- Daily - CERT.at

Tageszusammenfassung - Freitag 14-12-2012
by Daily end-of-shift report 14 Dec '12

14 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-12-2012 18:00 − Freitag 14-12-2012 18:00 Handler: Christian Wojner Co-Handler: n/a *** Internet Explorer rats out the mouse - Update *** --------------------------------------------- "Company Spider. io warns that Internet Explorer allows a users mouse position to be determined even if the mouse cursor is located outside of the browser window or the browser window isnt being displayed at all either because it is minimised or the user has switched to view another tab or window. This is potentially dangerous because it enables web pages to intercept sensitive data that is being entered via virtual keyboards and virtual keypads, say the researchers...." --------------------------------------------- http://www.h-online.com/security/news/item/Internet-Explorer-rats-out-the-m… *** Bugtraq: Addressbook v8.1.24.1 Group Name XSS *** --------------------------------------------- Addressbook v8.1.24.1 Group Name XSS --------------------------------------------- http://www.securityfocus.com/archive/1/525027 *** New Trojan attempts SMS fraud on OS X users *** --------------------------------------------- "The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud. The new malware is a Trojan horse, dubbed "Trojan. SMSSend...." --------------------------------------------- http://news.cnet.com/8301-1009_3-57558780-83/new-trojan-attempts-sms-fraud-… *** Apple updates OS X malware definitions for new fake-installer/SMS trojan *** --------------------------------------------- "MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as TrojanSMSSend...." --------------------------------------------- http://9to5mac.com/2012/12/13/apple-updates-os-x-malware-definitions-for-ne… *** Backdoor Found at NDIS Level *** --------------------------------------------- "It is one thing to have a piece of malware that can focus on targeted attacks, but it is quite another to have it also be nearly invisible. That is just what a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel. A, is able to do, said researchers at Microsofts Malware Protection Center...." --------------------------------------------- http://www.isssource.com/backdoor-found-at-ndis-level/ *** New Attacks from Gameover Gang *** --------------------------------------------- "Millions of emails, which pose as coming from major U.S. banks, are spamming out, according to Dell SecureWorks Counter Threat Unit. The fake but convincing-looking emails appeal to a more security-minded banking customer: You have received a new encrypted message or a secure message from [XYZ] Bank, one of the email campaigns said, noting the bank has set up a secure email exchange for its customers as a way to allay privacy and security concerns. The message includes an infected --------------------------------------------- http://www.isssource.com/new-attacks-from-gameover-gang/ *** Yet another eavesdrop vulnerability in Cisco phones *** --------------------------------------------- Security groundhog day A university student presenting at the Amphion Forum has demonstrated turning a Cisco VoIP phone into a listening device, even when it's on the hook. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/13/cisco_voip_… *** Dexter malware targets point of sale systems worldwide *** --------------------------------------------- "You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems. First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking providers...." --------------------------------------------- http://www.theregister.co.uk/2012/12/14/dexter_malware_targets_pos_systems/ *** Top 7 security predictions for 2013 *** --------------------------------------------- "A seismic shift in who controls the Internet? Another Mac malware outbreak? Your smart TV being highjacked for a DDoS attack?..." --------------------------------------------- http://www.net-security.org/secworld.php?id=14120 *** [DNB] Joomla, WordPress Sites Hit by IFrame Injection Attacks *** --------------------------------------------- '....Users of the popular Joomla content management system are being urged by security experts to upgrade to the latest version after reports of exploits being used to compromise websites built on the platform......' --------------------------------------------- https://threatpost.com/en_us/blogs/joomla-wordpress-sites-hit-iframe-inject…

1 0

Tageszusammenfassung - Donnerstag 13-12-2012
by Daily end-of-shift report 13 Dec '12

13 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 12-12-2012 18:00 − Donnerstag 13-12-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Researchers uncover Tor-powered Skynet botnet *** --------------------------------------------- "Rapid7 researchers have recently unearthed an unusual piece of malware that turned out to be crucial to the formation of an elusive botnet - dubbed Skynet by the researchers - whose existence has been documented in a very popular Reddit "I Am A" thread. The Trojan in question has DDoS and Bitcoin-mining capabilities, but its main function is to steal banking credentials. The botnet operator spreads the malware via the Usenet discussion forum, which is also a popular platform for... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2357 *** "Dexter" malware steals credit card data from point-of-sale terminals *** --------------------------------------------- "A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30... --------------------------------------------- http://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-d… *** New Findings Lend Credence to Project Blitzkrieg *** --------------------------------------------- "Project Blitzkrieg," a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2013, was met with skepticism from some in the security community after news of the scheme came to light in October. Many assumed it was a law enforcement sting, or merely the ramblings of a wannabe criminal mastermind. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a... --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/RgJgMJ51mKo/ *** Cybersecurity company using hackers own devices against them *** --------------------------------------------- "A California cybersecurity start-up, marketing itself as a private cyber intelligence agency, works to identify foreign attackers who are attempting to steal corporate secrets; it does so by using the attackers own techniques and vulnerabilities against them; the company also collects data on hackers and tricks intruders into stealing false information Shawn Henry, the head of the FBI cyber crimes division, this year left agency after twenty-four years to become the president CrowdStrike,... --------------------------------------------- http://www.homelandsecuritynewswire.com/dr20121213-cybersecurity-company-us… *** Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10 *** --------------------------------------------- "Facebooks security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions. The arrests were carried out yesterday in the U.S., U.K., the Balkans, South America and New Zealand in connection with spreading the Yahos malware on Facebook from 2010 to this October. Yahos compromised more than 11 million computers, the FBI said...." --------------------------------------------- http://threatpost.com/en_us/blogs/facebook-security-fbi-take-down-butterfly…

1 0

Tageszusammenfassung - Mittwoch 12-12-2012
by Daily end-of-shift report 12 Dec '12

12 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-12-2012 18:00 − Mittwoch 12-12-2012 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** First fake-installer Trojan for Mac OS *** --------------------------------------------- December 11, 2012 Russian anti-virus company Doctor Web informs users about a new Trojan for Mac OS X dubbed Trojan.SMSSend.3666. The malicious scheme used to spread this Trojan is notorious among many Windows users but until now it hasnt been employed to deceive owners of Macs. Trojan.SMSSend is a fake installer which can be downloaded from various sites under the guise of useful software. Trojan.SMSSend programs are found in large numbers on the Internet. These are fake installers available --------------------------------------------- http://news.drweb.com/show/?i=3138&lng=en&c=9 *** Web-Seiten identifizieren Besucher über deren soziale Netze *** --------------------------------------------- Der New Yorker Sumit Suman staunte nicht schlecht. Nach seinem Besuch der Web-Seiten von UberVu bekam er am nächsten Tag eine persönliche E-Mail mit Werbeangeboten der Firma. --------------------------------------------- http://www.heise.de/security/meldung/Web-Seiten-identifizieren-Besucher-ueb… *** Dezember-Patchday bei Microsoft und Adobe *** --------------------------------------------- Microsoft und Adobe haben ihre Dezember-Patchdays abgehalten und dabei zahlreiche kritische Lücke geschlossen. Während Microsoft die meisten Windows-Versionen, den Internet Explorer, Word und einige Server-Produkte abgesichert hat, gab es von Adobe Patches für den Flash Player, AIR und ColdFusion. --------------------------------------------- http://www.heise.de/security/meldung/Dezember-Patchday-bei-Microsoft-und-Ad… *** Microsoft Internet Explorer 610 Mouse Tracking *** --------------------------------------------- Topic: Microsoft Internet Explorer 610 Mouse Tracking Risk: Medium Text:Summary: Unprivileged attackers can track your system-wide mouse movements from any IE page, even when the page is unfocused o... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/GTaeIyspNpM/WLB-20… *** Samsungs smart TVs wide open to exploits *** --------------------------------------------- The downside to being more like a PC Samsungs Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/smart_tv_pw… *** Russian space research org targeted by mystery malware attack *** --------------------------------------------- Korean message forum becomes cyber-espionage hub Security researchers have discovered a targeted attack against Russian hi-tech firm that appears to originate in Korea. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/russian_cyb… *** North America and Europe Most Threatened by Money-Stealing Android Trojans *** --------------------------------------------- "If youre living in Europe or North America and if youre an Android user, the mobile malware that targets you is most likely designed to steal your money. On the other hand, if you live in Asia, youre more likely to be bombarded with aggressive adware and annoying ads. These are the results of a study performed by security firm Bitdefender with the aid of its mobile security solution, between January 1 and December 1, 2012...." --------------------------------------------- http://news.softpedia.com/news/North-America-and-Europe-Most-Threatened-by-…

1 0

Tageszusammenfassung - Dienstag 11-12-2012
by Daily end-of-shift report 11 Dec '12

11 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 10-12-2012 18:00 − Dienstag 11-12-2012 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Beware of Bitcoin miner posing as Trend Micro AV *** --------------------------------------------- "Malware almost always comes in disguise, but some malware peddlers try to do a better job than others. Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself off as "Trend Micro AntiVirus Plus AntiSpyware" (click on the screenshot to enlarge it):Unfortunately for whose who get fooled, the software in question is a Trojan that creates the process svchost. exe and downloads additional malicious components such as a Bitcoin miner application --------------------------------------------- http://www.net-security.org/malware_news.php?id=2349 *** Multipurpose Necurs Trojan infects over 83,000 computers *** --------------------------------------------- "The polivalent Necurs malware family has been wreaking havoc in November by infecting over 83,000 unique computers - and that are only the ones detected by Microsofts solutions! The Necurs Trojan is capable of:Modifying the computers registry in order to make itself start after every reboot. Dropping additional components that prevents a large number of security applications from functioning correctly, including the ones manufactured by Avira, Kaspersky Lab, Symantec and --------------------------------------------- http://www.net-security.org/malware_news.php?id=2350 *** 200,000 new malicious programs detected every day *** --------------------------------------------- "Kaspersky Lab released its annual Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2012. The report revealed significant growth of Mac-specific malware and an explosive growth in the number of threats targeting the Android platform. Overall, Kaspersky Lab detected and blocked more than 1...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2352 *** Necurs Rootkit Infections Way Up *** --------------------------------------------- "Infections from a nasty bit of malware, generally delivered by the Black Hole Exploit Kit, surged in November, hitting more than 83,000 machines. Microsofts Malware Protection Center rates the Necurs rootkit threat as severe. Dubbed a rootkit by Kaspersky Lab, Necurs has many dimensions to it...." --------------------------------------------- http://threatpost.com/en_us/blogs/necurs-rootkit-infections-way-120712? *** Joomla (and WordPress) Bulk Exploit Going on, (Mon, Dec 10th) *** --------------------------------------------- Weve gotten some reports and discussion around many Joomla (and some WordPress) sites exploited and hosting IFRAMES pointing to bad places. Well get to the downloaded in a second, but the interesting thing to note is that it doesnt seem to be a scanner exploiting one vulnerability but some tool thats basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. Wed like PCAPs or weblogs if youre seeing something similar in your environment. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14677&rss *** Russian ransomware strikes Queensland doctor *** --------------------------------------------- Seven years of patients files encrypted by crooks. A medical practice in the Australian state of Queensland, the Miami Family Medical Centre, has been hit by ransomware said to originate in Russia. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/queensland_… *** Unzuverlässige Trojaner-Warnungen durch Android 4.2 *** --------------------------------------------- Nur 15 Prozent der in einer Analyse eingesetzten Schadsoftware hat der mit Googles Betriebssystem Jelly Bean (Android 4.2) kommende App Verification Service entdeckt. --------------------------------------------- http://www.heise.de/security/meldung/Unzuverlaessige-Trojaner-Warnungen-dur…

