…
*** Virenverseuchte Dia-Scanner bei Tchibo verkauft ***
---------------------------------------------
Der Kaffeeröster Tchibo hat in der Vorweihnachtszeit des vergangenen Jahres einen virenverseuchten Dia-Scanner verkauft. Das Gerät wurde ab dem 11. Dezember 2012 für 60 Euro über die Filialen und den Tchibo-Onlineshop angeboten.
---------------------------------------------
http://www.heise.de/meldung/Virenverseuchte-Dia-Scanner-bei-Tchibo-verkauft…
*** Invasion of the Botnets ***
---------------------------------------------
"Millions and millions of PCs have been silently infiltrated with bot malware, creating massive bot armies, poised to steal and inflict maximum damage when triggered by their Bot Commander. There are several botnets each comprising millions of compromised PCs, such as Zeus, Conficker, Mariposa, ZeroAccess and BredoLab, waiting for the next command from their Bot Commander, so that they can spring into action and obediently carry out their strike orders like a well-disciplined and
---------------------------------------------
http://dwaterson.com/2013/01/02/invasion-of-the-botnets/
*** Cloud security to be most disruptive technology of 2013 ***
---------------------------------------------
"The Security for Business Innovation Council, comprised of IT security professionals from 19 companies worldwide, called cloud computing the main disruptive force for 2013. In its report, "Information Security Shake-Up," the group said it was evident many organizations are preparing to move more business processes to the cloud. This year, it will even be "mission-critical apps and regulated data" consigned to the cloud...."
---------------------------------------------
http://www.networkworld.com/news/2013/010313-cloud-security-265437.html
*** Facebook-Lücke erlaubte unbemerkte Webcam-Aufnahmen ***
---------------------------------------------
Rund vier Monate nachdem zwei Sicherheitsforscher eine Schwachstelle in Facebooks Video-Upload-Funktion meldeten, soll de Lücke geschlossen worden sein. Die Entdecker sind überrascht über die Höhe der von Facebook gezahlten Belohnung.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2729d37e/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 28-12-2012 18:00 − Mittwoch 02-01-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Microsoft Warns of New Gaming Malware ***
---------------------------------------------
"According to a recent report by Marianne Mallen of the Microsoft Malware Protection Center (MMPC), Microsoft researchers recently came across three new Trojans that specifically target Korean gamers."According to the ... MMPC, whoever is responsible for these pieces of malware is attempting to pilfer user login credentials, credit card information that is used to pay for in-game money and assorted upgrades, Korean ID numbers (a sort of Korean-variety Social Security number often
---------------------------------------------
http://www.esecurityplanet.com/malware/microsoft-warns-of-new-gaming-malwar…
*** Microsoft - Windows XP wird zum Sicherheitsrisiko ***
---------------------------------------------
Die Zeitschrift ct warnt: "Ab 2014 kann man einen XP-Rechner nur noch in völliger Isolation betreiben"
---------------------------------------------
http://text.derstandard.at/1356426331198/Windows-XP-wird-zum-Sicherheitsris…
*** 29C3 - erfolgreicher Angriff auf verschlüsselnde Festplatten ***
---------------------------------------------
Auch bei automatisch verschlüsselnden Festplatten (Self-Encrypting Drives, SED) können Angreifer die Daten mit wenigen Handgriffen auslesen: Der Informatiker Tilo Müller demonstrierte am Freitag auf dem 29. Hacker-Kongress des Chaos Computer Clubs (29C3) in Hamburg, wie sich die Hardware-Verschlüsselung von Desktop-Computern oder Laptops angreifen lässt.
---------------------------------------------
http://www.heise.de/meldung/29C3-erfolgreicher-Angriff-auf-verschluesselnde…
*** Windows 8 Will Be Harder to Hack - Security Expert ***
---------------------------------------------
"Windows 8 has already been attacked by hackers who wanted to activate the operating system at no cost, but theres no doubt its one of the most secure Windows iterations released so far. And Microsoft uses this argument to promote Windows 8 with every single occasion, while security companies across the globe confirm that its harder to attack the new OS. McAfee said in its 2013 predictions report that Windows 8 may become hackers next big target, but Rapid7 CISO and Metasploit founder HD...