1 0

Tageszusammenfassung - Montag 10-12-2012
by Daily end-of-shift report 10 Dec '12

10 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 07-12-2012 18:00 − Montag 10-12-2012 18:00 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Sophos Security Threat Report 2013, today... tomorrow *** --------------------------------------------- "Sophos was one of the first security firms that has published a report, Sophos Security Threat Report 2013, on current status of security landscape making predictions for incoming year. The document propose an interesting overview on most common and dangerous cyber threats attempting to determine the level of penetration by different countries. The factors that have primary contributed to the diffusion of new cyber threats are the increasing in use of social networks platforms and --------------------------------------------- http://www.infosecisland.com/blogview/22771-Sophos-Security-Threat-Report-2… *** Onlinebanking lieber per Althandy *** --------------------------------------------- Derzeit droht Nutzern von Internet-Banking-Diensten Gefahr durch den Trojaner Eurograbber, der Geld von mehr als 30 000 Bankkonten erbeutet haben soll. Er greift Online-Banking-Teilnehmer, die PC und Smartphone kombiniert einsetzen, gezielt an und fängt durch geschickte Fragen sowohl Kontodaten als auch Transaktionsnummern seiner Opfer ab. Internetnutzer können sich jedoch mit ein paar Tricks schützen. --------------------------------------------- http://www.heise.de/security/meldung/Onlinebanking-lieber-per-Althandy-1764… *** My Little Pronny: Autorun worms continue to turn *** --------------------------------------------- "Malware activity exploiting Autorun on Windows computers has been generating quite a few calls to ESET support lines lately, reminding us that old infection techniques seldom die and USB flash drives can still be an effective means of getting malicious code onto a computer. USB drives can be used to infect computers that automatically execute files on removable media when that media is inserted. On Windows machines this is known as the Autorun feature (referred to as Autoplay in Windows --------------------------------------------- http://blog.eset.com/2012/12/07/autorun-worm-continues-to-turn *** 16-30 November 2012 Cyber Attacks Timeline *** --------------------------------------------- "November has gone and its time to review this months cyber landscape. From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the --------------------------------------------- http://hackmageddon.com/category/security/cyber-attacks-timeline/ *** That square QR barcode on the poster? Check its not a sticker *** --------------------------------------------- Crooks slap on duff codes leading to evil sites Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/10/qr_code_sti… *** Trojans spread from compromised Dalai Lama website *** --------------------------------------------- December 5, 2012 Russian anti-virus company Doctor Web is informing users that several Trojans are being spread from compromised websites. In particular, malware is being downloaded from the official site of the Dalai Lama. Mac OS X systems are in danger as well as Windows PCs. Several days ago Doctor Web was informed that the official site of Tibet's spiritual leader, the Dalai Lama, had been compromised. Doctor Webs analysts discovered that when loading a page from the site in a --------------------------------------------- http://news.drweb.com/show/?i=3124&lng=en&c=9 *** DDoS Attacks: Lessons Learned - 4 Thought Leaders Share Insights About Bank Attacks *** --------------------------------------------- "Distributed-denial-of-service attacks waged against leading U.S. banks between mid-September and mid-October led to improved information sharing about threats. And that exchange proved effective in minimizing disruptions. Inter-bank and industry communication helped financial institutions targeted later in the DDoS campaign suffer less severe outages than those targeted earlier, says Mike Smith, a DDoS specialist at Web security vendor Akamai Technologies...." --------------------------------------------- http://www.bankinfosecurity.com/ddos-attacks-lessons-learned-a-5343?rf=2012… *** The "hidden" backdoor - VirTool:WinNT/Exforel.A *** --------------------------------------------- Recently we discovered an advanced backdoor sample - VirTool:WinNT/Exforel.A. Unlike traditional backdoor samples, this backdoor is implemented at the NDIS (Network Driver Interface Specification) level. https://blogs.technet.com/b/mmpc/archive/2012/12/09/the-quot-hidden-quot-ba… *** Vuln: TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities *** --------------------------------------------- TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56602 *** VLC Media Player 2.0.4 Buffer Overflow *** --------------------------------------------- Topic: VLC Media Player 2.0.4 Buffer Overflow Risk: High Text:Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : http:/... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/JsOQvc6gSeY/WLB-20…

1 0

Tageszusammenfassung - Freitag 7-12-2012
by Daily end-of-shift report 07 Dec '12

07 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-12-2012 18:00 − Freitag 07-12-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Sieben Microsoft-Patches auf einen Streich am Patchday *** --------------------------------------------- Microsoft kündigte an, anlässlich seines Dezember-Patchdays am kommenden Dienstag sieben Patch-Pakete (Bulletins) herauszugeben, die insgesamt elf Sicherheitslücken schließen. Fünf der Patch-Pakete stuft das Unternehmen als kritisch ein; sie schließen Lücken, die das Einschleusen von Schadcode aus der Ferne erlauben. --------------------------------------------- http://www.heise.de/security/meldung/Sieben-Microsoft-Patches-auf-einen-Str… *** Viele beliebte Windows-Programme unzureichend gesichert *** --------------------------------------------- Der Autor der Software SlopFinder beschreibt, dass viele beliebte Windows-Programme selbst grundlegende Schutzmechanismen nicht verwenden. So soll bei DEP (Data Execution Prevention) der Prozessor über ein Flag (NX-Bit) die Ausführung von eingeschleustem Schadcode im Datenbereich verhindern. --------------------------------------------- http://www.heise.de/security/meldung/Viele-beliebte-Windows-Programme-unzur… *** RSA boss predicts "catastrophic" cyber attack *** --------------------------------------------- "A large-scale attack on critical infrastructure will soon become a reality, according to RSA chief executive Art Coviello. The security boss said that poor government security protections combined with increasingly sophisticated attack techniques has left critical infrastructure at risk for attacks which could cause widespread damage."I abhor the phrase Cyber Pearl Harbor because I think it is a poor metaphor to describe the state I believe we are in," Coviello --------------------------------------------- http://www.v3.co.uk/v3-uk/news/2229201/rsa-boss-art-coviello-predicts-catas… *** Skynet, a Tor-powered botnet straight from Reddit *** --------------------------------------------- FROM: Matthias Fraidl <fraidl(a)cert.at> Following is an overview of this malware labelled by the creator as Skynet: a Tor-powered trojan with DDoS, Bitcoin mining and Banking capabilities, that we observed spreading through the veins of Usenet. https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor… --------------------------------------------- /taranis/mod_assess/show_mail.pl?id=1826 *** BlackHole Exploit Kit Has Difficulties in Infecting Chrome Users, Experts Say *** --------------------------------------------- "The notorious BlackHole exploit kit has been around for quite some time now, with new iterations being released periodically. While it can be considered one of the most efficient cybercriminal tools, BlackHole doesnt like it when its victims utilize Googles Chrome web browser. According to experts from Blue Coat, when potential victims are tricked into clicking on links that point to BlackHole-infested websites, theyre presented with a loading or a please wait message, while in the --------------------------------------------- http://news.softpedia.com/news/BlackHole-Exploit-Kit-Has-Difficulties-in-In… *** New Trojan Exploits Mobile Channel - Eurograbber Defeats Two-Factor Authentication *** --------------------------------------------- "Eurograbber is more than just another banking Trojan. Its an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Points Darrell Burkey. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks...." --------------------------------------------- http://www.bankinfosecurity.com/interviews/new-trojan-exploits-mobile-chann… *** WhatsApp schließt Lücke erneut, aber nicht überall *** --------------------------------------------- Das Katz-und-Maus-Spiel um die Sicherheit von WhatsApp geht in die nächste Runde: Nachdem heise Security vor rund einer Woche demonstriert hatte, dass die Android-Version nach wie vor anfällig für Account-Hijacking ist, bietet der Betreiber nun WhatsApp-Version 2.8.8968 über Google Play an, die eine verbesserte Rufnummern-Verifikation verspricht. --------------------------------------------- http://www.heise.de/security/meldung/WhatsApp-schliesst-Luecke-erneut-aber-…

1 0

Tageszusammenfassung - Donnerstag 6-12-2012
by Daily end-of-shift report 06 Dec '12

06 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-12-2012 18:00 − Donnerstag 06-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: CVE-2012-4534 Apache Tomcat denial of service *** --------------------------------------------- CVE-2012-4534 Apache Tomcat denial of service --------------------------------------------- http://www.securityfocus.com/archive/1/524945 *** Vuln: Adobe InDesign Server RunScript SOAP Message Remote Command Execution Vulnerability *** --------------------------------------------- Adobe InDesign Server RunScript SOAP Message Remote Command Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56574 *** Opera GIF Image Handling Buffer Underflow Vulnerability *** --------------------------------------------- http://secunia.com/advisories/51462/ *** Vuln: Computer Associates XCOM Data Transport Remote Arbitrary Command Execution Vulnerability *** --------------------------------------------- Computer Associates XCOM Data Transport Remote Arbitrary Command Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56824

1 0

Tageszusammenfassung - Mittwoch 5-12-2012
by Daily end-of-shift report 05 Dec '12

05 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-12-2012 18:00 − Mittwoch 05-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** SHA1-Schwäche begünstigt Passwortknacker *** --------------------------------------------- Jens Steube, einer der Autoren des populären Passwortknackers Hashcat, hat eine "Schwäche im kryptografischen Hash-Verfahren SHA1" (PDF-Datei) ausgemacht, die es ihm erlaubt, das Knacken von Passwörtern um etwa 20 Prozent zu beschleunigen. --------------------------------------------- http://www.heise.de/security/meldung/SHA1-Schwaeche-beguenstigt-Passwortkna… *** ATM Thieves Swap Security Camera for Keyboard *** --------------------------------------------- This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like childs play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/kPS5w9ExcfQ/ *** Twitter’s deathless spoofing bug gets the heart-stake again *** --------------------------------------------- Facebook, Venmo also plug SMS vuln Twitter says it has plugged its years-old SMS spoofing vulnerability after yet-another disclosure, this time by security consultant Jonathan Rudenberg. Facebook and social payments outfit Venmo have also blocked the vulnerability.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/05/twitter_dum… *** Security Patch released for BIND 9.9.2, (Wed, Dec 5th) *** --------------------------------------------- A security patch was released for BIND 9.9.2. The patch addresses 26 different bugs and/or security issues. Update your bind DNS server to version 9.9.2-P1. Updates can be downloaded here: http://www.isc.org/downloads/all More information is available here: https://kb.isc.org/article/AA-0082 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14641&rss *** Apache Tomcat CSRF Prevention Filter Bypass *** --------------------------------------------- Topic: Apache Tomcat CSRF Prevention Filter Bypass Risk: Low Text:CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/llUlhAAXXjo/WLB-20… *** Apache Tomcat Security Bypass *** --------------------------------------------- Topic: Apache Tomcat Security Bypass Risk: Medium Text:CVE-2012-3546 Apache Tomcat Bypass of security constraints Severity: Important Vendor: The Apache Software Foundation ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bHs7rEreGXQ/WLB-20… *** HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03464042 *** HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS) *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03556108 *** HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ *** Sophos Security Threat Report 2013: Norway Is the Safest Country *** --------------------------------------------- "Sophos has just released its Security Threat Report 2013. The study focuses on topics such as Mac malware, targeted attacks, polymorphic attacks, ransomware, Android threats, Java attacks, and the BlackHole exploit kit. An interesting part of the report is the one which details the 10 riskiest and the 10 safest countries in the world...." --------------------------------------------- http://news.softpedia.com/news/Sophos-Security-Threat-Report-2013-Norway-Is… *** New 25-GPU Monster Devours Strong Passwords In Minutes *** --------------------------------------------- chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cC50oUE-O1A/story01.htm *** The Citadel crimeware kit - under the microscope *** --------------------------------------------- Ever since the source code of the Zeus crimeware kit, also known as Zbot, was leaked onto the internet in May 2011, many new variants have appeared. These have typically added new features and improved on the old code. One particularly prevalent example is Citadel. --------------------------------------------- http://nakedsecurity.sophos.com/2012/12/05/the-citadel-crimeware-kit-under-…

1 0

Tageszusammenfassung - Dienstag 4-12-2012
by Daily end-of-shift report 04 Dec '12

04 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-12-2012 18:00 − Dienstag 04-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Instagram-App anfällig für Account-Hijacking *** --------------------------------------------- Der Netzwerkverkehr der Instagram-App ist offenbar unzureichend geschützt: Wie der Sicherheitsexperte Carlos Reventlov berichtet, kommuniziert die App der Fotogemeinde unverschlüsselt über HTTP mit dem Instagram-Server. Ein Angreifer kann beim Belauschen des Datenverkehrs laut Reventlov ein Session-Cookie stehlen und damit im Kontext des Belauschten auf den Nutzerbereich von instagram.com zugreifen. --------------------------------------------- http://www.heise.de/security/meldung/Instagram-App-anfaellig-fuer-Account-H… *** Bugtraq: FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability *** --------------------------------------------- FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/524894 *** Bugtraq: ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities *** --------------------------------------------- ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524892 *** Vuln: OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability *** --------------------------------------------- OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56726 *** Vuln: OpenStack Token Expiration Security Bypass Vulnerability *** --------------------------------------------- OpenStack Token Expiration Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56727 *** Vrublevsky Sues Kaspersky *** --------------------------------------------- The co-founder and owner of ChronoPay, one of Russias largest e-payment providers, is suing Russian security firm Kaspersky Lab, alleging that the latter published defamatory blog posts about him in connection with his ongoing cybercrime trial. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/7qcGBLXbf74/ *** Vuln: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability *** --------------------------------------------- Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56692 *** Bugtraq: SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion *** --------------------------------------------- SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion --------------------------------------------- http://www.securityfocus.com/archive/1/524903 *** Snort-2.9.4 has been released, (Mon, Dec 3rd) *** --------------------------------------------- (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14629&rss *** Vuln: Oracle MySQL acl_get() Buffer Overflow Vulnerability *** --------------------------------------------- Oracle MySQL acl_get() Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56769 *** Bug Hunter Finds Blended Threat Targeting Yahoo Web Site *** --------------------------------------------- "A Romanian bug hunter has discovered a "blended threat" targeting Yahoos Developer Network Web site that allows unauthorized access to Yahoo users emails and private profile data. At a security conference Sunday, Sergiu Dragos Bogdan demonstrated an abbreviated version of an attack using the YQL console on developer. yahoo...." --------------------------------------------- http://threatpost.com/en_us/blogs/bug-hunter-finds-blended-threat-targeting… *** Rumble in the Tumblr: Troll-worm infected thousands of blogs *** --------------------------------------------- Infamous crew unleashed JavaScript nasty on trendy journals A worm spread like wildfire across Tumblr on Monday, defacing pages on the blogging website with an abusive message penned by a notorious trolling crew.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/04/tumblr_java… *** Post aus der Vergangenheit: Security-Fix nach 8 Jahren *** --------------------------------------------- Das Advisory von Januar 2005 war eines von hunderten, ähnlich gearteten dieser Zeit: Eine PHP-Applikation überprüft die Parameter einer Datenbankabfrage nicht und als Resultat kann ein Angreifer mit speziellen URLs beliebige Datenbankbefehle einschleusen. Das besondere an diesem Bug-Report zu PHP Gift Registry: Nach über 7 Jahren hat sich der Autor der Software die Mühe gemacht, dann doch noch zu antworten. --------------------------------------------- http://www.heise.de/security/meldung/Post-aus-der-Vergangenheit-Security-Fi… *** Schnelles Passwort-Knacken bei MySQL *** --------------------------------------------- Der Hacker mit dem Pseudonym KingCope hat erneut eine Sicherheitsproblematik der beliebten MySQL-Datenbank veröffentlicht. Durch eine bereits bekannte Eigenart der Benutzerverwaltung ist es möglich, die Geschwindigkeit einer BruteForce-Attacke signifikant zu erhöhen. Beim sogenannten "Brute Forcing" wird einfach eine Vielzahl möglicher Passwörter durchprobiert, um so das tatsächliche Passwort des angegriffenen Kontos zu erraten. --------------------------------------------- http://www.heise.de/security/meldung/Schnelles-Passwort-Knacken-bei-MySQL-1… *** Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling *** --------------------------------------------- Topic: Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling Risk: Medium Text:Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in /tmp. I... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/6ZYCFcfGM0w/WLB-20…

1 0

Tageszusammenfassung - Montag 3-12-2012
by Daily end-of-shift report 03 Dec '12

03 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 30-11-2012 18:00 − Montag 03-12-2012 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Bugtraq: NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator *** --------------------------------------------- NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator --------------------------------------------- http://www.securityfocus.com/archive/1/524879 *** Schöne Bescherung - Hacker veröffentlicht Exploits für MySQL und SSH *** --------------------------------------------- Der berüchtigte Hacker mit dem Pseudonym KingCope hat offenbar seine Altbestände ausgemistet und zum ersten Advent eine ganze Reihe von Exploits veröffentlicht, die zum Teil schon aus dem Jahr 2011 stammen. Primäres Ziel ist die mittlerweile von Oracle übernommene Open-Source-Datenbank MySQL; aber auch die SSH-Server der Firma SSH und FreeSSHd/FreeFTPd sind akut gefährdet. --------------------------------------------- http://www.heise.de/security/meldung/Schoene-Bescherung-Hacker-veroeffentli… *** The top 25 computing coding errors that lead to 85% of criminal internet activity *** --------------------------------------------- "The list is being hailed as a major breakthrough that should gradually make theInternet much safer. "When consumers see that most vulnerabilities are caused by amere 25 weaknesses, a new standard for due diligence is likely to emerge," saysKonrad Vesey, a member of the National Security Agencys Information AssuranceDirectorate...." --------------------------------------------- http://www.sans.org/top25-software-errors/#s4 *** OurWebFTP 5.3.5 Cross Site Scripting *** --------------------------------------------- Topic: OurWebFTP 5.3.5 Cross Site Scripting Risk: Low Text:HTTPCS Advisory : HTTPCS112 Product : OurWebFTP Version : 5.3.5 Page : /index.php Variables : mwb_control2=Enter&mw... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Z9CTYZ5_rmc/WLB-20… *** Libsyn Cross Site Scripting *** --------------------------------------------- Topic: Libsyn Cross Site Scripting Risk: Low Text:As you can see from my publications for last five years, I like holes which are placed at hundreds or millions of web sites. S... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/xmo2Up5J5oE/WLB-20… *** FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities *** --------------------------------------------- Topic: FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities Risk: Low Text:Title: FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: == 2012-12-01 References: == http://... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/WC5HCX-SaKI/WLB-20… *** Critical infrastructure systems should never have moved online, warn security experts *** --------------------------------------------- "UK businesses linked to critical infrastructure areas have opened themselves up to cyber attacks by prematurely moving key systems online, according to prominent security experts. Co-founder of information security site The Jericho Forum, Paul Simmonds, highlighted the fact that the desire to cut costs by moving systems online has left firms vulnerable to cyber attacks."Im worried were rushing headlong into connecting parts of critical infrastructure items to the internet," ... --------------------------------------------- http://www.v3.co.uk/v3-uk/news/2228538/critical-infrastructure-systems-shou… *** Blogger demonstrieren gewieften Passwortklau *** --------------------------------------------- Mitarbeitern der Firma Neophasis haben herausgefunden, dass mit relativ einfachen Mitteln Passwörter und andere Nutzerdaten per JavaScript-Modifikationen aus Web-Browsern abgegriffen werden können. Dass der Diebstahl über eine oft genutzte Tastenkombination funktioniert, macht die Schwachstelle gefährlich. --------------------------------------------- http://www.heise.de/security/meldung/Blogger-demonstrieren-gewieften-Passwo… *** Opera Web Browser 12.11 WriteAV Vulnerability *** --------------------------------------------- Topic: Opera Web Browser 12.11 WriteAV Vulnerability Risk: Medium Text:Title : Opera Web Browser 12.11 WriteAV Vulnerability Version : 12.11 Build 1661 and 12.12 Date : 2012-12-03 Vend... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bY9KoqQu62A/WLB-20… *** Safety First: That Means Mobile Banking *** --------------------------------------------- "The answer surprises; here is the question: Is it safer to bank using a desktop computer or an app on a mobile phone? The answer is that, all considered, you are vastly safer with that mobile banking app."Fraudsters go after the low-hanging fruit, and that is PC-based banking," said Andreas Baumhof, chief technology officer at ThreatMetrix, in an interview. There is substantially more traffic over online banking channels than there is mobile, and thus the keener interest of ... --------------------------------------------- http://www.themobilityhub.com/author.asp?section_id=2262&doc_id=254931