---------------------------------------------
http://news.softpedia.com/news/Windows-8-Will-Be-Harder-to-Hack-Security-Ex…
*** Bugtraq: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption ***
---------------------------------------------
GnuPG 1.4.12 and lower - memory access errors and keyring database corruption
---------------------------------------------
http://www.securityfocus.com/archive/1/525167
*** Worst email scams of 2012 ***
---------------------------------------------
"The scammers have continued to flood us with dodgy emails this year. Here are some of the worst ones weve spotted. Identity fraud and theft continues to be a big issue in the UK...."
---------------------------------------------
http://www.lovemoney.com/news/scams-and-rip-offs/scams/18904/worst-email-sc…
*** Provisorischer Fix für kritische Lücke im Internet Explorer ***
---------------------------------------------
Im Internet Explorer bis einschließlich Version 8 klafft eine kritische Sicherheitslücke. Microsoft hat nun ein Fix-It-Tool herausgegeben, mit dem sich Nutzer der betroffenen IE-Versionen schützen können, bis ein Patch fertig ist.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27194e91/l/0L0Sheise0Bde0Cmel…
*** Piraterie - Gecrackte Apps: Neue Dienste kapern iOS auch ohne Jailbreak ***
---------------------------------------------
Nachfolger von Installous könnten wesentlich mehr User erreichen
---------------------------------------------
http://derstandard.at/1356426557392/Gecrackte-Apps-Neue-Dienste-kapern-iOS-…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 27-12-2012 18:00 − Freitag 28-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** ICS-CERT Closes-out Two Alerts ***
---------------------------------------------
"Today the folks at DHS ICS-CERT published two advisories for different systems that were based upon uncoordinated disclosures reported earlier by ICS-CERT. Actually ICS-CERT only notes that one is based upon an earlier alert, but records show that both were. The affected systems are from RuggecCom and Carlo Gavazzi Automation...."
---------------------------------------------
http://chemical-facility-security-news.blogspot.nl/2012/12/ics-cert-closes-…
*** RealPlayer RealMedia File Handling Buffer Overflow ***
---------------------------------------------
Topic: RealPlayer RealMedia File Handling Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bi_N1sR5TgU/WLB-20…
*** Joomla bch and Content Shell Upload ***
---------------------------------------------
Topic: Joomla bch and Content Shell Upload Risk: High Text: [ Joomla com_content Shell Upload Vulnerability] [x] Author : Agd_Scorp [x] Home : www.turkguvenligi.info ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vUggqlfFDmw/WLB-20…
*** Vuln: Real Networks RealPlayer Multiple Security Vulnerabilities ***
---------------------------------------------
Real Networks RealPlayer Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56956
Next End-of-Shift report on 2013-01-02
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 21-12-2012 18:00 − Donnerstag 27-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Vuln: Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability ***
---------------------------------------------
Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55465
*** Java 7 update offers more security options ***
---------------------------------------------
"A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox. The plethora of security attacks that exploit flaws in the Java platform means that disallowing Java from browsers has long been recommended by security...
---------------------------------------------
http://www.fiercecio.com/techwatch/story/java-7-update-offers-more-security…
*** India Developing Its Own Secure Operating System ***
---------------------------------------------
"According to The Times of India, 150 engineers from all across the country have already been working on the project for over one year and a half, but it will take another three before the operating systems can be rolled out. The director general of the DRDO has explained that India needs its own operating system to strengthen cyber security. He has emphasized that the current operating systems used in India, regardless whether theyre Windows or Linux-based, contain numerous security...