1 0

Tageszusammenfassung - Freitag 30-11-2012
by Daily end-of-shift report 30 Nov '12

30 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 29-11-2012 18:00 − Freitag 30-11-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Server der Atombehörde IAEA erneut attackiert *** --------------------------------------------- Die Internationale Atombehörde IAEA wurde zum zweiten Mal binnen weniger Tage attackiert. Dabei sollen Hacker geheime Daten gestohlen haben. Über die Herkunft der Hacker ist nichts bekannt, bei den zweiten Angreifern könnte es sich allerdings um Mitglieder von Anonymous handeln. --------------------------------------------- http://futurezone.at/netzpolitik/12741-server-der-atombehoerde-iaea-erneut-… *** Virtualization Security: Protecting Virtualized Environments *** --------------------------------------------- "Virtualization changes the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, and changes in IT architecture and deployment life cycles. Whats more, the technologies, best practices, and strategies used for securing physical environments do not provide sufficient protection for virtual environments...." --------------------------------------------- http://www.net-security.org/secworld.php?id=14030 *** Sprachtwittern für Syrer *** --------------------------------------------- Nachdem Syrien seit Donnerstag nahezu komplett vom Internet abgeschnitten ist haben Google und Twitter den Dienst "speak2tweet" wieder aufgenommen. Der Dienst nimmt Sprachnachrichten unter vier internationalen Rufnummern an, legt sie auf Google-Servern ab und veröffentlicht die Links auf Twitter (siehe da auch #SyriaBlackout). --------------------------------------------- http://www.heise.de/security/meldung/Sprachtwittern-fuer-Syrer-1760015.html… *** Mail hackt Router *** --------------------------------------------- Eine ganze Reihe von Routern von Arcor, Asus und TP-Link sind anfällig für eine ungewollte Fernkonfiguration. Der Sicherheitsforscher Bogdan Calin demonstriert in seinem Blog eindrucksvoll, dass im Netz der Router schon das Anzeigen einer Mail weitreichende Konsequenzen haben kann: Seine speziell präparierte Testmail konfiguriert beim Öffnen den WLAN-Router so um, dass der Internet-Datenverkehr umgeleitet wird. --------------------------------------------- http://www.heise.de/security/meldung/Mail-hackt-Router-1759354.html/from/at… *** Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html, (Fri, Nov 30th) *** --------------------------------------------- (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14599&rss *** Microsoft Security Essentials Loses AV-Test Certificate *** --------------------------------------------- helix2301 writes "Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didnt pass the test to achieve certification. Although that may not sound that impressive, Microsofts program was the only one which didnt receive AV-Tests certificate. For comparison, the other free antivirus software, including Avast, AVG --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/jXCBvPS16VQ/story01.htm *** Hotel-Einbrecher werden zu Arduino-Tüftlern *** --------------------------------------------- Der auf der diesjährigen Hackerkonferenz BlackHat demonstrierte Angriff auf die elektronischen Türschlösser der Marke Onity HT wurde weiter perfektioniert und möglicherweise auch schon von Einbrechern eingesetzt. Inzwischen gibt es im Netz eine Vielzahl detaillierter Anleitungen und Videos über das Aushebeln der Türsperre. --------------------------------------------- http://www.heise.de/security/meldung/Hotel-Einbrecher-werden-zu-Arduino-Tue… *** Crooks inject malicious Java applet into FOREX trading website *** --------------------------------------------- VXers wouldnt give a XXXX for anything else A FOREX trading website has been contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/30/forex_tradi… *** Latest phishing security test shows Chrome is the best, followed by IE10, Safari, and then Firefox *** --------------------------------------------- "Phishing scams are becoming more and more prevalent, but thankfully browser makers have also stepped up their game: the average phishing URL catch rate in the top four browsers has jumped from 46 percent in 2009 to 92 percent in 2012 and the average time it took to block a new phishing URL also improved from 16. 43 hours to 4. 87 hours...." --------------------------------------------- http://thenextweb.com/apps/2012/11/28/latest-phishing-security-test-shows-c…

1 0

Tageszusammenfassung - Donnerstag 29-11-2012
by Daily end-of-shift report 29 Nov '12

29 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 28-11-2012 18:00 − Donnerstag 29-11-2012 18:00 Handler: Robert Waldner Co-Handler: n/a *** New version of wireshark is available (1.8.4), some security fixes included. , (Wed, Nov 28th) *** --------------------------------------------- (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14587&rss *** Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime *** --------------------------------------------- "In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been launched, including stock takings of legal and operational obstacles that prevent collaboration, advice resulting from that, workshops that brought together members of both communities, consultation with members of both communities, etc. It was soon --------------------------------------------- http://www.enisa.europa.eu/activities/cert/support/fight-against-cybercrime… *** Vuln: OpenDNSSEC cURL API Security Bypass Vulnerability *** --------------------------------------------- OpenDNSSEC cURL API Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56679 *** How to Minimize Medical Device Risks - Ethical Hacker Offers Action Items *** --------------------------------------------- "Malware and hackers present potential security threats to wireless medical devices and safety risks to the patients who use them. But healthcare organizations and device manufacturers can take several steps to curtail those risks, says an ethical hacker who has demonstrated the vulnerability of various devices. Barnaby Jack, director of embedded device security at services firm IOActive, recently demonstrated how an implanted wireless heart defibrillator can be hacked from 50 feet away to --------------------------------------------- http://www.healthcareinfosecurity.com/how-to-minimize-medical-device-risks-… *** [webapps] - Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities *** --------------------------------------------- Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/23004 *** Bugtraq: Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability *** --------------------------------------------- Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/524863 *** WhatsApp: Schwere Sicherheitslücke entdeckt *** --------------------------------------------- Über die Handynummer sowie die Seriennummer kann relativ einfach das WhatsApp-Passwort erzeugt und so ein fremder Accounts übernommen werden. Das hat das deutsche Online-Portal heise Security aufgedeckt. Die Entwickler von WhatsApp wollen aber offenbar nichts von der Lücke wissen. --------------------------------------------- http://futurezone.at/produkte/12738-whatsapp-schwere-sicherheitsluecke-entd…

1 0

Tageszusammenfassung - Mittwoch 28-11-2012
by Daily end-of-shift report 28 Nov '12

28 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 27-11-2012 18:00 − Mittwoch 28-11-2012 18:00 Handler: Robert Waldner Co-Handler: n/a *** Java Zero-Day Exploit on Sale for ‘Five Digits’ *** --------------------------------------------- Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracles Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/P9epzhQazQ0/ *** Cooperation is key for Europes cyber security - Conclusion of ENISA Brussels event *** --------------------------------------------- "A high-level event organised by Europes cyber security agency, ENISA, recognised closer cyber cooperation and mutual support as key factors for boosting cyber security for Europes citizens, governments and businesses. The meeting, held today (27th November) in Brussels, was led by ENISAs Executive Director, Professor Udo Helmbrecht, and brought together key figures from the European Parliament, European Commission and the computer industry. Participants included Ms Amelia Andersdotter, --------------------------------------------- http://mb.cision.com/Main/119/9341197/71035.pdf *** Sysadmin creates tool to scour web for hacked data *** --------------------------------------------- "A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards. Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin. Or it could scour Stack Exchange for intellectual property code --------------------------------------------- http://www.itnews.com.au/News/324176,sysadmin-creates-tool-to-scour-web-for… *** Vuln: Tor Remote Denial of Service Vulnerability *** --------------------------------------------- Tor Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56675 *** Yahoo zero day exploit goes on sale for $700 *** --------------------------------------------- "A hacker has begun selling what they claim is a zero-day exploit that will let criminals hijack control of Yahoo Mail users accounts. The hacker, who goes by the moniker TheHell, posted a video marketing a $700 exploit kit on the secretive Darkode cybercrime market on Monday. The video was later spotted and re-posted onto YouTube by security blogger Brian Krebs."Im selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers...." --------------------------------------------- http://www.v3.co.uk/v3-uk/news/2227722/yahoo-zero-day-exploit-goes-on-sale-… *** DNS servers filled with wrong Kool-Aid, big names waylaid in Romania *** --------------------------------------------- Microsoft, Yahoo!, Google, PayPal all graffitid A hacker today redirected web surfers looking for Yahoo, Microsoft or Google to a page showing a TV test card by apparently poisoning Googles public DNS system.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/28/google_roma…

1 0

Tageszusammenfassung - Dienstag 27-11-2012
by Daily end-of-shift report 27 Nov '12