---------------------------------------------
http://news.softpedia.com/news/India-Developing-Its-Own-Secure-Operating-Sy…
*** Vuln: WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability ***
---------------------------------------------
WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56988
*** Hook Analyser Malware Tool 2.2 ***
---------------------------------------------
"Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes: The UI and modules of the project have been re-written...."
---------------------------------------------
http://packetstormsecurity.org/files/119087
*** PHP-CGI Argument Injection Remote Code Execution ***
---------------------------------------------
Topic: PHP-CGI Argument Injection Remote Code Execution Risk: High Text:#!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution T...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/HMIGwX9uCpo/WLB-20…
*** [remote] - IBM Lotus Notes Client URL Handler Command Injection ***
---------------------------------------------
IBM Lotus Notes Client URL Handler Command Injection
---------------------------------------------
http://www.exploit-db.com/exploits/23650
*** [remote] - Microsoft SQL Server Database Link Crawling Command Execution ***
---------------------------------------------
Microsoft SQL Server Database Link Crawling Command Execution
---------------------------------------------
http://www.exploit-db.com/exploits/23649
*** NVidia Display Driver Service (nvvsvc.exe) Exploit ***
---------------------------------------------
Topic: NVidia Display Driver Service (nvvsvc.exe) Exploit Risk: High Text:/* NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE = (@...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/RWnidJO9giU/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout ***
---------------------------------------------
Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/m7FLRoPAp58/WLB-20…
*** HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03577598
*** Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability ***
---------------------------------------------
Squid cachemgr.cgi Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56957
*** QNAP-NAS anfällig für cross-site-scripting (XSS) ***
---------------------------------------------
Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird.
So ist z.B. die Photostation und die TVStation anfällig für XSS.
---------------------------------------------
http://sdcybercom.wordpress.com/
*** CA20121220-01: Security Notice for CA IdentityMinder ***
---------------------------------------------
CA Technologies Support is alerting customers to two potential risks in
CA IdentityMinder (formerly known as CA Identity Manager). Two
vulnerabilities exist that can allow a remote attacker to execute
arbitrary commands, manipulate data, or gain elevated access. CA
Technologies has issued patches to address the vulnerability.
---------------------------------------------
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B…
*** VMWare posts some updates, (Fri, Dec 21st) ***
---------------------------------------------
Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that).... .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch! -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14740&rss
Next End-of-Shift report on 2012-12-27
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 19-12-2012 18:00 − Donnerstag 20-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Sweet Orange Exploit Kit Offers Customers Higher Infection Rates ***
---------------------------------------------
"The newly emerging Sweet Orange Exploit Kit boasts a 10 to 25 percent infection rate and is promising to drive 150,000 unique visitors per day to the websites of its customers, according to Jeff Doty and Chris Larsen of Blue Coat Security. If the claims of Sweet Oranges authors reflect reality, it means that users of the kit can expect to add anywhere between 15,000 and 37,500 machines to their botnet per day. Sweet Orange has 45 dedicated IP addresses and 267 unique domains, which Doty...
---------------------------------------------
http://threatpost.com/en_us/blogs/sweet-orange-exploit-kit-offers-customers…
*** MyBB MyYoutube Cross Site Scripting ***
---------------------------------------------
Topic: MyBB MyYoutube Cross Site Scripting Risk: Low Text:# Exploit Title: MyYoutube MyBB Stored XSS # Date: 17.12.2012 # Exploit Author: limb0 # Vendor Homepage: http://www.mybb-es....
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/C8aZDfreDmo/WLB-20…
*** MyBB Xbox Live ID Cross Site Scripting ***
---------------------------------------------
Topic: MyBB Xbox Live ID Cross Site Scripting Risk: Low Text:# Exploit Title: Xbox Live ID MyBB Plugin Stored XSS # Date: 13/12/2012 # Exploit Author: limb0 # Vendor Homepage: http://ww...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/qUghUFk2MwE/WLB-20…
*** Vuln: Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities ***
---------------------------------------------
Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56906
*** Bugtraq: EMC Avamar: World writable cache files ***
---------------------------------------------
EMC Avamar: World writable cache files
---------------------------------------------
http://www.securityfocus.com/archive/1/525095
*** Apache plug-in doles out Zeus attack ***
---------------------------------------------
Points victims to Sweet Orange exploit server, slurps banking credentials Anti-virus outfit Eset has discovered a malicious Apache module in the wild that serves up malware designed to steal banking credentials.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/apache_dang…
*** SurgeFTP Remote Command Execution ***
---------------------------------------------
Topic: SurgeFTP Remote Command Execution Risk: High Text:require msf/core class Metasploit3
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/iwcAssIZcxo/WLB-20…
*** Drupal Core 6.x & 7.x Access Bypass & Code Execution ***
---------------------------------------------
Topic: Drupal Core 6.x & 7.x Access Bypass & Code Execution Risk: High Text:View online: http://drupal.org/SA-CORE-2012-004 * Advisory ID: DRUPAL-SA-CORE-2012-004 * Project: Drupal core [1] * ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bLFpBaVeTdc/WLB-20…
*** ENISA on Smart Grids: a Risk-Based Approach Is Key to Secure Implementation ***
---------------------------------------------
"The European Network and Information Security Agency (ENISA) has released a new report to help smart grid providers properly secure their infrastructures against cyberattacks. The European Union hopes to achieve a 20% increase in renewable energy, a 20% reduction in CO2 emissions, and a 20% increase in energy efficiency by 2020. Smart grids can help a lot in achieving these goals, but they must be rolled out in a secure way...."
---------------------------------------------
http://news.softpedia.com/news/ENISA-on-Smart-Grids-a-Risk-Based-Approach-I…
*** Vuln: Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities ***
---------------------------------------------
Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56982
*** PGP, TrueCrypt-encrypted files CRACKED by £300 tool ***
---------------------------------------------
Plod at the door? Better yank out that power cable ElcomSoft has built a utility that forages for encryption keys in snapshots of a PCs memory to decrypt PGP and TrueCrypt-protected data.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/elcomsoft_t…
*** Sicherheitslücke in AMDs Catalyst-Control-Center ***
---------------------------------------------
Eigentlich soll das Catalyst-Control-Center von AMD helfen die Treiber für Grafikkarten so aktuell wie möglich zu halten - über ein Ausnutzen der Update-Benachrichtigung kann vermutlich ein manipulierter Treiber untergejubelt werden.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/26cbb061/l/0L0Sheise0Bde0Cmel…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 18-12-2012 18:00 − Mittwoch 19-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** The Only 2013 Cybersecurity Predictions List You Need to Read ***
---------------------------------------------
"Please, allow me to save you some time reading all of those Top 10 Cybersecurity Threats of 2013 lists from journalists, bloggers, analysts, vendors and other crackpots. Nearly all of them will include the 10 following threats, in varying orders:The Cloud Lots of vulnerabilities out there. BYOD/Mobile malware Its a problem dealing with all these devices...."
---------------------------------------------
http://blogs.cio.com/security/17647/only-2013-cybersecurity-predictions-lis…
*** 1-15 December 2012 Cyber Attacks Timeline ***
---------------------------------------------
"Christmas is coming quickly, we have just passed the first half of December, and hence its time for the first update of the Cyber Attacks Timeline for December. The Team GhostShell has decided to close the year with a clamorous Cyber Attack, and hence,as part of the project ProjectWhiteFox, has leaked 1. 6 million of accounts from several organizations all over the world...."