27 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 26-11-2012 18:00 − Dienstag 27-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Call for Entries: RSA Conference 2013 Innovation Sandbox *** --------------------------------------------- "RSA Conference (www. rsaconference. com), the worlds leading information security conferences and expositions, today announced its annual Innovation Sandbox program has opened a call for submissions to name the Most Innovative Company at RSA Conference 2013...." --------------------------------------------- http://www.virtual-strategy.com/2012/11/26/call-entries-rsa%C2%AE-conferenc… *** Hintertür in Traffic-Analyse-Software Piwik *** --------------------------------------------- Über eine nachträglich eingefügte Hintertür in der Web-Server-Analyse-Software Piwik können Angreifer die volle Kontrolle über das System erlangen. Wer Piwik in den vergangenen Wochen vom Server des Open-Source-Projekts geladen und installiert hat, sollte seine Server sofort überprüfen. --------------------------------------------- http://www.heise.de/security/meldung/Hintertuer-in-Traffic-Analyse-Software… *** CyberCity allows government hackers to train for attacks *** --------------------------------------------- "CyberCity has all the makings of a regular town. Theres a bank, a hospital and a power plant. A train station operates near a water tower...." --------------------------------------------- http://www.washingtonpost.com/investigations/cybercity-allows-government-ha… *** Go Daddy Resets Passwords of Customers Whose Sites Are Used to Spread Malware *** --------------------------------------------- "Last week, researchers found that cybercriminals were altering the DNS records of Go Daddy websites in an effort to redirect their visitors to their own malware-spreading domains. Go Daddy reveals that the attackers compromised the accounts by phishing out the affected customers credentials. Go Daddy representatives have told The Next Web that theyve begun identifying the affected accounts...." --------------------------------------------- http://news.softpedia.com/news/Go-Daddy-Resets-Passwords-of-Customers-Whose… *** Yahoo! email! hijack! exploit!... Yours! for! $700! *** --------------------------------------------- Cybercrook: Its a bargain, guys... They usually cost way more A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts, according to a hacker who is offering to sell an alleged zero-day vulnerability exploit for $700.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/27/yahoo_email… *** Samsung-Netzwerkdrucker mit Hintertür *** --------------------------------------------- Das US-CERT warnt vor einem fest einprogrammierten Administrator-Account in Samsung-Druckern, der die volle Kontrolle über die Geräte ermöglicht. --------------------------------------------- http://www.heise.de/security/meldung/Samsung-Netzwerkdrucker-mit-Hintertuer…

1 0

Tageszusammenfassung - Montag 26-11-2012
by Daily end-of-shift report 26 Nov '12

26 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 23-11-2012 18:00 − Montag 26-11-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Mystery Chrome 0-day exploit to be unveiled in India on Saturday *** --------------------------------------------- I dont want $60k, I want FAME? A Georgian security researcher is due to present details of an unpatched vulnerability in Googles Chrome browser at the Malcon security conference in India over the weekend. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/23/mystery_chr… *** eBay schließt kritische Sicherheitslöcher *** --------------------------------------------- Das Online-Auktionshaus hat unter anderem eine Lücke geschlossen, durch die man lesend und schreibend auf eine seiner Datenbanken zugreifen konnte. --------------------------------------------- http://www.heise.de/security/meldung/eBay-schliesst-kritische-Sicherheitslo… *** Dreamhost Breached, Server & client information leaked *** --------------------------------------------- A pastebin user using the handle Syst3mswt has posted a a dump of server information which appears to come from the well known and popular web hosting service Dream Host (http://www.dreamhost.com). --------------------------------------------- http://www.cyberwarnews.info/2012/11/24/dreamhost-breached-server-client-in… *** Digitally signed ransomware lurking in the wild *** --------------------------------------------- "Trend Micro researchers have spotted two ransomware variants bearing the same (probably stolen) digital signature in order to fool users into running the files. Other than that, the malware acts like any other ransomware: it blocks the victims computer and shows messages that seem to come either from the FBI or the UKs Police Central e-crime Unit:"Users may encounter these files by visiting malicious sites or sites exploiting a Java vulnerability," say the researchers...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2331 *** Symantec Warns of New Malware Targeting SQL Databases *** --------------------------------------------- "Symantec is warning of a new bit of malware that appears to be modifying corporate databases, particularly in the Middle East, though its showing up elsewhere in the world too. W32. Narilam, first discovered Nov. 15, follows a similar pattern of other worms by copying itself onto infected machines, adding registry keys and propogating through removable drives and network shares...." --------------------------------------------- http://threatpost.com/en_us/blogs/symantec-warns-new-malware-targeting-sql-… *** Google.com.pk and 284 Other .PK Domains Hacked *** --------------------------------------------- ryzvonusef writes with news that hackers have taken down the local Pakistan versions of many popular websites, including google.com.pk, apple.pk, microsoft.pk and yahoo.pk. 284 sites were affected in total. Many of the sites were defaced, and a group called Eboz is taking credit for the hack. According to TechCrunch, "The root of today's attack, it seems, came via a breach of Pakistan's TLD operator, PKNIC, which administers and registers all .pk domains. Looking at affected --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/iiSda5ExrUk/story01.htm *** New Cyber Security challenges take on Stuxnet and Malware *** --------------------------------------------- "The Cyber Security Challenge UK has launched four new cyber challenges for budding information security experts. Professional teams from Orange, Prodrive, (ISC)2, the SANS Institute, QiniteQ and Sophos will be testing over 100 amatuer cyber defenders who will qualify via the first-round virtual contest. The challengers will have the opportunity to compete in one of four competitions:The Orange and Prodrive Risk Analysis Candidates will have to develop a complex security architecture to --------------------------------------------- http://www.info4security.com/story.asp?sectioncode=9&storycode=4129799&c=1 *** 1-15 November 2012 Cyber Attacks Statistics *** --------------------------------------------- "This November 2012 seems really to be endless from an Information Security Perspective. We have assisted so far to a remarkable number of Cyber Attacks. As usual is it time to provide the partial snapshot of November taken from the corresponding Cyber Attack Timeline and covering the first half of the month...." --------------------------------------------- http://hackmageddon.com/2012/11/23/1-15-november-2012-cyber-attacks-statist… *** EU plant Meldepflicht für Cyber-Attacken *** --------------------------------------------- Zum besseren Schutz vor Cyber-Attacken denkt die EU auch über eine Meldepflicht von Cyberattacken für Unternehmen nach. "Ich bin ein großer Befürworter von Selbstregulierung, aber in diesem Fall fürchte ich, dass wir damit nicht weiterkommen", sagte die für die Digitale Agenda zuständige EU-Kommissarin Neelie Kroes der Süddeutschen Zeitung. --------------------------------------------- http://www.heise.de/newsticker/meldung/EU-plant-Meldepflicht-fuer-Cyber-Att… *** Phishing-Mail bittet um fotografierte TAN-Liste *** --------------------------------------------- Die Ideen gehen den Phishern nicht aus: Eine neue Phishing-Mail bittet Kunden der Deutschen Bank AG, ihre TAN-Liste zu fotografieren oder einzuscannen und über eine präparierte Seite hochzuladen. --------------------------------------------- http://www.heise.de/security/meldung/Phishing-Mail-bittet-um-fotografierte-… *** Websense Proxy Filter Bypass *** --------------------------------------------- Topic: Websense Proxy Filter Bypass Risk: Low Text:Websense Proxy Filter Bypass 1. Advisory Information Date published: 2012-11-25 Vendors contacted: Websense Release mo... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/OpLiRLavk6Y/WLB-20… *** Vuln: ModSecurity POST Parameters Security Bypass Vulnerability *** --------------------------------------------- ModSecurity POST Parameters Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56096

1 0

Tageszusammenfassung - Freitag 23-11-2012
by Daily end-of-shift report 23 Nov '12

23 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 22-11-2012 18:00 − Freitag 23-11-2012 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** PASSTEAL Malware Lurking on File Sharing Sites *** --------------------------------------------- "Variants of the PASSTEAL malware are propagating by masquerading as key generators for paid applications, popular e-books, and other software on file sharing services, according Alvin John Nieto, a threat response engineer at TrendMicros TrendLabs. PASSTEAL, as its name suggests, is a piece of malware that uses various password recovery tools to steal passwords stored in the browsers of its victims. Nieto claims PASSTEAL is novel in its deviation from keyloggers that simply log... --------------------------------------------- http://threatpost.com/en_us/blogs/passteal-malware-lurking-file-sharing-sit… *** Infographic of the week: Why ignoring information security is lethal *** --------------------------------------------- "Infographic of the week: Why ignoring information security is lethal...." --------------------------------------------- http://www.londonlovesbusiness.com/3978.article *** New report by EU Agency ENISA on digital trap honeypots to detect cyber-attacks creates a buzz *** --------------------------------------------- "The EU cyber security Agency ENISA is launching an in-depth study on 30 different digital traps or honeypots that can be used by Computer Emergency Response Teams (CERT)s and National/Government CERTs to proactively detect cyber-attacks. The study reveals barriers to understanding basic honeypot concepts and presents recommendations on which honeypot to use. An increasing number of complex cyber-attacks demand better early warning detection capabilities for CERTs...." --------------------------------------------- http://www.cisionwire.com/enisa---european-network-and-information-security… *** Netherlands - One in Five pay Police Virus ransom - Free tool to fix available *** --------------------------------------------- "Comment Bricade: one of the Bricade Research Analysts, Arjen de Landgraaf, is also on this Dutch Zembla television program, where he is commenting on the new Gozi Prinimalka banking trojan, amongst others. Translated Article:According to the Dutch Team High Tech Crime (THTC) of the KLPD, one in five victims of the police ransomware scam is actually paying the 100 Euros ransom. Team Leader Pim Takkenberg says (Zembla, tonight on Dutch television, 21...." --------------------------------------------- http://copsincyberspace.wordpress.com/2012/11/23/een-op-vijf-slachtoffers-b… *** Wurm manipuliert Datenbanken im Iran *** --------------------------------------------- Das Sicherheitsunternehmen Symantec hat einen spezialisierten Wurm namens W32.Narilam entdeckt, der SQL-Datenbanken kompromittieren kann. Wie Symantec schreibt, "spricht" die Schadsoftware Persisch und Arabisch und scheint sich vor allem gegen Unternehmen im Iran zu richten. --------------------------------------------- http://www.heise.de/security/meldung/Wurm-manipuliert-Datenbanken-im-Iran-1… *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-12:07.hostapd *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-12:07.hostapd --------------------------------------------- http://www.securityfocus.com/archive/1/524811 *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-12:06.bind *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-12:06.bind --------------------------------------------- http://www.securityfocus.com/archive/1/524810 *** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-12:08.linux *** --------------------------------------------- FreeBSD Security Advisory FreeBSD-SA-12:08.linux --------------------------------------------- http://www.securityfocus.com/archive/1/524813

1 0

Tageszusammenfassung - Donnerstag 22-11-2012
by Daily end-of-shift report 22 Nov '12