---------------------------------------------
http://hackmageddon.com/2012/12/17/1-15-december-2012-cyber-attack-timeline/
*** Enterpriser16 LB 7.1 Cross Site Scripting ***
---------------------------------------------
Topic: Enterpriser16 LB 7.1 Cross Site Scripting Risk: Low Text:Title: Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: == 2012-12-12 References: == http://ww...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Pv935OaGGFY/WLB-20…
*** [webapps] - SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability ***
---------------------------------------------
SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/23498
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 17-12-2012 18:00 − Dienstag 18-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56846
*** Vuln: Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56847
*** Vuln: TWiki Multiple Security Vulnerabilities ***
---------------------------------------------
TWiki Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56950
*** Reminder: Java 6 end-of-live February 2013 , (Mon, Dec 17th) ***
---------------------------------------------
Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here: http://www.oracle.com/technetwork/java/javase/eol-135779.html ---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14719&rss
*** Bugtraq: IPv6 Neighbor Discovery security (new documents) ***
---------------------------------------------
IPv6 Neighbor Discovery security (new documents)
---------------------------------------------
http://www.securityfocus.com/archive/1/525063
*** Cyber Security Bulletin (SB12-352) - Vulnerability Summary for the Week of December 10, 2012 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability...
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB12-352.html
*** Carberp-in-the-Mobile found on Google Play ***
---------------------------------------------
"Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play cant be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps. Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2362
*** Lookout Predicts 18 Million Android Malware Infections by End of 2013 ***
---------------------------------------------
"Lookout Mobile Security recently published its mobile threat predictions for 2013, anticipating that 18 million Android users will encounter mobile malware between the beginning of 2012 and the end of 2013."The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0. 20 percent in Japan to 0. 40 percent in the US and as high as 34...."
---------------------------------------------
http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-…
*** Trojan Upclicker malware infecting PCs via mouse input ***
---------------------------------------------
"Windows PC owners be warned theres a new strain of malware out there that befuddles users into helping it accomplish its dirty deeds via mouse clicks. Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors. FireEye researchers Abhishek Singh and Yasir Khalid noted that Trojan Upclicker is a variant...
---------------------------------------------
http://www.itproportal.com/2012/12/17/trojan-upclicker-malware-infecting-pc…
*** EU to propose mandatory reporting of cyber incidents ***
---------------------------------------------
"The European Union may force companies operating critical infrastructure in areas such as banking, energy and stock exchanges to report major online attacks and reveal security breaches, according to draft report by the European Commission. The European Commission is due to present a proposal on cybersecurity in February once it has received feedback from the European Parliament and EU countries. The proposal was initially announced in May for the third quarter this year but has been...
---------------------------------------------
http://www.euractiv.com/infosociety/eu-propose-mandatory-reporting-c-news-5…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 14-12-2012 18:00 − Montag 17-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: MyBB DyMy User Agent Plugin SQL Injection Vulnerability ***
---------------------------------------------
MyBB DyMy User Agent Plugin SQL Injection Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56931
*** Bugtraq: Wordpress Pingback Port Scanner ***
---------------------------------------------
Wordpress Pingback Port Scanner
---------------------------------------------
http://www.securityfocus.com/archive/1/525045
*** Bugtraq: DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) ***
---------------------------------------------
DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)
---------------------------------------------
http://www.securityfocus.com/archive/1/525044
*** ENISA - Introduction to Return on Security Investment ***
---------------------------------------------
"As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention...."
---------------------------------------------
http://www.enisa.europa.eu/activities/cert/other-work/introduction-to-retur…
*** Foswiki Remote code execution and other vulnerabilities in MAKETEXT ***
---------------------------------------------
Topic: Foswiki Remote code execution and other vulnerabilities in MAKETEXT Risk: High Text: + Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/8WkKh9Nz_ZM/WLB-20…
*** Eurograbber: A Smart Trojan Attack - Hackers Methods Reveal Banking Know-How ***
---------------------------------------------
"The Eurograbber banking Trojan is an all-in-one hit, researchers say. It successfully compromises desktops and mobile devices, and has gotten around commonly used two-factor authentication practices in Europe. How can banking institutions defend themselves and their customers against this super-Trojan attack?..."
---------------------------------------------
http://www.bankinfosecurity.com/eurograbber-smart-trojan-attack-a-5359?rf=2…