22 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 21-11-2012 18:00 − Donnerstag 22-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Researcher Claims To Have Chrome Zero-Day, Google Says "Prove It" *** --------------------------------------------- chicksdaddy writes "Googles been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isnt interested in selling it, eyebrows get raised. And thats just whats happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Rd8KcBlxVgQ/story01.htm *** Vuln: NetIQ Privileged User Manager ldapagnt_eval() Remote Code Execution Vulnerability *** --------------------------------------------- NetIQ Privileged User Manager ldapagnt_eval() Remote Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56539 *** Bug-Jäger entdeckt SCADA-Lücken – und verkauft sie *** --------------------------------------------- Der Schwachstellen-Händler ReVuln rührt weiter die Werbetrommeln und hat ein Video veröffentlicht, das Sicherheitslücken in weit verbreiteten SCADA-Industriesteueranlagen zeigen soll. Insgesamt will das Unternehmen neun Zero-Day-Lücken in SCADA-Produkten von Eaton, General Electric, Kaskad, Rockwell Automation, Schneider Electric und Siemens gefunden haben. Welche Produkte im einzelnen lückenhaft sind, gab ReVuln jedoch nicht an. --------------------------------------------- http://www.heise.de/security/meldung/Bug-Jaeger-entdeckt-SCADA-Luecken-und-… *** lighttpd 1.4.31 DOS POC *** --------------------------------------------- Topic: lighttpd 1.4.31 DOS POC Risk: High Text:#!/bin/bash # simple lighttpd 1.4.31 DOS POC # CVE-2012-5533 # http://www.lighttpd.net/2012/11/21/1-4-32/ # http://download... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/oPnZGgMtSWc/WLB-20…

1 0

Tageszusammenfassung - Mittwoch 21-11-2012
by Daily end-of-shift report 21 Nov '12

21 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 20-11-2012 18:00 − Mittwoch 21-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Hosting Provider Automatically Fixes Vulnerabilities In Customers Websites *** --------------------------------------------- An anonymous reader writes "Dutch hosting provider Antagonist announced their in-house developed technology that automatically detects and fixes vulnerabilities in their customers websites. The service is aimed at popular software such as WordPress, Drupal and Joomla. As soon as a vulnerability is detected, we inform the customer. We also explain how the customer can resolve the issue. In case the customer does not respond to our first notice within the next two weeks, we automatically --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VJkhR6QbCeA/story01.htm *** PGP Zimmermann teams with Navy SEALs, SAS techies in London *** --------------------------------------------- Offers Silent Phone crypto to biz, aid workers Encryption guru Phil Zimmermann is going after security conscious users with his new venture Silent Circle, a security start-up offering ultra-secure VoIP and texting services.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/21/silent_circ… *** Vuln: Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability *** --------------------------------------------- Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56484 *** Profi-Banking-Trojaner unterstützt SEPA-Überweisungen *** --------------------------------------------- Cyber-Ganoven versuchen Geld von den Konten deutscher Online-Banking-Kunden über SEPA-Transaktionen abzubuchen, wie die zu Intel gehörende Sicherheitsfirma McAfee berichtet. Durch SEPA werden Transaktionen innerhalb der EU unkomplizierter, da nicht mehr zwischen inländischen und grenzüberschreitenden Vorgängen unterschieden wird. --------------------------------------------- http://www.heise.de/security/meldung/Profi-Banking-Trojaner-unterstuetzt-SE… *** HTTP Strict Transport Security als Internet-Standard *** --------------------------------------------- Die Internet Engineering Task Force (IETF) hat die HTTPS-Sicherung HTTP Strict Transport Security (HSTS) als Internet-Standard im RFC 6797 veröffentlicht. Mit HSTS können einerseits (HTTP-)Server vorgeben, dass man die angebotenen Dienste ausschließlich über sichere, etwa per TLS verschlüsselte Verbindungen erreicht. Andererseits zwingt HSTS auch Anwendungsprogramme (User Agents) dazu, die Kommunikation mit Websites nur über verschlüsselte Verbindungen abzuwickeln. --------------------------------------------- http://www.heise.de/security/meldung/HTTP-Strict-Transport-Security-als-Int… *** Bugtraq: ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities *** --------------------------------------------- ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524794

1 0

Tageszusammenfassung - Dienstag 20-11-2012
by Daily end-of-shift report 20 Nov '12

20 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 19-11-2012 18:00 − Dienstag 20-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Bugtraq: CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers *** --------------------------------------------- CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers --------------------------------------------- http://www.securityfocus.com/archive/1/524767 *** Hotfix für ColdFusion 10 *** --------------------------------------------- Das Update schließt eine DoS-Lücke in der Windows-Version von Adobes Anwendungsserver. --------------------------------------------- http://www.heise.de/security/meldung/Hotfix-fuer-ColdFusion-10-1752975.html… *** Vuln: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities *** --------------------------------------------- Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56581 *** An Android Malware Analysis: DroidKungFu *** --------------------------------------------- "Few users are aware of how Android malware works. Few understand their complexity or the amount of data they can pillage from handsets. As such, we decided to come up with a short series of articles to take apart some of the most common and potentially dangerous Android malware strands that wreak havoc on smartphones...." --------------------------------------------- http://www.hotforsecurity.com/blog/an-android-malware-analysis-droidkungfu-… *** Nintendo fixes Wii U network after claims of accidental hack *** --------------------------------------------- "Just hours after the US launch of Nintendos latest game console, the Wii U, a video game fan claims that he accidentally "hacked" into the consoles online component - the Miiverse. A Wii U user called "Trike" posted on NeoGAF that he had stumbled across a secret debug menu in the Miiverse that gave him access to a Japanese language list of administrators, with seemingly the ability to regenerate passwords and delete the access rights of admins."At first it asked... --------------------------------------------- http://nakedsecurity.sophos.com/2012/11/19/nintendos-wii-u-network-hack/ *** Malware made which can share a smartcard over the internet *** --------------------------------------------- Use a bank or ID card as though you had it with you Security researchers have developed proof-of-concept malware that allows attackers to obtain remote access to smart card readers attached to compromised Windows PCs.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/20/smart_card_… *** Raiffeisen Introduces PhotoTAN to Protect Customer Transactions Against Malware *** --------------------------------------------- "European banks, which are said to have implemented far more advanced security mechanisms to protect their customers than the ones from the US, are trying to live up to their reputation. Swiss bank Raiffeisen has introduced a new security feature that relies on Crontos Visual Transaction Signing Solution. Available for customers in Switzerland starting today, the CrontoSign is designed to protect online transactions against cyberattacks that rely on clever information-stealing Trojans such... --------------------------------------------- http://news.softpedia.com/news/Raiffeisen-Introduces-PhotoTAN-to-Protect-Cu… *** WhatsApp stopft Sicherheitsloch – und verlangt Abo-Gebühren *** --------------------------------------------- Der Betreiber der beliebten SMS-Alternative WhatsApp hat heimlich Änderungen an seinem Dienst vorgenommen, um eine seit längerer Zeit bekannte Schwachstelle zu stopfen. Auf viele Nutzer wartete jedoch gleich die nächste böse Überraschung: Die WhatsApp-Nutzung kostet auf den meisten Smartphone-Plattformen ab sofort Geld. --------------------------------------------- http://www.heise.de/security/meldung/WhatsApp-stopft-Sicherheitsloch-und-ve… *** Bugtraq: OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures *** --------------------------------------------- OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures --------------------------------------------- http://www.securityfocus.com/archive/1/524779 *** Bugtraq: SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities *** --------------------------------------------- SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524777

1 0

Tageszusammenfassung - Montag 19-11-2012
by Daily end-of-shift report 19 Nov '12

19 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 16-11-2012 18:00 − Montag 19-11-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Bugtraq: [SE-2012-01] Security vulnerabilities in Java SE (details released) *** --------------------------------------------- [SE-2012-01] Security vulnerabilities in Java SE (details released) --------------------------------------------- http://www.securityfocus.com/archive/1/524746 *** Bugtraq: DC4420 - London DEFCON - November meet - Tuesday 20th November *** --------------------------------------------- DC4420 - London DEFCON - November meet - Tuesday 20th November --------------------------------------------- http://www.securityfocus.com/archive/1/524745 *** Stealing VM Keys from the Hardware Cache *** --------------------------------------------- "This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the... --------------------------------------------- http://www.schneier.com/blog/archives/2012/11/stealing_vm_key.html *** Whats stopping your company from implementing full disk encryption? *** --------------------------------------------- "You may have heard about the stolen NASA laptop, with its large amount of personally identifiable information of at least 10,000 NASA employees and contractors. The surprising question here, of course, has to do with the glaring absence of encryption. NASA says that that the laptop in question is scheduled to get encryption, though it would seem that not all laptops will get the same treatment...." --------------------------------------------- http://www.fiercecio.com/techwatch/story/whats-stopping-your-company-implem… *** perl-CGI Newline injection in Set-Cookie and P3P headers *** --------------------------------------------- Topic: perl-CGI Newline injection in Set-Cookie and P3P headers Risk: Low Text:header() can generate Set-Cookie and P3P headers which contain invalid newlines. use CGI qw/header/; print header( -c... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/CF3xwRXWBfs/WLB-20… *** NFR Agent FSFUI Record File Upload RCE *** --------------------------------------------- Topic: NFR Agent FSFUI Record File Upload RCE Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zr0GNt7G1z0/WLB-20… *** FreeBSD Project Discloses Security Breach Via Stolen SSH Key *** --------------------------------------------- An anonymous reader writes "Following recent compromises of the Linux kernel.org and Sourceforge, the FreeBSD Project is now reporting that several machines have been broken into. After a brief outage, ftp.FreeBSD.org and other services appear to be back. The project announcement states that some deprecated services (e.g., cvsup) may be removed rather than restored. Users are advised to check for packages downloaded between certain dates and replace them, although not because known trojans... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KpcXI-S6fFw/freebsd-project… *** Hackers Hate MVIS Security Center - the New WordPress Security Plugin *** --------------------------------------------- "SEC Consult launches the beta phase of MVIS Security Center, an enterprise-grade security plugin for WordPress, the worlds most widely used content management system (CMS). WordPress attracts millions of users from around the world, and these users are facing increasing attacks from hackers. Even more alarming, these attacks occur on all types of websites, big or small which makes security an indispensable part of creating websites...." --------------------------------------------- http://news.yahoo.com/hackers-hate-mvis-security-center-wordpress-security-… *** Trojaner benutzt Google Docs als Kommunikationskanal *** --------------------------------------------- Ein neue entdeckter Trojaner verwendet die Viewer-Funktion von Googles Office-Anwendung, um Verbindung mit seinem Kontrollrechner aufzunehmen. Google könnte das mit einer Firewall unterbinden. --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-benutzt-Google-Docs-als-Kommu… *** Why smart people do dumb things online *** --------------------------------------------- "David Petraeus is probably the last person you might have expected to wreck his career with an email scandal. Petraeus is smart: He graduated in the top five percent of his class at West Point and went on to earn a Ph.D. Petraeus has self-control: His self-discipline was " legendary," according to Time Magazine...." --------------------------------------------- http://computerworld.co.nz/news.nsf/news/why-smart-people-do-dumb-things-on… *** Active XSS flaw discovered on eBay *** --------------------------------------------- "According to XSSed, Indian security researcher Shubham Upadhyay has discovered an active XSS flaw affecting Ebay. com. The potential attacker would need an Ebay seller account, where he would put XSS code into the HTML...." --------------------------------------------- http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/ *** German Police Warn Mobile Phone Users of ZeuS Malware *** --------------------------------------------- "Germanys Berlin Police Department has issued a warning after numerous bank customers have reported fraudulent cash withdrawals. All the victims own Android smartphones and they all rely on mTAN (mobile transaction authentication numbers) when performing banking transactions. F-Secure experts reveal that the malware involved in these incidents is most likely the mobile version of ZeuS, also known as ZeuS-in-the-Mobile or Zitmo...." --------------------------------------------- http://news.softpedia.com/news/German-Police-Warns-Mobile-Phone-Users-of-Ze… *** How Malware survives to Malware detection mechanisms *** --------------------------------------------- Today I'd like to share some basic techniques that Malware(s) use to protect themselves from being detected. Some of the most used approaches to detect Maware could be described as follows: 1. Virtualize the environment in where Malware(s) run. 2. Attach a debugger to Malware processes and 3. Sandbox the execution of the analyzed Malware. It comes straight forward that Malware writers need new techniques to... --------------------------------------------- http://marcoramilli.blogspot.nl/2012/11/how-malware-survives-to-malware.html *** Vuln: IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56583 *** Vuln: Moodle Multiple Security Vulnerabilities *** --------------------------------------------- Moodle Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56505

1 0

Tageszusammenfassung - Freitag 16-11-2012
by Daily end-of-shift report 16 Nov '12

16 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 15-11-2012 18:00 − Freitag 16-11-2012 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Google Chrome mit Sandbox für OS X *** --------------------------------------------- Google Chrome sperrt das Flash-Plug-in mit dem aktuellen Stable-Release 23 auch unter OS X in eine Sandbox, wie die Entwickler in ihrem Blog berichten. --------------------------------------------- http://www.heise.de/security/meldung/Google-Chrome-mit-Sandbox-fuer-OS-X-17… *** Antivirus startup linked to infamous Chinese hacker *** --------------------------------------------- "Anvisoft, a Chinese antivirus startup, has been linked to an infamous hacker suspected of developing sophisticated malware used to siphon sensitive information from Defense Department contractors in 2006. Through some high-tech sleuthing on the Web, Brian Krebs, author of the KrebsonSecurity blog, found Anvisoft-connected IP addresses connected Anvisoft to registered to "tandailin" in Gaoxingu, China. Tan Dailin, a.k.a. Withered Rose, was the subject of Verisigns 2007 iDefense --------------------------------------------- http://www.csoonline.com/article/721678/antivirus-startup-linked-to-infamou… *** Proof-of-concept malware can share USB smart card readers with attackers over Internet *** --------------------------------------------- "A team of researchers have created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer over the Internet. The malware installs a special driver on the infected computer which allows for the USB devices connected to it to be shared over the Internet with the attackers computer. In the case of USB smart card readers, the attacker can use the middleware software provided by the smart card manufacturer to --------------------------------------------- http://www.cio.com.au/article/442216/proof-of-concept_malware_can_share_usb… *** Password Reset Zero-Day Reported to Skype Since October (Updated) *** --------------------------------------------- "The details of a zero-day vulnerability that allows attackers to change the password of any Skype user have been posted on a Russian hacking forum. A similar security hole was identified by Vulnerability Lab researchers and it was reported to Skype at the beginning of October. The Next Web, which was the first to publicly reveal the existence of the flaw, reports that its details have been posted on the forum some two months ago...." --------------------------------------------- http://news.softpedia.com/news/Skype-Password-Reset-Zero-Day-Reported-to-Sk… *** Trojan.Gapz.1 infecting Windows in a new manner *** --------------------------------------------- November 12, 2012 The anti-virus lab of Doctor Web - the Russian IT security vendor - has been informed of another piece of bootkit malware that is capable of concealing itself in an infected system. This application, added into virus databases under the name Trojan.Gapz.1, employs fairly interesting mechanisms to infect user computers. One of the rootkit´s purposes in an infected PC is to create an environment for loading its core modules which feature various functions. --------------------------------------------- http://news.drweb.com/show/?i=2979&lng=en&c=9 *** How to report a computer crime: SQL injection website attack *** --------------------------------------------- "Do you know how to report a computer crime? Or even who you would report it to? So far, weve looked at unauthorised email account access and malware in our series of articles on how to report a computer crime...." --------------------------------------------- http://nakedsecurity.sophos.com/2012/11/15/computer-crime-sql-injection/ *** [papers] - Guidelines for Pentesting a Joomla Based Site *** --------------------------------------------- Guidelines for Pentesting a Joomla Based Site --------------------------------------------- http://www.exploit-db.com/download_pdf/22763 *** VMware security updates for vSphere API and ESX Service Console *** --------------------------------------------- VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2012-0016.html

1 0

Tageszusammenfassung - Donnerstag 15-11-2012
by Daily end-of-shift report 15 Nov '12

15 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 14-11-2012 18:00 − Donnerstag 15-11-2012 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Battery-Powered Transmitter Could Crash A Citys 4G Network *** --------------------------------------------- DavidGilbert99 writes "With a £400 transmitter, a laptop and a little knowledge you could bring down an entire citys high-speed 4G network. This information comes from research carried out in the U.S. into the possibility of using LTE networks as the basis for a next-generation emergency response communications system. Jeff Reed, director of the wireless research group at Virginia Tech, along with research assistant Marc Lichtman, described the vulnerabilities to the National --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RXIyRXl8838/story01.htm *** Hacker Grabs 150k Adobe User Accounts Via SQL Injection *** --------------------------------------------- CowboyRobot writes "Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do, he --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xRkFposRNps/story01.htm *** Free hacking tool kits fuel cyber arms race *** --------------------------------------------- "Ryan Linns hacks into corporate networks have become almost a matter of routine. On one recent morning, he woke up at his home near the Research Triangle in eastern North Carolina and walked down to an extra bedroom that he uses as an office. He sat at a workbench laden with computers, signed on to one of them and loaded a program called Metasploit...." --------------------------------------------- http://www.smh.com.au/it-pro/security-it/free-hacking-tool-kits-fuel-cyber-… *** Top 25 passwords of 2012 revealed *** --------------------------------------------- "Just under a year ago we published a blog about the most popular passwords on the web as announced by security app company SplashData. The ranking is based on password information from compromised accounts posted by hackers online. This year, the list is back!..." --------------------------------------------- http://blogs.avg.com/consumer/top-25-passwords-2012-revealed/?utm_source=AV… *** Obama segnet angeblich Direktive zur Cyber-Sicherheit ab *** --------------------------------------------- US-Präsident Obama hat vor einigen Wochen eine geheime Anweisung unterzeichnet, die die Operationen der USA im Cyberspace neu regeln soll. Das berichtete die Washington Post und beruft sich auf mehrere Quellen, die sich jedoch nicht öffentlich dazu äußern dürften. --------------------------------------------- http://www.heise.de/security/meldung/Obama-segnet-angeblich-Direktive-zur-C… *** NASA To Encrypt All of Its Laptops *** --------------------------------------------- pev writes "After losing another laptop containing personal information, NASA wants to have all of its laptops encrypted within a months time with an intermediate ban of laptops containing sensitive information leaving its facilities. Between April 2009 and April 2011 it lost or had stolen 48 mobile computing devices. I wonder how it will be before other large organisations start following suit as a sensible precaution?" Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/vvQZvrqrp34/story01.htm *** Opera site served Blackhole malvertising, says antivirus firm *** --------------------------------------------- No need to issue a press release, firm tells press Opera has suspended ad-serving on its portal as a precaution while it investigates reports that surfers were being exposed to malware simply by visiting the Norwegian browser firms home page. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/15/opera_black… *** Sicherheitsupdate für Mac Office 2008 und 2011 *** --------------------------------------------- Microsoft hat in der Nacht zum Donnerstag für zwei Versionen seines Büropakets größere Aktualisierungen online gestellt. Laut Aussage des Konzerns beheben das Office 2008 for Mac 12.3.5 Update sowie Office for Mac 2011 14.2.5 signifikante Sicherheitslücken. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-Mac-Office-2008… *** Bugzilla Informartion Leak & Cross Site Scripting *** --------------------------------------------- Topic: Bugzilla Informartion Leak & Cross Site Scripting Risk: Medium Text:Summary = Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following securit... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/IoQFDSoFWoc/WLB-20…

1 0

Tageszusammenfassung - Mittwoch 14-11-2012
by Daily end-of-shift report 14 Nov '12

14 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 13-11-2012 18:00 − Mittwoch 14-11-2012 18:21 Handler: Matthias Fraidl Co-Handler: Christian Wojner *** Skype Disables Password Resets After Huge Security Hole Discovered *** --------------------------------------------- another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)" concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XnPnK6MWZdY/story01.htm *** Wichtige Updates für alle Windows-Nutzer *** --------------------------------------------- An seinem November-Patchday hat Microsoft kritische Lücken in allen noch unterstützen Windows-Versionen geschlossen - von Windows XP SP3 bis hin zu dem gerade erst veröffentlichten Windows 8. --------------------------------------------- http://www.heise.de/security/meldung/Wichtige-Updates-fuer-alle-Windows-Nut… *** Lockheed Martin: dramatischer Anstieg von Cyber-Angriffen *** --------------------------------------------- Die Anzahl der Attacken auf das Firmennetzwerk des US-Rüstungskonzerns Lockheed Martin haben sich in den letzten Jahren deutlich verstärkt. Das erklärte die Lockheed-Vizepräsidentin Chandra McMahon, wie die BBC berichtete. --------------------------------------------- http://www.heise.de/security/meldung/Lockheed-Martin-dramatischer-Anstieg-v… *** Trojan Horses, Malware and Other Cyber Attack Tools are Just a Click Away *** --------------------------------------------- "Ryan Linns hacks into corporate networks have become almost a matter of routine. On one recent morning, he woke up at his home near the Research Triangle in eastern North Carolina and walked down to an extra bedroom that he uses as an office. He sat at a workbench laden with computers, signed on to one of them and loaded a program called Metasploit...." --------------------------------------------- http://www.oregonlive.com/newsflash/index.ssf/story/trojan-horses-malware-a… *** Online-Banking-Trojaner mit Android-Komplizen *** --------------------------------------------- Online-Ganoven versuchen offenbar verstärkt auch die Smartphones von Online-Banking-Nutzern zu infizieren, um mTans abzugreifen. Bei der Berliner Polizei sind "in den letzten Wochen" mehrere Strafanzeigen von Opfern betrügerischer Geldabbuchungen eingegangen, bei denen die Smartphones der Opfer eine entscheidende Rolle spielten. --------------------------------------------- http://www.heise.de/security/meldung/Online-Banking-Trojaner-mit-Android-Ko… *** Windows 8 security is like a swiss cheese flak jacket - sez AV firm *** --------------------------------------------- "The knives are out for Windows Defender, the basic anti-malware protection bundled with Windows 8: makers of rival antivirus products are lining up to criticise Microsofts efforts to secure its operating system. Windows 8 can be infected by 16 percent of the most common malware families, even with Windows Defender activated, according to tests by Romanian antivirus vendor Bitdefender. The latest version of Microsofts OS was compromised by 61 of 385 malware samples flung at it by --------------------------------------------- http://www.theregister.co.uk/2012/11/13/win_defender_inadequate/

1 0

Tageszusammenfassung - Dienstag 13-11-2012
by Daily end-of-shift report 13 Nov '12

13 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 12-11-2012 18:00 − Dienstag 13-11-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stefan Lenzhofer *** Ruby-Update behebt DoS-Lücke *** --------------------------------------------- Die Entwickler der Programmiersprache Ruby schließen mit Version 1.9.3-p327 eine Schwachstelle, die es Angreifern erlaubt, ein System durch hohe CPU-Last lahm zu legen (Denial of Service, DoS). Der Fehler tritt beim Verarbeiten speziell präparierter Zeichenketten durch die Hash-Funktion MurmurHash auf. --------------------------------------------- http://www.heise.de/security/meldung/Ruby-Update-behebt-DoS-Luecke-1748451.… *** Cybercriminals start spamvertising Xmas themed scams and malware campaigns *** --------------------------------------------- "Security researchers from Symantec are warning about a recently intercepted flood of Xmas themed malicious and fraudulent campaigns. Isn't it too early for such type of campaigns to be launched, or are the spammers behind these campaigns relying on a different set of marketing tactics? The campaign is a great example of a flawed event-based social engineering attempt...." --------------------------------------------- http://www.zdnet.com/cybercriminals-start-spamvertising-xmas-themed-scams-a… *** Firefox users slowest to update browser, Kaspersky Lab finds out *** --------------------------------------------- "Nearly one in four PC users run out-of-date or obsolete versions of the most popular browsers for a month or longer with Mozilla Firefox users the slowest to update their software, Kaspersky Lab has found. The company looked at the browsers installed on a random 10-million sample of its antivirus user base, finding that Internet Explorer was marginally the most common default browser on 37,8 percent of users...." --------------------------------------------- http://news.techworld.com/security/3410386/firefox-users-slowest-update-bro… *** First Windows 8 and Windows RT Security Updates Due Next Week *** --------------------------------------------- "Plenty is happening on the Microsoft patch management front. First, Adobe agreed to sync up its patch release cycles with Microsofts on the second Tuesday of every month, moving away from quarterly releases. And now on Tuesday, Microsoft will release its first security updates since the release of Windows 8...." --------------------------------------------- http://threatpost.com/en_us/blogs/first-windows-8-and-windows-rt-security-u… *** New report warns of SCADA CYBERGEDDON* *** --------------------------------------------- In the worst case. The industrial control system fright machine is getting another kick along today, via a survey by Russian vendor Positive Technologies. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/12/scada_vulne… *** Samsung Galaxy S3 sichert Passwörter im Klartext *** --------------------------------------------- Beim beliebten Samsung Galaxy S3 ist eine Sicherheitslücke gefunden worden. Die interne App S-Memo speichert Passwörter im Klartext. Damit wird es möglich, dass jeder, der sich Zugriff beschaffen kann und weiß, wo das entsprechende File liegt, dieses auch tatsächlich lesen kann. --------------------------------------------- http://futurezone.at/digitallife/12422-galaxy-s3-sichert-passwoerter-im-kla… *** Even a CHILD can make a Trojan to pillage Windows Phone 8 *** --------------------------------------------- Whippersnapper will reveal all in the Malcon tent A teenager has crafted prototype malware for Windows Phone 8 just weeks after the official unveiling of the smartphone platform. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/13/windows_pho… *** BSI-Test: Verwundbarkeit von Windows-Rechnern im Netz *** --------------------------------------------- Windows-Systeme soll man stets auf dem aktuellen Stand halten, beim Browser greift man am besten zu Google Chrome, auf Java verzichtet man möglichst ganz - das predigen sowohl c't als auch das Bundesamt für Sicherheit in der Informationstechnik (BSI). --------------------------------------------- http://www.heise.de/security/meldung/BSI-Test-Verwundbarkeit-von-Windows-Re… *** Top 5 Security Predictions for 2013 from Symantec *** --------------------------------------------- "With this year quickly coming to an end, its time for us at Symantec to publish our predictions on what we expect will happen in the world of cybersecurity for the coming year. Most of us at Symantec tend to be fact-based, data-driven individuals. However, predicting the future always involves a bit of speculation...." --------------------------------------------- http://www.symantec.com/connect/blogs/top-5-security-predictions-2013-syman… *** Vuln: libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability *** --------------------------------------------- libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55909

1 0

Tageszusammenfassung - Montag 12-11-2012
by Daily end-of-shift report 12 Nov '12

12 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 09-11-2012 18:00 − Montag 12-11-2012 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Webmix - 26 Terabyte Webseiten zu Österreich gesammelt *** --------------------------------------------- Web@rchiv Österreich umfasst mittlerweile eine Milliarde Einzeldateien --------------------------------------------- http://text.derstandard.at/1350260844999/26-Terabyte-Webseiten-zu-Oesterrei… *** Windows 8 Defeats 85% of Malware Detected In the Past 6 Months *** --------------------------------------------- An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsofts latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware thats already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HOHG0NiFov4/windows-8-defea… *** Stuxnet Infected Chevrons IT Network *** --------------------------------------------- "Stuxnet, a sophisticated computer virus created by the United States and Israel, to spy on and attack Irans nuclear enrichment facilities in Natanz also infected Chevron s network in 2010, shortly after it escaped from its intended target. Chevron found Stuxnet in its systems after the malware was first reported in July 2010, said Mark Koelmel, general manager of the earth sciences department at Chevron. I dont think the U.S. government even realized how far it had spread, he told CIO --------------------------------------------- http://www.cyberwarzone.com/stuxnet-infected-chevron%E2%80%99s-it-network *** Hintergrund: Dropbox ist "ziemlich sicher" *** --------------------------------------------- Die beiden Sicherheitsexperten Florian Ledoux und Nicolas Ruff aus der IT-Abteilung von EADS haben einen kritischen Blick auf Dropbox geworfen und ihre Ergebnisse kürzlich auf der Security-Koferenz hack.lu vorgestellt. --------------------------------------------- http://www.heise.de/security/artikel/Dropbox-ist-ziemlich-sicher-1746596.ht… *** Weaponized Malware: Top Four Cyberattack Tools *** --------------------------------------------- "Over the past two years, four pieces of malware have emerged as veritable weapons and have been used for destructive purposes or to assist in such attacks.1. Stuxnet is the most widely known of the four. Stuxnet was designed with a highly specialized malware payload that targeted SCADA systems that control specific industrial processes...." --------------------------------------------- http://cyberwarzone.com/weaponized-malware-top-four-cyberattack-tools *** Ransom malware gangs making huge profits, Symantec discovers *** --------------------------------------------- "The problem of ransom malware has reached epidemic proportions and could be extracting fraudulent payments from as many as 3 percent of victims, a Symantec report has calculated. In a world already afflicted by botnets, banking Trojans and established problems such as keyloggers and spam, ransomware programs that lock victims computers or files until a ransom payment is made - has grown into a major problem, with surprisingly little coverage from security vendors until recently. Symantecs --------------------------------------------- http://news.techworld.com/security/3410078/ransom-malware-gangs-making-huge… *** Critical Vulnerabilities In Call of Duty: Modern Warfare 3, CryEngine 3 *** --------------------------------------------- hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-players computer." "Once you --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/itbD8UlgSco/critical-vulner… *** Sandy turned off the lights, the phones, and the heat. A cyber attack could make it all happen again *** --------------------------------------------- "Verizons chief technology officer surveyed a flooded major switching facility in lower Manhattan and put it bluntly: "There is nothing working here. Quite frankly, this is wider than the impacts of 9/11." Damage from Sandy is estimated to reach $20 billion, and interrupted phone service is among the least of it. Flooding in New Yorks century-old subway system is without parallel...." --------------------------------------------- http://www.foreignpolicy.com/articles/2012/11/07/network_news?page=0,0 *** Malware Spy Network Targeted Israelis, Palestinians *** --------------------------------------------- Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. The discovery, by Oslo-based antivirus and security firm Norman ASA, is the latest in a series of revelations involving digital surveillance activity of unknown origin that [...] --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/k12j_R4yBAo/ *** Telekom regt Sicherheits-Allianz der Unternehmen an *** --------------------------------------------- Die Deutsche Telekom wirbt verstärkt um ein gemeinsames Vorgehen der Wirtschaft im Kampf gegen Gefahren aus dem Internet. Der Chef der Geschäftskundentochter T-Systems, Reinhard Clemens, macht sich jetzt für eine gemeinsame IT-Sicherheitstruppe mit der Gründung eines spezialisierten Unternehmens stark, wie die Financial Times Deutschland berichtet. --------------------------------------------- http://www.heise.de/security/meldung/Telekom-regt-Sicherheits-Allianz-der-U… *** Citadel Trojan Tough for Banks to Beat *** --------------------------------------------- "The banking Trojan known as Citadel, which debuted in underground forums in January 2012, has evolved to become one of the financial industrys greatest worries, cybersecurity experts say. Citadel, an advanced variant of Zeus, is a keylogger that steals online-banking credentials by capturing keystrokes. Fraudsters then use stolen login IDs and passwords to access online accounts, take them over and schedule fraudulent transactions...." --------------------------------------------- http://www.bankinfosecurity.com/citadel-trojan-tough-for-banks-to-beat-a-52…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily