- Daily - CERT.at

Tageszusammenfassung - Freitag 9-11-2012
by Daily end-of-shift report 09 Nov '12

09 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 08-11-2012 18:00 − Freitag 09-11-2012 18:00 Handler: Stephan Richter Co-Handler: Matthias Fraidl *** PixSteal-A Trojan Steals Images, Uploads to Iraqi FTP Server *** --------------------------------------------- "A new Trojan has been identified that has the capability of stealing images from infected computers, setting the stage for anything from identity theft to blackmail. PixSteal-A also pilfers . dmp, or Windows memory dump files that contain data on system crashes and sends all stolen data to a remote FTP server in Iraq, according to Sophos. This isnt the first malware to target non text-based files...." --------------------------------------------- http://threatpost.com/en_us/blogs/pixsteal-trojan-steals-images-uploads-ira… *** Microsoft Security Bulletin Advance Notification for November 2012 *** --------------------------------------------- "This is an advance notification of security bulletins that Microsoft is intending to release on November 13, 2012. This bulletin advance notification will be replaced with the November bulletin summary on November 13, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...." --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms12-nov *** QRishing Study: Curiosity Is the Largest Motivating Factor for Scanning QR Codes *** --------------------------------------------- "Researchers from the Carnegie Mellon Universitys CyLab have released the results of a study QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks which focuses on phishing attacks that rely on QR (Quick Response) codes. QRishing is a term utilized for phishing attacks initiated via the scanning of QR codes. Such attacks are not new, but in the past period researchers have started examining them because theyre becoming more and more common...." --------------------------------------------- http://news.softpedia.com/news/QRishing-Study-Curiosity-is-the-Largest-Moti… *** Windows 8, Surface slabs ALREADY need critical security patch *** --------------------------------------------- Mega vulns affect ALL Windows kit from XP onward Microsoft will release critical updates for Windows 8 and other software on Novembers Patch Tuesday next week. The upgrades will arrive within weeks of the Win 8 launch at the end of last month. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/09/nov_patch_t… *** IT-Business - Cisco warnt: "Cyberkriminelle nur einen Mausklick entfernt" *** --------------------------------------------- Internetumfrage ortet große Mängel in Österreichs Unternehmen --------------------------------------------- http://derstandard.at/1350260880632/Cisco-warnt-Cyberkriminelle-nur-einen-M… *** Siemens software targeted by Stuxnet still full of holes *** --------------------------------------------- Software made by Siemens and targeted by the Stuxnet malware is still full of other dangerous vulnerabilities, according to Russian researchers whose presentation at the Defcon security conference earlier this year was cancelled following a request from the company. --------------------------------------------- https://www.computerworld.com/s/article/9233378/Siemens_software_targeted_b… *** Kreditkarte mit Display und Tastatur *** --------------------------------------------- Mastercard hat eine neue Kreditkarte vorgestellt, die mit einem monochromen LCD-Display und numerischen Tasten ausgestattet ist. Sie bietet laut dem Unternehmen neben den normalen Funktionen einer Kreditkarte auch die Möglichkeit, Einmal-Passworte zur Authentifizierung zu generieren. --------------------------------------------- http://www.heise.de/security/meldung/Kreditkarte-mit-Display-und-Tastatur-1… *** Facebook Chat Can Be Used to Launch DOS Attacks, Expert Finds *** --------------------------------------------- Security researcher Chris C. Russo claims to have discovered a way to use Facebook's chat module to launch denial-of-service (DOS) attack against any user, even if they're not friends with the attacker. --------------------------------------------- http://news.softpedia.com/news/Facebook-Chat-Can-Be-Used-to-Launch-DOS-Atta…

1 0

Tageszusammenfassung - Donnerstag 8-11-2012
by Daily end-of-shift report 08 Nov '12

08 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 07-11-2012 18:00 − Donnerstag 08-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** New Backdoor DDoS Malware Co-Existing on Gh0stRAT-Infected Machines *** --------------------------------------------- "Gh0st RAT has a new roommate. A new backdoor called ADDNEW has been discovered on machines infected with the Gh0st remote access Trojan, adding new distributed denial of service attack capabilities, as well as a feature that targets passwords and credentials stored on the Firefox browser. Gh0st RAT is a notorious piece of malware having been used in the Aurora attacks on Google, Adobe and other large manufacturers and technology companies...." --------------------------------------------- http://threatpost.com/en_us/blogs/new-backdoor-ddos-malware-co-existing-gh0… *** Experts Warn of Zero-Day Exploit for Adobe Reader *** --------------------------------------------- Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground.The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say theyve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/Kr8ZV2vC2Fc/ *** Malware Forum Logs from Control Systems, Part Deux *** --------------------------------------------- "Last September, I did a guest blog post titled Online-Malware-Support-Shows-Infected-ICS-Computers, where I searched for HiJackThis posts containing automation software. Basically, there are forums available to users that had been infected with viruses. These users can run a set of programs, including HijackThis, DDS, OTS, and others, to pull information from the system...." --------------------------------------------- http://www.digitalbond.com/2012/11/07/malware-forum-logs-from-control-syste… *** Innenministerium plant IT-Sicherheitsgesetz *** --------------------------------------------- Die IT-Beauftragte der Bundesregierung, Cornelia Rogall-Grothe, hat eine neue Security-Initiative umrissen. Mit einem IT-Sicherheitsgesetz sollten einschlägige Mindeststandards für Betreiber kritischer Infrastrukturen etwa in den Bereichen Energie, Informations- und Kommunikationstechnologien oder der Wasserversorgung verankert werden, erklärte die Staatssekretärin auf einem Symposium in Washington. Sie würden mit dem Vorhaben zudem dazu verpflichtet, "erhebliche IT-Sicherheitsvorfälle" zu melden. --------------------------------------------- http://www.heise.de/security/meldung/Innenministerium-plant-IT-Sicherheitsg… *** Apple patcht Quicktime für Windows *** --------------------------------------------- Apple hat die Windows-Ausgabe seines Multimedia-Abspielsystems Quicktime auf Version 7.7.3 aktualisiert. Die neue Ausgabe behebt zahlreiche kritische Sicherheitslücken. --------------------------------------------- http://www.heise.de/security/meldung/Apple-patcht-Quicktime-fuer-Windows-17… *** [TYPO3-announce] Announcing TYPO3 CMS 4.5.21, 4.6.14 and 4.7.6 *** --------------------------------------------- the TYPO3 Community has just released TYPO3 CMS versions 4.5.21, 4.6.14 and 4.7.6 which are now ready for you to download. All versions are maintenance releases and contain bug fixes and security fixes. --------------------------------------------- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa… *** E-Mail-Sicherheit: Hilfe gegen DKIM-Schwäche *** --------------------------------------------- Lange und wechselnde Schlüssel mit Verfallsdatum sowie der nötige Nachdruck beim E-Mail-Provider helfen laut der Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) gegen die kürzlich bekannt gewordene Lücke bei DKIM, der Authentizitäts-Sicherung von E-Mail-Absendern. --------------------------------------------- http://www.heise.de/security/meldung/E-Mail-Sicherheit-Hilfe-gegen-DKIM-Sch… *** Sicherheitslücke im TOR-Client *** --------------------------------------------- Wie Code-Experte Andrey Karpov bei einer Analyse des TOR-Quellcodes herausfand, verwendet die Anonymisierungssoftware eine Funktion namens memset() zum Löschen von Cache-Daten, welche nicht von allen Compilern unterstützt wird. Das kann unter Umständen dazu führen, dass der TOR-Client vertrauliche Daten wie etwa Passwörter im Speicher zurück lässt, wenn er beendet wird. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-im-TOR-Client-174652…

1 0

Tageszusammenfassung - Mittwoch 7-11-2012
by Daily end-of-shift report 07 Nov '12

07 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-11-2012 18:00 − Mittwoch 07-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Nachfolger für RFC-Ignorant.Org in Sicht *** --------------------------------------------- Der Datenbestand der im Oktober außer Betrieb gegangenen Anti-Spam-Blacklist RFC-Ignorant.Org wird unter RFC-Ignorant.de bei einem neuen Hoster weitergepflegt. --------------------------------------------- http://www.heise.de/security/meldung/Nachfolger-fuer-RFC-Ignorant-Org-in-Si… *** Epic FAIL: Anonymous didnt hack PayPal, managed to frighten Oz hippies *** --------------------------------------------- #OpNov5 pyrotechnics disappear in puff of smoke The smoke has cleared from Anonymouss Bonfire Night hacking spree with a denial from PayPal that it had been hacked. The payments-processing firm appeared to have been highest profile target of the hacking spree, but apparently this was an error caused by the tweeting and retweeting of an erroneous post by a cyber security blogger. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/11/06/anon_opnov5… *** Adobe Ships Election Day Security Update for Flash *** --------------------------------------------- Adobe has released a critical security update for its Flash Player and Adobe AIR software that fixes at least seven dangerous vulnerabilities in these products. Updates are available for Windows, Mac, Linux and Android systems. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/czXcgBruHcM/ *** Volunteering falls short on threat information sharing *** --------------------------------------------- "Critical infrastructure security apparently has its own version of Dont Ask, Dont Tell, despite calls in the public and private sector for better information sharing. And this one goes both ways. The private sector is not telling the government about its vulnerabilities, and government is also keeping threat and vulnerability information from the private sector...." --------------------------------------------- http://www.csoonline.com/article/720881/volunteering-falls-short-on-threat-… *** [remote] - EMC Networker Format String *** --------------------------------------------- EMC Networker Format String --------------------------------------------- http://www.exploit-db.com/exploits/22525 *** Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability *** --------------------------------------------- Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue *** --------------------------------------------- Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 6-11-2012
by Daily end-of-shift report 06 Nov '12

06 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 05-11-2012 18:00 − Dienstag 06-11-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56036 *** Vuln: Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56041 *** Vuln: Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability *** --------------------------------------------- Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56017 *** European Smart Grid Cyber and SCADA Security *** --------------------------------------------- "Event Name : European Smart Grid Cyber and SCADA SecurityEvent Date : March 11-12, 2013Location : London, United KingdomWebsite : www. smi-online. co. uk/2013cybergrids2...." --------------------------------------------- http://www.ecoseed.org/more/events/15779-european-smart-grid-cyber-and-scad… *** [dos] - Adobe Reader 11.0.0 Stack Overflow Crash PoC *** --------------------------------------------- Adobe Reader 11.0.0 Stack Overflow Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22464 *** Possible Fake-AV Ads from Doubleclick Servers, (Mon, Nov 5th) *** --------------------------------------------- Reader James ran into a Fake AV ad delivered by Double click. It is not clear if this is the result of a compromise of double click, or a paid ad that slipped through doubleclicks content review process. James started out at a local new paper web site, that like many others features ads served by double click. Luckily, James used a proxy tool (Fiddler) to record the session. Here are some of the excerpts (slightly anonymized and spaces inserted to avoid accidental clicks): GET [...] --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14455&rss *** Vuln: Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability *** --------------------------------------------- Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56399 *** Apache Tomcat 6.x / 7.x Denial Of Service *** --------------------------------------------- Topic: Apache Tomcat 6.x / 7.x Denial Of Service Risk: Medium Text:CVE-2012-2733 Apache Tomcat Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affe... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/zhdqQvlbO2c/WLB-20… *** Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses *** --------------------------------------------- Topic: Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses Risk: Medium Text:CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses Severity: Moderate Vendor: The Apache Software Foundation ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Suq__thlFNM/WLB-20… *** Java - Sicherheitsexperte schließt Java-Lücke auf eigene Faust *** --------------------------------------------- Oracle vertröstet auf Patchday im Februar --------------------------------------------- http://text.derstandard.at/1350259245198/Sicherheitsexperte-schliesst-Java-… *** Bugtraq: multiple critical vulnerabilities in sophos products *** --------------------------------------------- multiple critical vulnerabilities in sophos products --------------------------------------------- http://www.securityfocus.com/archive/1/524641 *** Bugtraq: Wisecracker 1.0 - A high performance distributed cryptanalysis framework *** --------------------------------------------- Wisecracker 1.0 - A high performance distributed cryptanalysis framework --------------------------------------------- http://www.securityfocus.com/archive/1/524640 *** [dos] - Internet Explorer 9 Memory Corruption Crash PoC *** --------------------------------------------- Internet Explorer 9 Memory Corruption Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22401 *** Bugtraq: [security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure *** --------------------------------------------- [security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure... --------------------------------------------- http://www.securityfocus.com/archive/1/524644

1 0

Tageszusammenfassung - Montag 5-11-2012
by Daily end-of-shift report 05 Nov '12

05 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-11-2012 18:00 − Montag 05-11-2012 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Studie: Informationen trotz SSL-Verschlüsselung nicht sicher *** --------------------------------------------- Mit einer seit Jahren bekannten Angriffstechnik kann man die SSL-Verschlüsselung im Browser austricksen. Wie eine Untersuchung zeigt, setzt kaum jemand den ebenfalls bekannten Schutzmechanismus ein. Auch unterstützen diesen nicht alle aktuellen Browser. --------------------------------------------- http://www.heise.de/security/meldung/Studie-Informationen-trotz-SSL-Verschl… *** VUPEN Researchers Say They Have Zero-Day Windows 8 Exploit *** --------------------------------------------- "Controversial bug hunters and exploit sellers VUPEN claimed to have cracked the low-level security enhancements featured in Windows 8, Microsofts latest operating system. VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled...." --------------------------------------------- http://threatpost.com/en_us/blogs/vupen-researchers-say-they-have-zero-day-… *** Deep Inside a DNS Amplification DDoS Attack *** --------------------------------------------- "A few weeks ago I wrote about DNS Amplification Attacks. These attacks are some of the largest, as measured by the number of Gigabits per second (Gbps), that we see directed toward our network. For the last three weeks, one persistent attacker has been sending at least 20Gbps twenty-four hours a day as an attack against one of our customers...." --------------------------------------------- http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack *** How Georgia doxed a Russian hacker (and why it matters) *** --------------------------------------------- "On October 24, the country of Georgia took an unusual step: it posted to the Web a 27-page writeup (PDF), in English, on how it has been under assault from a hacker allegedly based in Russia. The paper included details of the malware used, how it spread, and how it was controlled. Even more unusually, the Georgians released pictures of the alleged hackertaken with his own webcam after the Georgians hacked the hacker with the help of the FBI and others...." --------------------------------------------- http://arstechnica.com/tech-policy/2012/11/how-georgia-doxed-a-russian-hack… *** Firefox gets strict about enforcement of HTTPS protection *** --------------------------------------------- "Developers of Mozillas Firefox browser are experimenting with a new security feature that connects to a specified set of websites only when presented with a cryptographic certificate validating the connection is secure. A beta version of the open-source browser contains a list of sites known to deploy the HTTP Strict Transport Security mechanism that requires a browser to use the secure sockets layer or transport layer security protocols when communicating. HSTS is designed to provide an... --------------------------------------------- http://arstechnica.com/security/2012/11/firefox-gets-strict-about-enforceme… *** Android Modding for the Security Practitioner *** --------------------------------------------- "After getting involved in the Android rooting scene, I observed that there is a disconnect between the community interested in "modding" (modifying) their devices and those looking at Android from a security practitioners perspective. In this talk, I will provide technical details on many key concepts in the modding world, including rooting, locked/unlocked bootloaders, S-ON/S-OFF, fastboot, ROM flashing, and various other techniques. Well look at real examples of... --------------------------------------------- http://www.securitytube.net/video/6080 *** Anonymous ransomware - but who is hiding behind this malwares mask? *** --------------------------------------------- "Heres an interesting twist of the Reveton/FBI/police ransomware that has been plaguing internet users lately. In this example, the malware that locks you out of your data, and demands 100 be paid via Ukash to gain access back to your files, claims to be from the Anonymous hacktivist group. Of course, just as when ransomware victims see demands from cash on their computer seemingly coming from the police, they should be equally dubious about whether this particular attack originated from... --------------------------------------------- http://nakedsecurity.sophos.com/2012/11/02/anonymous-ransomware/ *** Shopping The Russian Cybercrime Underground *** --------------------------------------------- "If you werent already convinced that the Russian cybercrime underground is now a vast, sophisticated, high-volume market, consider this: there are at least 20 different types of services offered in Russian-speaking forums for just about anyone who wants to make a buck off of cybercrime, everything from crime-friendly VPN and security software-checking services to plain old off-the-shelf exploits, according to a new report...." --------------------------------------------- http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabi… *** In Pictures: 20 notorious worms, viruses and botnets *** --------------------------------------------- "The earliest worms and viruses were created for geeky fun and did little harm - oh, how times have changed. Here are 20 worms, viruses and botnets that show the evolution of malware, from Creeper to Flame. CreeperThe first real computer virus, Creeper was released "in lab" in 1971 by an employee of a company working on building ARPANET, the Internets ancestor, according to Guillaume Lovet, Senior Director, FortiGuard Labs...." --------------------------------------------- http://www.computerworld.com.au/slideshow/440948/pictures_20_notorious_worm… *** Searching for Silver Bullets In SCADA and ICS Environments *** --------------------------------------------- "With Halloween past us, theres an excess of sugar in our blood, and remnant imaginings of monsters under the bed. So perhaps thats why when the topic of silver bullet security recently came up, my mind immediately went to Werewolves. The term was used, as it often is, in a discussion about Application Whitelistingthe industrial automation industrys rightful poster child for endpoint security...." --------------------------------------------- http://www.securityweek.com/searching-silver-bullets-scada-and-ics-environm… *** Vuln: Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability *** --------------------------------------------- Ubercart SecureTrading Payment Method Drupal Module Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54395 *** ZPanel <= 10.0.1 CSRF, XSS, SQLi, Password Reset *** --------------------------------------------- Topic: ZPanel --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/cET4kw8gtsc/WLB-20… *** Anonymous am Werk? Symantec, ImageShack, Paypal und VMWare gehackt *** --------------------------------------------- Eine Hackergruppe will zum zweiten Mal den Bilder-Upload-Dienst ImageShack gehackt haben und auch das Sicherheits-Unternehmen Symantec soll ihnen zum Opfer gefallen sein. Der Schaden bei ImageShack soll sich auf die Preisgabe aller vorhandenen, auch als privat eingestuften, Bilder belaufen. Von Symantec sollen nun unter anderem alle Mitarbeiter-E-Mailadressen öffentlich sein. Außerdem haben die Hacker eine Lücke für die OpenSource-Software ZPanel veröffentlicht. Obendrein stellt Anonymous den Kernel von... --------------------------------------------- http://www.heise.de/security/meldung/Anonymous-am-Werk-Symantec-ImageShack-… *** Bugtraq: Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client *** --------------------------------------------- Vulnerable MSVC++ 2008 runtime libraries distributed with and installed by eM client --------------------------------------------- http://www.securityfocus.com/archive/1/524621 *** New Blackhole Targets Mobile Banking Services *** --------------------------------------------- "According to a report published by antivirus software developer AVG, there is a significant growth in malicious software and malicious ads with hidden malware behind images posed on social media. The report revealed details about the newly released 2. 0 version of Blackhole Exploit Toolkit that targets mobile banking services...." --------------------------------------------- http://www.technologybanker.com/security-risk-management/new-blackhole-targ…

1 0

Tageszusammenfassung - Freitag 2-11-2012
by Daily end-of-shift report 02 Nov '12

02 Nov '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 31-10-2012 18:10 − Freitag 02-11-2012 18:10 Handler: Robert Waldner Co-Handler: Otmar Lendl *** Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities *** --------------------------------------------- Topic: Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities Risk: Low Text:Advisory: Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-014 Author: Stefan Schurtz ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/kE0J4Z10zwA/WLB-20… *** [webapps] - Wordpress bbpress Plugin Multiple Vulnerabilities *** --------------------------------------------- Wordpress bbpress Plugin Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/22396 *** How to Fight New Gozi Banking Trojan - Crimeware Exploits Basic Authentication Used in U.S. *** --------------------------------------------- "Fighting the new Trojan aimed at U.S. banks will require multiple measures, says RSA researcher Mor Ahuvia. Gozi Prinimalka is different, and institutions have to be mindful of its characteristics. Ahuvia, a cybercrime communications specialist for RSA FraudAction, says a new Trojan identified by RSA in early October will pose one of the greatest fraud threats U.S. banking institutions have ever seen...." --------------------------------------------- http://www.bankinfosecurity.com/how-to-fight-new-gozi-banking-trojan-a-5256… *** Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing *** --------------------------------------------- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing --------------------------------------------- http://www.securityfocus.com/archive/1/524565 *** New Hacker Weapon Surfaces *** --------------------------------------------- "A High Orbit Ion Cannon (HOIC) could just broaden the possibilities for attackers of all skill sets. The High Orbit Ion Cannon is a dangerous free-to-download, open-source program that can turn any user of any skill level into a powerful hacker, at least in terms of one form of attack, a distributed denial-of-service (DDoS). It is extremely easy to use...." --------------------------------------------- http://www.isssource.com/new-hacker-weapon-surfaces/ *** Costs of tools and activities in the Russian cybercriminal underground *** --------------------------------------------- "A new Trend Micro research paper describes a broad offering of tools and activities that can be bought and sold on underground forum shopping sites. It examines the prices charged for various types of services, while also providing examples of information shared among cybercriminals. In examining two dozen basic and fundamental tools and technologies that cybercriminals create and use to enhance their business, researchers also assess the top-ten ranked malicious activities and --------------------------------------------- http://www.net-security.org/secworld.php?id=13884 *** One year after DigiNotar breach, Fox-IT details extent of compromise *** --------------------------------------------- "The 2011 security breach at Dutch certificate authority (CA) DigiNotar resulted in an extensive compromise and was facilitated in part by shortcomings in the companys network segmentation and firewall configuration, according to Fox-IT, the security company contracted by the Dutch government to investigate the incident."The DigiNotar network was divided into 24 different internal network segments," Fox-IT said in its final investigation report, published earlier this week by the --------------------------------------------- http://www.computerworld.com/s/article/9233138/One_year_after_DigiNotar_bre… *** Joe Weiss 2012 ICS Security Conference Highlights *** --------------------------------------------- "The twelfth ICS Security has come and gone, and it sounds from the tone of Joes write-up that whatever progress theres been to date in awareness and/or improved capabilities has been frustratingly slow and incremental. After twelve years, I guess we can call that a trend. Nevertheless, the best parts often seem to involve drama related to actual events in the field...." --------------------------------------------- http://smartgridsecurity.blogspot.nl/2012/11/joe-weiss-2012-ics-security-co… *** Windows 8 exploit combining several 0-days already up for sale *** --------------------------------------------- "Less that a week after Microsoft released is long awaited Windows 8, with new and improved security features, French bug hunters VUPEN Security have announced that they have created an exploit for the new OS version that takes advantage of several zero-day flaws:In the light of this discovery, the tweet that VUPEN CEO and head researcher Chaouki Bekrar posted upon the OSs release seems almost to mock Microsofts efforts. The company, which has become well known in security circles --------------------------------------------- http://www.net-security.org/secworld.php?id=13890

1 0

Tageszusammenfassung - Mittwoch 31-10-2012
by Daily end-of-shift report 31 Oct '12

31 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 30-10-2012 18:00 − Mittwoch 31-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Citrix XenServer 6.0.2 Privilege Escalation *** --------------------------------------------- Topic: Citrix XenServer 6.0.2 Privilege Escalation Risk: Medium Text: ADVISORY = Systems Affected: Citrix XenServer 5.0 through 6.0.2 Severity: High Ca... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/wk0udMQ2Uz4/WLB-20… *** THOMAS: Cyber security for the home *** --------------------------------------------- "When we think about cyber security we usually think about big businesses or government agencies, but securing your computers and information is important in your home, too. Hackers and thieves have a number of reasons to break into your computer, but the most common are to steal the information stored there and to use the resources of your computer to do their bidding. One of the things a hacker wants from your computer is information...." --------------------------------------------- http://www.nctimes.com/news/local/columnists/thomas/thomas-cyber-security-f… *** Trojaner-Schnäppchen mit Windows-8-Unterstützung *** --------------------------------------------- Während einige Antivirenhersteller mit Microsofts neuestem Betriebssystem noch Probleme haben, ist die Cybercrime-Community schon voll auf den Windows-8-Zug aufgesprungen. So wird etwa auf einer bei Google gehosteten Site für 40 Euro ein bereits Windows-8-kompatibles "Remote Administration Tool" namens Xtreme RAT angeboten kostenlose Updates inklusive. --------------------------------------------- http://www.heise.de/security/meldung/Trojaner-Schnaeppchen-mit-Windows-8-Un… *** VM-aware viruses on the rise *** --------------------------------------------- "Viruses targeting virtual machines (VM) are growing in numbers and will soon be the dominant force in the world of cyber crime. Speaking at this weeks SNW Europe conference in Frankfurt, Joe Llewelyn, head of global sales training at Kaspersky Lab, warned of the increase and the trouble they could cause. A lot of the viruses we are now seeing are virtual machine aware, meaning they will work out if they are running on a VM, he said...." --------------------------------------------- http://www.computerweekly.com/news/2240169662/VM-aware-viruses-on-the-rise?… *** Linux: Patch für den Ext4-Bug *** --------------------------------------------- Die Ursache des vor einer Woche aufgefallenen Bugs im Linux-Dateisystem Ext4 ist gefunden. Ext4-Chefentwickler Ted Ts'o hat einen wenige Zeilen langen Patch geschrieben und zur Aufnahme in den Kernel 3.7 bereitgestellt. --------------------------------------------- http://www.heise.de/open/meldung/Patch-fuer-den-Ext4-Bug-1740840.html/from/… *** Kritische Lücken in Plone und Zope *** --------------------------------------------- Die Plone Foundation warnt vor kritischen Sicherheitslücken in ihrem Open-Source-CMS Plone. Auch das Python-basierten Web-Framework Zope ist verwundbar. Betroffen sind jeweils alle Versionen einschließlich der aktuellen. Durch die Schwachstellen kann ein Angreifer schlimmstenfalls die Kontrolle über den Server übernehmen. --------------------------------------------- http://www.heise.de/security/meldung/Kritische-Luecken-in-Plone-und-Zope-17… *** Sicherheitslücke in Yahoos JavaScript-Framework YUI 2 *** --------------------------------------------- In einem Blog-Beitrag weist //www.yahoo.com:Yahoo auf eine Sicherheitslücke in seiner freien JavaScript-Bibliothek YUI 2 hin. Eine nähere Beschreibung des Bugs gibt es nicht, er betrifft zudem nur Anwender, die den Quellcode des Frameworks selbst bereitstellen: In der von Yahoos Content Delivery Network ausgelieferten Version ist er beseitigt. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-Yahoos-JavaScript…

1 0

Tageszusammenfassung - Dienstag 30-10-2012
by Daily end-of-shift report 30 Oct '12

30 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 29-10-2012 18:00 − Dienstag 30-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** ICS-CERT warnt vor Angriffen auf industrielle Steuerungssysteme *** --------------------------------------------- Die Attacken auf industrielle Steuerungssysteme nehmen zu. Das Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) hat dazu eine Warnung herausgegeben, die vom Bundesamt für Sicherheit und Informationstechnik (BSI) unterstützt wird. Spezielle Tools und Suchmaschinen erleichtern auch unerfahrenen Angreifern die Attacken auf Maschinen und Geräte, die Relevanz für die Infrastruktur, wie etwa die Stromnetze, haben. --------------------------------------------- http://www.heise.de/security/meldung/ICS-CERT-warnt-vor-Angriffen-auf-indus… *** Legacy Applications a Threat to Windows 8 Security *** --------------------------------------------- "The security features of Windows 8 are among the more highly touted aspects of the new operating system. However, theyre not worth much if users can bypass them, and thats exactly what Bitdefenders Alex Balan said could happen to users who hang on to pre-Windows 8 applications. Since they run outside the secure interface, theyre more vulnerable...." --------------------------------------------- http://www.technewsworld.com/story/76499.html *** Critical error in CoDeSys runtime of SCADA systems *** --------------------------------------------- "Ron Wightman discovered vulnerability in the CoDeSys runtime during Project Basecamp, where industrial security guards come together. The problem is that according Wightman attackers by security hole in CoDeSys control PLCs can get into the industrial systems and critical infrastructures which it is mounted. An attacker must already have access to the network...." --------------------------------------------- http://www.automatiseringgids.nl/nieuws/2012/44/kritieke-fout-in-codesys-ru… *** Falsche Fährten für Schnüffel-Apps *** --------------------------------------------- Eine modifizierte Version des Android-Betriebssystems füttert Apps, die Daten auslesen, mit extra fehlerhaften Informationen. --------------------------------------------- http://www.heise.de/newsticker/meldung/Falsche-Faehrten-fuer-Schnueffel-App… *** Bugtraq: [security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities *** --------------------------------------------- [security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524541

1 0

Tageszusammenfassung - Montag 29-10-2012
by Daily end-of-shift report 29 Oct '12

29 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 25-10-2012 18:00 − Montag 29-10-2012 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Realplayer Watchfolders long Filepath Overflow *** --------------------------------------------- Topic: Realplayer Watchfolders long Filepath Overflow Risk: High Text:Realplayer Watchfolders Long Filepath Overflow by Joseph Sheridan Summary Realplayer version 15.0.5.109 is vulnerable to ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/dOv6-0tUVh8/WLB-20… *** Detecting Advanced Persistent Threat with Network Traffic Analysis *** --------------------------------------------- "A high degree of stealthiness over a prolonged duration of operation in order to do a successful cyber attack can be defined as Advanced Persistent Threat. The attack objectives therefore typically extend beyond immediate financial gain, and compromised systems continue to be of service even after key systems have been breached and initial goals reached. Todays successful targeted attacks use a combination of social engineering, malware, and backdoor activities...." --------------------------------------------- http://thehackernews.com/2012/10/detecting-advanced-persistent-threat.html#… *** [dos] - Microsoft Office Publisher 2010 Crash PoC *** --------------------------------------------- Microsoft Office Publisher 2010 Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22310 *** [dos] - Microsoft Windows Help program (WinHlp32.exe) Crash PoC *** --------------------------------------------- Microsoft Windows Help program (WinHlp32.exe) Crash PoC --------------------------------------------- http://www.exploit-db.com/exploits/22303 *** Another systematic SCADA vuln *** --------------------------------------------- "If its Monday, it must be time for a new SCADA vulnerability: this time, arising through the combination of a popular development environment and bad developer habits. Described in full by Digital Bond researcher Reid Wightman here, as many as 261 manufacturers and heaven-knows-how-many deployed systems may have created insecure systems using the software. The software in question is CoDeSys, from German company S3...." --------------------------------------------- http://www.theregister.co.uk/2012/10/28/codesys_vulnerability/ *** Vuln: Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities *** --------------------------------------------- Drupal Arbitrary PHP Code Execution and Information Disclosure Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56103 *** Schädling versteckt sich hinter der Maus *** --------------------------------------------- xhtml --------------------------------------------- http://www.heise.de/security/meldung/Schaedling-versteckt-sich-hinter-der-M… *** Bugtraq: [SECURITY] [DSA 2567-1] request-tracker3.8 security update *** --------------------------------------------- [SECURITY] [DSA 2567-1] request-tracker3.8 security update --------------------------------------------- http://www.securityfocus.com/archive/1/524528 *** Steuerungssysteme mit Hintertür *** --------------------------------------------- Die Programmiersoftware CoDeSys des deutschen Herstellers 3 S-Smart Software Solutions kann aus der Ferne ohne Authentifizierung manipuliert werden. Die Software wird für die digitale Steuerung von Maschinen und Anlagen von 261 Geräteherstellern genutzt. Damit verwenden "Tausende von Endanwendern aus dem Maschinen- und Anlagenbau und weiteren Industriezweigen CoDeSys", wie 3 S-Smart auf ihrer Internetseite angibt. Zu den Firmen, die CoDeSys nutzen, gehören unter anderem Unternehmen im Energie-, Militär- und Navigationsbereich. Entdeckt hat die Sicherheitslücke Reid Wightman, Sicherheits-Berater bei digital bond. --------------------------------------------- http://www.heise.de/security/meldung/Steuerungssysteme-mit-Hintertuer-17384…

1 0

Tageszusammenfassung - Donnerstag 25-10-2012
by Daily end-of-shift report 25 Oct '12

25 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 24-10-2012 18:00 − Donnerstag 25-10-2012 18:00 Handler: Robert Waldner Co-Handler: n/a *** Bugtraq: VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability *** --------------------------------------------- VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/524507 *** Bugtraq: VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability *** --------------------------------------------- VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/archive/1/524506 *** Bugtraq: [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin *** --------------------------------------------- [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin --------------------------------------------- http://www.securityfocus.com/archive/1/524509 *** Microsoft Office Word 2010 Stack Exhaustion *** --------------------------------------------- Topic: Microsoft Office Word 2010 Stack Exhaustion Risk: Low Text:Title : Microsoft Office Word 2010 Stack Overflow Version : Microsoft Office professional Plus 2010 Date : 2012... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/nm8w9gqy73w/WLB-20… *** National and International Cyber Security Exercises: Survey, Analysis & Recommendations *** --------------------------------------------- "Cyber exercises are an important tool to assess the preparedness of a community against cyber crises, technology failures and critical information infrastructure incidents. ENISA supports the stakeholders involved in EU cyber exercises. This report aims to support European and international bodies involved in cyber exercises with lessons learned about cyber exercises and recommendations for the future...." --------------------------------------------- http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-coop… *** Researcher to demonstrate feature-rich malware that works as a browser extension *** --------------------------------------------- "Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more. Balazs, who works as an IT security consultant for professional services firm Deloitte in Hungary, created the proof-of-concept malware in order to raise awareness about the security --------------------------------------------- http://www.computerworld.com/s/article/9232848/Researcher_to_demonstrate_fe…

1 0

Tageszusammenfassung - Mittwoch 24-10-2012
by Daily end-of-shift report 24 Oct '12

24 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 23-10-2012 18:00 − Mittwoch 24-10-2012 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** Apple QuickTime 7.7.2(1680.56) Division By Zero *** --------------------------------------------- Topic: Apple QuickTime 7.7.2(1680.56) Division By Zero Risk: Low Text:#Title : Apple QuickTime Player suffers from Division By Zero #Version : 7.7.2(1680.56) #Date : 2012-10-23 #Ve... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0bLOTA2eMtQ/WLB-20… *** Time to run Windows Update - - Microsoft Updates KB2755801 for Windows RT / IE10 / Flash Player - http://technet.microsoft.com/en-us/security/advisory/2755801, (Wed, Oct 24th) *** --------------------------------------------- =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14365&rss *** The NetSA group at CERT has developed and maintains a suite of open source tools *** --------------------------------------------- "The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of the work of the AirCERT project, the SiLK project and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform...." --------------------------------------------- http://tools.netsa.cert.org/ *** Bugtraq: [security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information *** --------------------------------------------- [security bulletin] HPSBHF02819 SSRT100920 rev.1 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/524496

1 0

Tageszusammenfassung - Dienstag 23-10-2012
by Daily end-of-shift report 23 Oct '12

23 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 22-10-2012 18:00 − Dienstag 23-10-2012 18:00 Handler: Robert Waldner Co-Handler: Matthias Fraidl *** CyanogenMod protokolliert Sperrmuster *** --------------------------------------------- Die Android-Firmware CyanogenMod protokolliert offenbar die zur Entsperrung des Smartphones verwendeten Wischmuster mit. Das hat ein Entwickler bemerkt und mit einem Mini-Patch abgestellt. CyanogenMod ist eine herstellerunabhängige Firmware für Android-Smartphones. --------------------------------------------- http://www.heise.de/security/meldung/CyanogenMod-protokolliert-Sperrmuster-… *** Google Drive öffnet Hintertür zum Google-Account *** --------------------------------------------- Der Windows-Client von Googles Dropbox-Alternative Drive öffnet eine Hintertür in den Google-Account, durch die sich neugierige Mitmenschen unter Umständen Zugriff auf Mails, Kontakte und Termine des Drive-Nutzers verschaffen können. --------------------------------------------- http://www.heise.de/security/meldung/Google-Drive-oeffnet-Hintertuer-zum-Go… *** Trend Micro Report for Q3, 2012: Zero-Days, Mobile Malware and Phishing *** --------------------------------------------- "Security firm Trend Micro has released its Security Roundup Report for the third quarter of 2012. The figures highlight the fact that the number of malicious elements designed to target Android devices has increased from 30,000 (in June) to almost 175,000 (in September). While some of them are designed to inflate phone bills and fill the crooks pockets, others pose a privacy threat...." --------------------------------------------- http://news.softpedia.com/news/Trend-Micro-Report-for-Q3-2012-Zero-Days-Mob… *** ENISA Midpoint Report: First European Cyber Security Month Is a Success *** --------------------------------------------- "The European Network and Information Security Agency (ENISA) has released a midpoint report on the first European Cyber Security Month (ECSM) and the figures are highly encouraging. The campaign has already reached close to 2 million users on Facebook and judging by the upcoming events, it will reach a lot more in the following period. Hundreds of professionals and thousands of regular Internet users have already taken part in events hosted by Portugal, Spain, Norway, Luxemburg and --------------------------------------------- http://news.softpedia.com/news/ENISA-Midpoint-Report-First-European-Cyber-S… *** Vuln: Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability *** --------------------------------------------- Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56113 *** Joomla SQLReport Password Disclosure *** --------------------------------------------- Topic: Joomla SQLReport Password Disclosure Risk: Medium Text:Title:Password Disclosure Vulnerability Author:AsSerT && MetAiZM Vendor:Joomla Dork:inurl:com_sqlreport Disclosure: http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/L88Vk3uNWlw/WLB-20… *** Solar-power system flaws shine light on Smart Grid threats *** --------------------------------------------- "The Homeland Security Department has issued an alert about vulnerabilities in a control system for solar electric systems that could allow unauthorized users to access to the system and execute malicious code. The equipment is sold by the Italian systems integrator Sinapsi, and although a proof-of-concept exploit has been published, no exploits have yet been reported in the wild. The alert is a reminder of the need to incorporate security into increasingly complex and interactive power --------------------------------------------- http://gcn.com/blogs/cybereye/2012/10/solar-system-flaws-smart-grid-threats… *** Adobe schließt kritische Shockwave-Lücken *** --------------------------------------------- Adobe schließt mit der Shockwave-Version 11.6.8.638 für Windows und Mac OS X zahlreiche kritische Lücken, durch die ein Angreifer potenziell Schadcode ins System schleusen kann. Insgesamt sind den Schwachstellen sechs CVE-Nummern zugeordnet. Es handelt sich vor allem um Pufferüberläufe. --------------------------------------------- http://www.heise.de/security/meldung/Adobe-schliesst-kritische-Shockwave-Lu…

1 0

Tageszusammenfassung - Montag 22-10-2012
by Daily end-of-shift report 22 Oct '12

22 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 19-10-2012 18:00 − Montag 22-10-2012 18:00 Handler: Robert Waldner Co-Handler: Christian Wojner *** Dutch government seeks to let law enforcement hack foreign computers *** --------------------------------------------- "The Dutch government wants to give law enforcement authorities the power to hack into computers, including those located in other countries, for the purpose of discovering and gathering evidence during cybercrime investigations. In a letter that was sent to the lower house of the Dutch parliament on Monday, the Dutch Minister of Security and Justice Ivo Opstelten outlined the governments plan to draft a bill in upcoming months that would provide law enforcement authorities with new --------------------------------------------- http://www.cio.com.au/article/439620/dutch_government_seeks_let_law_enforce… *** Joomla Commedia 3.1 SQL Injection *** --------------------------------------------- Topic: Joomla Commedia 3.1 SQL Injection Risk: Medium Text: Exploit Title: Joomla commedia Remote Exploit dork: inurl:index.php?option=com_commedia Date: [18-10-2012] Autho... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ixjlWHyPfk0/WLB-20… *** F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection *** --------------------------------------------- Topic: F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection Risk: Low Text:1. OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides se... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/jehSXRUk280/WLB-20… *** WordPress Wordfence Security XSS and IAA vulnerabilities *** --------------------------------------------- Topic: WordPress Wordfence Security XSS and IAA vulnerabilities Risk: Low Text:I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for Word... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ixOVIlVAzxA/WLB-20… *** Joomla Tag SQL Injection *** --------------------------------------------- Topic: Joomla Tag SQL Injection Risk: Medium Text: Exploit Title: Joomla tag Remote Sql Exploit dork: inurl:index.php?option=com_tag Date: [18-10-2012] Author: Dan... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/t2QhRZO4mj0/WLB-20… *** Joomla Freestyle Support 1.9 SQL Injection *** --------------------------------------------- Topic: Joomla Freestyle Support 1.9 SQL Injection Risk: Medium Text: Exploit Title: Joomla Freestyle Support com_fss sqli Dork: N/A Date: [17-10-2012] Author: Daniel Barragan "D4NB4... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/BL5miMrFF0w/WLB-20… *** Internet Explorer 9 XSS Filter Bypass *** --------------------------------------------- Topic: Internet Explorer 9 XSS Filter Bypass Risk: Low Text: # Internet Explorer 9 XSS Filter Bypass # Discovered by: Jean Pascal Pereira --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/0YxVKyCrmJU/WLB-20… *** US government cyber attack warnings are hypocritical, claims F-Secure chief *** --------------------------------------------- "Renowned security expert Mikko Hypponen has publicly given the US government a tongue lashing by claiming its warnings on cyber attacks are hypocritical. The F-Secure security chief criticised the US Defense Secretary Leon Panetta for saying that the country is on the cusp of experiencing a "cyber Pearl Harbor" in a speech last week. Panetta had claimed that the US government and critical infrastructure businesses are currently being besieged by state sponsored hackers with --------------------------------------------- http://www.v3.co.uk/v3-uk/news/2218614/us-government-cyber-attack-warnings-… *** Billabong hacked, threats of mass data leaks from @GoatseSec *** --------------------------------------------- One of the worlds largest surfing based brands has come under the eye of hackers after they gained access to its database via a exploitable wordpress installation. --------------------------------------------- http://www.cyberwarnews.info/2012/10/21/billabong-hacked-threats-of-mass-da… *** Adobe reader 10.1.4 memory corruption *** --------------------------------------------- Topic: Adobe reader 10.1.4 memory corruption Risk: High Text:#!/usr/bin/perl #Title : Adobe reader 10.1.4 memory corruption #Version : 10.1.4.38 #Date : 2012-10-12 #Vendor ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/qrIZMwM6M7g/WLB-20… *** cpanel 11.32.5 (build 11) 11.32.5.11 CSRF *** --------------------------------------------- Topic: cpanel 11.32.5 (build 11) 11.32.5.11 CSRF Risk: Low Text: = Vulnerable Software: cPanel version : 11.32.5 (build 11)-11.32.5.11 [ cPanel Pro ] Vulnerability: CSRF Vendor: cpanel.... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/CNVJqOmG7OI/WLB-20… *** Service Sells Access to Fortune 500 Firms *** --------------------------------------------- An increasing number of services offered in the cybercrime underground allow miscreants to purchase access to hacked computers at specific organizations. For just a few dollars, these services offer the ability to buy your way inside of Fortune 500 company networks. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/3T5OQmyiwT4/ *** Movable Type Pro 5.13en Cross Site Scripting *** --------------------------------------------- Topic: Movable Type Pro 5.13en Cross Site Scripting Risk: Low Text:Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure In... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/UKDndJWwGNA/WLB-20…

1 0

Tageszusammenfassung - Freitag 19-10-2012
by Daily end-of-shift report 19 Oct '12

19 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 18-10-2012 18:00 − Freitag 19-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Download the report from FireEye, now. *** --------------------------------------------- "Learn how to protect your organization from the most dangerous cyber attacks by discovering the tactics used in successful attacks. In a unique report from FireEye, youll get first-hand information from the FireEye Malware Intelligence Labs, which analyzes data from Malware Protection Systems (MPS) deployed behind existing security defenses. Youll benefit from gaining visibility into the most lethal attacks of the year, and discovering how they successfully evaded traditional --------------------------------------------- http://www2.fireeye.com/FierceCIO_Advanced_Threat_LP.html *** Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide, (Thu, Oct 18th) *** --------------------------------------------- Many vendors have security hardening guides - step-by-step guides to increasing the security posture of one product or another. We alluded to the Cisco guides earlier this month (Day 11), Microsoft also makes a decent set of hardening guides for Windows server and workstation products, as do most Linux distros - youll find that most vendors have documents of this type. VMwares vSphere hardening guide is one I use frequently. Its seen several iterations over the years - the versions considered --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14341&rss *** Apple banishes Java from Mac browsers *** --------------------------------------------- Fanbois told to install Oracles plugin Apple has discontinued its own Java plugin, issuing an update that removes it from MacOS and encourages users to instead download Oracles version of the software.� --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/19/apple_banis… *** Dont secure the internet, it needs crime: Diffie *** --------------------------------------------- "While many people see securing the internet as a means to stopping cybercrime, former vice president for information security and cryptography at the Internet Corporation for Assigned Names and Numbers (ICANN) Whitfield Diffie thinks that internet crime may be necessary. Diffie, who spoke at the Australian Information Security Associations National Conference 2012 in Sydney this week, is better known for his contribution to the cryptography community by devising with Martin Hellman and --------------------------------------------- http://www.zdnet.com/dont-secure-the-internet-it-needs-crime-diffie-7000005… *** Palo Alto Networks GlobalProtect Man-In-The-Middle *** --------------------------------------------- Topic: Palo Alto Networks GlobalProtect Man-In-The-Middle Risk: Low Text: SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect Prob... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/SD1xHp0GFaM/WLB-20… *** RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution *** --------------------------------------------- Topic: RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Risk: High Text:Title : RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Version : 15.0.6.14 Date : 2012-10-18 Vendor : ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ZE9qMdPQl-Q/WLB-20… *** Vuln: Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities *** --------------------------------------------- Computer Associates ARCserve Backup Remote Code Execution and Denial of Service Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56116

1 0

Tageszusammenfassung - Donnerstag 18-10-2012
by Daily end-of-shift report 18 Oct '12

18 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-10-2012 18:00 − Donnerstag 18-10-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Oracle Leaves Fix for Java SE Zero Day Until February Patch Update *** --------------------------------------------- "Oracle will not patch a critical sandbox escape vulnerability in Java SE versions 5, 6 and 7 until its February Critical Patch Update, according to the researcher who discovered the flaw. Adam Gowdiak of Polish security firm Security Explorations told Threatpost via email that Oracle said it was deep into testing of another Java patch for the October CPU released yesterday and that it was too late to include the sandbox fix. Gowdiak said he plans to present technical details on the flaw... --------------------------------------------- http://threatpost.com/en_us/blogs/oracle-leaves-fix-java-se-zero-day-until-… *** Vuln: Oracle Database Authentication Protocol CVE-2012-3137 Security Bypass Vulnerability *** --------------------------------------------- Oracle Database Authentication Protocol CVE-2012-3137 Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55651 *** High bandwidth DDoS attacks are now common, researcher says *** --------------------------------------------- "Distributed denial-of-service (DDoS) attacks with an average bandwidth of over 20Gbps have become commonplace this year, according to researchers from from DDoS mitigation vendor Prolexic. Last year such high-bandwidth attacks were isolated incidents, but attacks that exceed 20Gbps in bandwidth occur frequently now, Prolexics president Stuart Scholly said Tuesday. This is significant because very few companies or organizations have the necessary network infrastructure to deal with... --------------------------------------------- http://www.computerworld.com/s/article/9232487/High_bandwidth_DDoS_attacks_… *** ModSecurity 2.6.8 multipart/invalid part ruleset bypass *** --------------------------------------------- Topic: ModSecurity 2.6.8 multipart/invalid part ruleset bypass Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory == title: ModSecurity mul... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/5KOdJs9aZmg/WLB-20… *** One year on, SSL servers STILL cower before the BEAST *** --------------------------------------------- 70% of sites still vulnerable to cookie monster The latest monthly survey by the SSL Labs project has discovered that many SSL sites remain vulnerable to the BEAST attack, more than a year after the underlying vulnerability was demonstrated by security researchers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/18/ssl_securit… *** Four horsemen posse: This here security town needs a new sheriff *** --------------------------------------------- Body which issues CISSP tin stars set for shakeup? As the overpriced beers flowed and dusk approached in central London pubs surrounding the venue of RSA Europe last week, talk often turned towards the (ISC)2 security certification body.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/18/isc2_electi… *** A New Cybersecurity Technique - Signature-based communications blockage for control systems *** --------------------------------------------- "This is a brief look at a new product capability reported by Tofino Security that may allow some ICS owners to avoid at least part of their patch cycle without increasing security vulnerability...." --------------------------------------------- http://chemical-facility-security-news.blogspot.nl/2012/10/a-new-cybersecur… *** [webapps] - OTRS 3.1 Stored XSS Vulnerability *** --------------------------------------------- OTRS 3.1 Stored XSS Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/22070 *** Bugtraq: Internet Explorer 9 XSS Filter Bypass *** --------------------------------------------- Internet Explorer 9 XSS Filter Bypass --------------------------------------------- http://www.securityfocus.com/archive/1/524460 *** Before We Knew It - An Empirical Study of Zero-Day Attacks In The Real World *** --------------------------------------------- Little is known about the duration and prevalence of zero-day attacks, which exploit vulnerabilities that have not been disclosed publicly. Knowledge of new vulnerabilities gives cyber criminals a free pass to attack any target of their choosing, while remaining undetected. Unfortunately, these serious threats are difficult to analyze, because, in general, data is not available until after an attack is discovered... --------------------------------------------- http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf

1 0

Tageszusammenfassung - Mittwoch 17-10-2012
by Daily end-of-shift report 17 Oct '12

17 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 17-10-2012 18:00 − Mittwoch 17-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Kaspersky Lab Developing Its Own Operating System? We Confirm the Rumors, and End the Speculation! *** --------------------------------------------- "Today Id like to talk about the future. About a not-so-glamorous future of mass cyber-attacks on things like nuclear power stations, energy supply and transportation control facilities, financial and telecommunications systems, and all the other installations deemed critically important. Or you could think back to Die Hard 4 where an attack on infrastructure plunged pretty much the whole country into chaos...." --------------------------------------------- http://eugene.kaspersky.com/2012/10/16/kl-developing-its-own-operating-syst… *** Vuln: Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability *** --------------------------------------------- Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56076 *** Steam spawns vulnerabilities, say researchers *** --------------------------------------------- Gamers can be fragged by undocumented features A new security research outfit called ReVuln has presented its letter of introduction to the world in the form of a paper that analyses how the Steam protocol can expose gamers to attacks.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/17/steam_revul… *** Stürmischer Oktober-Patchday bei Oracle *** --------------------------------------------- xhtml --------------------------------------------- http://www.heise.de/security/meldung/Stuermischer-Oktober-Patchday-bei-Orac… *** New "Surveillance-Proof" App To Secure Communications Has Governments Nervous *** --------------------------------------------- "Lately, Mike Janke has been getting what he calls the hairy eyeball from international government agencies. The 44-year-old former Navy SEAL commando, together with two of the worlds most renowned cryptographers, was always bound to ruffle some high-level feathers with his new projecta surveillance-resistant communications platform that makes complex encryption so simple your grandma can use it. This week, after more than two years of preparation, the finished product has hit the --------------------------------------------- http://www.slate.com/articles/technology/future_tense/2012/10/silent_circle… *** Sicherheitsrisiko Steam *** --------------------------------------------- xhtml --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsrisiko-Steam-1731296.html/f… *** Next-Generation Malware: Changing The Game In Securitys Operations Center *** --------------------------------------------- "In a quiet, secluded spot, a malware author is creating a new piece of code that no antivirus tool has ever seen before. Its not a particularly creative exploit -- just a slight tweak on an existing Trojan -- but it should be enough to bypass the signature-based defenses of the company hes targeting. Your company...." --------------------------------------------- http://www.darkreading.com/security-monitoring/167901086/security/security-…

1 0

Tageszusammenfassung - Dienstag 16-10-2012
by Daily end-of-shift report 16 Oct '12

16 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 15-10-2012 18:00 − Dienstag 16-10-2012 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Precision Espionage mini Flame Malware Tied to Flame, Gauss *** --------------------------------------------- "One of three previously unseen pieces of malware discovered during forensic analysis of the Flame malware command-and-control servers has been identified as a secondary surveillance tool deployed against specially identified targets, and only after an initial Flame or Gauss compromise, researchers said today. MiniFlame, or SPE, was originally thought to be a Flame module, but researchers at Kaspersky Lab and CERT-Bund/BSI determined the program can stand alone as an independent piece of... --------------------------------------------- http://threatpost.com/en_us/blogs/precision-espionage-miniflame-malware-tie… *** Developers ignore their security responsibilities: Oracle *** --------------------------------------------- "Software developers are ignoring their responsibilities to protect and design infrastructure that is properly secured, according to Oracle Chief Security Officer Mary Ann Davidson. Speaking at the Australian Information Security Associations National Conference 2012 in Sydney today, Davidson said that developers, in many cases, were building systems used in key infrastructure without even thinking about security."Do we really think that the people that decide [to] have self-driving... --------------------------------------------- http://www.zdnet.com/developers-ignore-their-security-responsibilities-orac… *** Global card fraud continues to rise - survey *** --------------------------------------------- "A quarter of people have been hit by card fraud during the past five years, prompting many to ditch their provider, says an ACI Worldwide-commissioned survey covering 17 countries around the world. According to the Aite Group poll of 5223 people - around 300 for each country - Mexicans are the most likely to fall victim to fraudsters, with 44% hit in the last five years. Chip and PIN-less America comes second, on 42%, followed by India on 37%...." --------------------------------------------- http://www.finextra.com/News/Fullstory.aspx?newsitemid=24166 *** Eugene Kaspersky Unveils Plans for New Secure SCADA OS *** --------------------------------------------- "Attacks against SCADA and industrial-control systems have become a major concern for private companies as well as government agencies, with executives and officials worried about the potential effects of a major compromise. Security experts in some circles have been warning about the possible ramifications of such an attack for some time now, and researchers have found scores of vulnerabilities in SCADA and ICS systems in the last couple of years. Now, engineers at Kaspersky Lab have... --------------------------------------------- http://threatpost.com/en_us/blogs/eugene-kaspersky-unveils-plans-new-secure… *** Reverse Engineering Malware - What you need to know? *** --------------------------------------------- "Every now and then, a nasty piece of Malware raises its ugly head and wreck havoc on the Enterprise Infrastructure. It is often necessary to analyze the Malware and understand its working so thatThe impact of the Malware on IT Systems can be ascertained ANDThe nature of preventative controls that can be put in place so that this threat does not spread further. In such scenarios, Reverse Engineering of the Malware becomes a requirement...." --------------------------------------------- http://infosecnirvana.com/reverse-engineering-malware/ *** Cyber Security Bulletin SB12-289 - Vulnerability Summary for the Week of October 8, 2012 *** --------------------------------------------- "High Vulnerabilities : adobe -- adobe_airbackwpup -- backwpupbernhard_wymann -- torcsbigware -- bigware_shopcomponentone -- flexgridcraig_knudsen -- webcalendarMedium Vulnerabilities: activestate -- activeperlactivestate -- activetclactivestate -- activepythonaidanlister -- regcodeapache -- axis2apprain -- apprainLow Vulnerabilities:barracudanetworks -- spam_&_virus_firewall_600bryce_harrington -- xdiagnosecartpauj -- shortcode-redirectemc --... --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB12-289.html *** WordPress Brute Force Attacks - How you can protect yourself against WordPress Brute Force attacks *** --------------------------------------------- "It is common for me to submit several hundred abuse reports as part of our security monitoring service every day. If I was asked for an off the cuff ball park of the main attack types from January 2012 to August 2012, I would probably answer with 40% remote file inclusion attacks, 40% local file inclusion attacks, 15% directory transferal attacks, 4% other (including brute force attacks), and 1% SQL injection attacks. If you asked me from September 2012 forward, the answer would change... --------------------------------------------- http://www.dynamicnet.net/2012/10/wordpress-brute-force-attacks/ *** Santanders online banking keeps passwords in cookies *** --------------------------------------------- "The retail web site for Santander bank has been discovered to be keeping customer passwords in plain text in cookies held while the user is logged in. The discovery was revealed on the Full Disclosure mailing list when an anonymous user posted details of how credit card numbers and other information was stored in session cookies. The H set out to verify whether the claims were correct...." --------------------------------------------- http://www.h-online.com/security/news/item/Santander-s-online-banking-keeps… *** MyBB 1.6.8 Cross Site Scripting *** --------------------------------------------- Topic: MyBB 1.6.8 Cross Site Scripting Risk: Low Text: Exploit Title : Mybb 1.6.8 Cross Site Scripting Author : 3xpl0!t3r Discovered By : Sec-Advisor.Org Da... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/jTSNZAsKIiU/WLB-20…

1 0

Tageszusammenfassung - Montag 15-10-2012
by Daily end-of-shift report 15 Oct '12

15 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 12-10-2012 18:00 − Montag 15-10-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** SCADA Hacking : Exploit released to Hack Solar Energy Plants *** --------------------------------------------- "ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities. They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product. The US Department of Homeland Security is warning about vulnerabilities in a common... --------------------------------------------- http://thehackernews.com/2012/10/scada-hacking-exploit-released-to-hack.htm… *** Remote Admin Tools May Not Be Clever Enough For Their Own Good *** --------------------------------------------- ancientribe writes "A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing, and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ehO8DsJFuJk/remote-admin-to… *** Your Real-Time Cyber-Attack Map *** --------------------------------------------- "I have no idea how reliable the info shown here is, but it certainly is interesting. Especially to me, as I climb onto a plane bound for southern China via Japan. Its an animated real-time visualization of (it says) attempted cyber-attacks...." --------------------------------------------- http://www.theatlantic.com/technology/archive/2012/10/your-real-time-cyber-… *** Mac OS X Hackers Can Steal Apple IDs in Just 10 Seconds *** --------------------------------------------- "The guys over at shootitlive came across what seems to be a major security flaw that could be exploited by a hacker connected to the same WiFi network as the victim. The method is called Session Fixation Attack and basically comes down to using a previous browser session to extract private data and get access to an Apple ID. This means that iTunes and App Store accounts can be compromised, as the hacker can change both the password and the email address...." --------------------------------------------- http://news.softpedia.com/news/Mac-OS-X-Hackers-Can-Steal-Apple-IDs-in-Just… *** Cyberthings for Managers - Latest Issue 14 October 2012 *** --------------------------------------------- "Cyberthings for Managers is a summary of signicant news or literature about the domain of Cyberwarfare and directly related areas. The summary is aimed at manager level and higher, thus there will be no listings of technical hacks, aws or incidents. Only major developments especially from governmental level down, are listed...." --------------------------------------------- http://www.opensourceintelligence.eu/website/cyberthings/latest.pdf *** The Scrap Value of a Hacked PC, Revisited *** --------------------------------------------- "A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who cant begin to fathom why miscreants would want to hack into his PC. I dont bank online, I dont store sensitive information on my machine!..." --------------------------------------------- http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/ *** The Deep Web Part 1: Introduction to the Deep Web and how to wear clothes online! *** --------------------------------------------- "According to Cisco, by the end of this year, there will be more Internet-connected mobile devices than people on Earth! Not surprisingly there is a lot of interesting content being generatedAccording to Netcraft, there are over 190 million active websites, and according to the WorldWideWebSize daily estimate, the Indexed Web contains at least 8. 42 billion pages...." --------------------------------------------- http://securityaffairs.co/wordpress/9409/security/the-deep-web-part-1-intro… *** "Das muss menschliches Versagen sein" - Sicherheitskonferenz in Luxembourg *** --------------------------------------------- Das Computer Incident Response Center Luxembourg (CIRCL) veranstaltet vom 23. bis 25. Oktober erneut die Sicherheitskonferenz hack.lu. Der Veranstalter ist das offizielle Computer Security Incident Response Team des "Großherzogtums Luxembourg", das auch als Sponsor der Veranstaltung auftritt. Das Konferenz-Motto ist das berühmte Zitat des Computers HAL 9000 aus "2001: Odysee im Weltraum", der sich selbst für unfehlbar hielt und deshalb klar stellte: "It can only be attributable to human error". --------------------------------------------- http://www.heise.de/security/meldung/Das-muss-menschliches-Versagen-sein-Si… *** Bank Attacks: What Have We Learned? - How to Prepare for Next Wave of DDoS Strikes *** --------------------------------------------- "In the wake of eight sophisticated distributed denial of service attacks aimed at leading U.S. banks in recent weeks, financial institutions are bracing for more. The hacktivist group Izz ad-Din al-Qassam, which took credit for the online outages, said it planned to spend the weekend of Oct. 13-14 planning its next wave of attacks. And if the trend continues, those attacks could come as soon as Oct. 16, because the previous waves both started on Tuesdays...." --------------------------------------------- http://www.bankinfosecurity.com/bank-attacks-what-have-we-learned-a-5197?rf… *** State-Sponsored Malware Flame Has Smaller, More Devious Cousin *** --------------------------------------------- "Researchers have uncovered new nation-state espionage malware that has ties to two previous espionage tools known as Flame and Gauss, and that appears to be a high-precision, surgical attack tool targeting victims in Lebanon, Iran and elsewhere. Researchers at Kaspersky Lab, who discovered the malware, are calling the new malware miniFlame, although the attackers who designed it called it by two other names SPE and John. MiniFlame seems to be used to gain control of and obtain increased... --------------------------------------------- http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/?utm_sour… *** SilverStripe 2.4.7 and lower Persistent Cross Site Scripting *** *** SilverStripe 2.4.7 and lower Open URL Redirection *** --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/JmS3heO-psM/WLB-20… http://feedproxy.google.com/~r/securityalert_database/~3/jFOmtCUzv_E/WLB-20… *** Vuln: FileBound On-Site Password Reset Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/55880

1 0

Tageszusammenfassung - Freitag 12-10-2012
by Daily end-of-shift report 12 Oct '12

12 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 11-10-2012 18:00 − Freitag 12-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** Skype malware steals more than your money: User accounts from Facebook, Twitter, PayPal, and more *** --------------------------------------------- "Earlier this week, we warned you about a new piece of malware that is spreading via Skype using the message lol is this your new profile pic? It tries steals to steal your money using both ransomware (restricts access to your computer and demands payment for it to be removed) and click fraud (imitation of a legitimate user clicking on an ad to generate revenue). Now weve learned that the malware does more than that: it targets your user accounts on various Web services and can also do so --------------------------------------------- http://thenextweb.com/microsoft/2012/10/12/skype-malware-steals-more-than-y… *** SOPA Is Back! As a Ransomware Virus *** --------------------------------------------- "After historic Internet protests in January the SOPA anti-piracy bill was defeated. However, this week several reports have pointed to a rather unfortunate SOPA comeback. Not in Congress, but as a nasty cryptovirus that locks up peoples computers and accuses them of distributing copyright infringing files...." --------------------------------------------- http://torrentfreak.com/sopa-is-back-as-a-ransomware-virus-121011/ *** Conficker worm still being tracked, but evidence collection slows *** --------------------------------------------- "The notorious malware known as the Conficker worm still infects computers, a sort of wild horse with no rider, but investigators appear no closer to finding its creator. Also known as "Downandup," Conficker was discovered in November 2008, exploiting a vulnerability in Windows XP that allowed remote file execution when file-sharing was enabled. Microsoft patched it a month later...." --------------------------------------------- http://www.computerworld.com/s/article/9232277/Conficker_worm_still_being_t… *** RSA Conference: Security industry built on a haze of fog and hype *** --------------------------------------------- "A panel of security experts at RSA Conference criticised their industry over its tendency to sensationalise and hype, taking attention away from truly important problems. As well as the media that had a tendency to sensationalise issues, criticism was also reserved for companies that tried to focus attention on areas such as Android malware that was cool, instead of business and enterprise problems that companies were actively trying to deal with. Joshua Corman, director of security --------------------------------------------- http://www.scmagazineuk.com/rsa-conference-security-industry-built-on-a-haz… *** EU cloud strategy calls for standards *** --------------------------------------------- "Cloud computing technical specification standardization, model contracts and a pooling of requirements among European Union governments would cause the gross domestic product impact of cloud computing in the EU to nearly triple to 250 billion by 2020, says the European Commission. In a commission cloud strategy (. pdf) dated Sept. 27, the commission says a hands-off approach would result in GDP impact of merely 88 billion by 2020--and as a result, says it will launch cloud-specific --------------------------------------------- http://www.fiercegovernmentit.com/story/eu-cloud-strategy-calls-standards/2… *** CAST diskutiert strukturelle Defizite kritischer Infrastrukturen *** --------------------------------------------- Als "Hot Topic" hatte das CAST-Forum seine Veranstaltung zum Schutz kritischer Infrastrukturen bezeichnet. Der Trend, die industrielle Informationstechnik bis zur Feldebene einzelner Sensoren in der Fertigung oder Energieversorgung mit dem "normalen" Internet zu vernetzen, sei bedenklich. Mit Simulationen, der Neuberechnung von Toleranzgrenzen und industriellem Schwachstellenmanagement wollen die versammelten Experten den Schutz verbessern. --------------------------------------------- http://www.heise.de/security/meldung/CAST-diskutiert-strukturelle-Defizite-… *** Hack In The Box: researcher reveals ease of Huawei router access *** --------------------------------------------- At Hack In The Box researcher Felix "FX" Lindner has shown how Huawei routers are easy to access with their static passwords and how one machine could give an attacker access to an entire network. --------------------------------------------- http://www.zdnet.com/hack-in-the-box-researcher-reveals-ease-of-huawei-rout… *** Whonix: Anonymous operating system *** --------------------------------------------- "Whonix is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the users real IP/location...." --------------------------------------------- http://www.net-security.org/secworld.php?id=13757 *** Privatsphäre - Apples geheime Tracking-Funktion in iOS 6 *** --------------------------------------------- Nach der Verbannung der UDIDs sind die neuen Tracking-Funktionen zu Werbezwecken gut versteckt --------------------------------------------- http://text.derstandard.at/1348285823855/Apples-geheime-Tracking-Funktion-i… *** Bugtraq: ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities *** --------------------------------------------- ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524394

1 0

Tageszusammenfassung - Donnerstag 11-10-2012
by Daily end-of-shift report 11 Oct '12

11 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-10-2012 18:00 − Donnerstag 11-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Expenditure Report Reveals Germany Monitors Skype, Google Mail, Facebook Chat *** --------------------------------------------- hypnosec writes "The German Government has gone a bit too far trying to be transparent, inadvertently revealing that German police monitor Skype, Google Mail, MSN Hotmail, Yahoo Mail, and Facebook chat when necessary. The revelations, spotted by the annalist blog, come from a report of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry. The report contains lots of tables and as many would find those boring, some highlights: On page 34 and page 37 of... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/J2HxG9I5vdo/expenditure-rep… *** Microsoft addresses critical Word flaws, new RSA key length *** --------------------------------------------- "Microsoft will begin requiring digital certificates to support an RSA key length of at least 1024 bits today, in accordance with a security advisory being pushed through Windows Update. The new requirement, which Microsoft has been preparing customers for since August, was part of the software companys October 2012 Patch Tuesday security updates. Microsoft also addressed an issue with signature timestamps on valid files and released seven bulletins covering 20 vulnerabilities in Microsoft... --------------------------------------------- http://searchsecurity.techtarget.com/news/2240164725/Microsoft-addresses-cr… *** US and EU Clash Over Whois Data *** --------------------------------------------- itwbennett writes "ICANN wants to store more data (including credit card information) about domain name registrations in its Whois database, wants to hold on to that data for two years after registration ends, and wants to force registrant contact information to be re-verified annually - moves that are applauded by David Vladeck, director of the FTCs Bureau of Consumer Protection. The E.U.s Article 29 Working Group is markedly less enthusiastic, saying ICANNs plans trample on... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/6xJedYC9pQU/us-and-eu-clash… *** Sicherheitslücke in Firefox 16 *** --------------------------------------------- Eine Sicherheitslücke in Firefox 16 hat Mozilla in Alarmbereitschaft versetzt. Als Reaktion wurde Firefox 16 von der Mozilla Homepage entfernt und steht nicht mehr zur Installation zur Verfügung. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-Firefox-16-172739… *** PGP founders mobile privacy app goes live *** --------------------------------------------- Zimmerman & Navy SEAL pals unveil safe comms, at $20 a month Updated Silent Circle, the secure mobile communications app backed by Phil Zimmerman, has gone live - offering protection from all but the most determined of government departments. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/10/secure_circ… *** Neue IPv6-Tools von "The Hackers Choice" *** --------------------------------------------- Die Hackergruppe "The Hackers Choice" hat das THC IPv6 Attack Toolkit für die Version 2.0 deutlich erweitert. Im Mittelpunkt der Tools steht nicht nur das Sammeln von Informationen über andere IPv6-Hosts, sondern auch über gezielte Angriffe, etwa um Pakete über sich umzuleiten und in eine Position als Man-in-the-Middle zu gelangen. --------------------------------------------- http://www.heise.de/security/meldung/Neue-IPv6-Tools-von-The-Hackers-Choice… *** Facebook Confirms Data Breach *** --------------------------------------------- another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. Its not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebooks 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited the Prakashs --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-ZGiVNpxow8/facebook-confir… *** Bugtraq: Multiple vulnerabilities in OpenX *** --------------------------------------------- Multiple vulnerabilities in OpenX --------------------------------------------- http://www.securityfocus.com/archive/1/524372

1 0

Tageszusammenfassung - Mittwoch 10-10-2012
by Daily end-of-shift report 10 Oct '12

10 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-10-2012 18:00 − Mittwoch 10-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Proxy service users download malware, unknowingly join botnet *** --------------------------------------------- "In yet another example of if-its-too-good-to-be-true-it-probably-isnt, hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. "The malware is Backdoor. Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware --------------------------------------------- http://www.net-security.org/malware_news.php?id=2290 *** Kernel crimps make Windows 8 a hacker hassle *** --------------------------------------------- The kernel is the new battleground, says ReactOS and iOS co-author Alex Ionescu Windows 8 will make hackers lives hard, says Windows internals expert, security researcher and co-author of Apples iOS and the open source Windows XP clone ReactOS, Alex Ionescu. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/09/windws_8_ha… *** Microsoft to devs: Bug users about security ... now! *** --------------------------------------------- Redmond reveals how and when it decides to remind you about security Microsoft has revealed the guidelines it gives its own developers to help them decide when users need a rude reminder to stop putting themselves at risk of security problems. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/10/microsoft_n… *** RSA simple password-protection to stop hackers *** --------------------------------------------- "RSA, the security division of EMC, today announced a security product intended to protect simple passwords stored within businesses for authentication purposes, by splitting these passwords in two pieces kept separately, in theory making it harder for hackers to get hold of them. Yahoos massive data breach contains Gmail, Hotmail, Comcast user names and passwordsThis year has seen a large number of password hacking exploits, including those against Yahoo, dating site eHarmony, and --------------------------------------------- http://www.itworld.com/security/301646/rsa-simple-password-protection-stop-… *** Mysterious Algorithm Was 4% of Trading Activity Last Week *** --------------------------------------------- A single mysterious computer program that placed orders - and then subsequently canceled them - made up 4 percent of all quote traffic in the U.S. stock market last week, according to the top tracker of high-frequency trading activity. The motive of the algorithm is still unclear. The program placed orders in 25-millisecond bursts involving about 500 stocks, according to Nanex, a market data firm. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gouGx0l7Y5E/mysterious-algo… *** Oktober ist Office-Patch-Monat *** --------------------------------------------- Microsoft schließt an seinem aktuellen Patchday sieben Sicherheitslücken, eine davon mit der Risikobewertung "kritisch", die restlichen mit der Bewertung "hoch". Vier der veröffentlichten Sicherheitsnotzien betreffen Microsoft Office, die kritische Lücke findet sich in allen Versionen von Word. Hier sind besonders Nutzer mit Administrationsrechten dem Risiko ausgesetzt, ihr System beim Aufrufen einer Website mit Schadcode zu infizieren. --------------------------------------------- http://www.heise.de/security/meldung/Oktober-ist-Office-Patch-Monat-1726703… *** Google disappears for Irish internet users - but was it a nameserver hack or admin screwup? *** --------------------------------------------- Thousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia. --------------------------------------------- http://nakedsecurity.sophos.com/2012/10/09/google-disappears-for-irish-inte… *** Data-stealing hackers use DDoS to distract from attacks *** --------------------------------------------- Cybercriminals are distracting banks and other businesses with a DDoS attack while they quietly lay siege to sensitive data on the network, which they can use for credit card cloning and other fraud. --------------------------------------------- http://www.zdnet.com/symantec-data-stealing-hackers-use-ddos-to-distract-fr… *** Vuln: Microsoft Windows Kerberos CVE-2012-2551 Denial of Service Vulnerability *** --------------------------------------------- Microsoft Windows Kerberos CVE-2012-2551 Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55778 *** Vuln: Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability *** --------------------------------------------- Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51117

1 0

Tageszusammenfassung - Dienstag 9-10-2012
by Daily end-of-shift report 09 Oct '12

09 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-10-2012 18:00 − Dienstag 09-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Studie: Cybercrime verursacht deutschen Unternehmen Millionenschäden *** --------------------------------------------- Datendiebstahl, Computerviren und Web-Attacken verursachen in einem deutschen Großunternehmen laut einer Studie von Hewlett-Packard jährlich einen Schaden von durchschnittlich 4,8 Millionen Euro. Deutschland liegt damit zwischen den USA (6,9 Millionen Euro) und Japan (3,9 Millionen Euro), wie das IT-Unternehmen am Montag in Büblingen bei Stuttgart mitteilte. --------------------------------------------- http://www.heise.de/security/meldung/Studie-Cybercrime-verursacht-deutschen… *** Trojan disguised as image delivered via Skype messages *** --------------------------------------------- "The spamming campaign has surfaced in the last few days and is being propagated via compromised Skype accounts. The offered links dont lead to an image, but to a malicious executable (skype_02102012_image. exe) posing as one...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2285 *** Bing is the most heavily poisoned search engine, study says *** --------------------------------------------- Bing search results are more affected by poisoning than those of other search engines, according to a study by SophosLabs. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/08/bing_worst_… *** Critical Adobe Flash Player Update Nixes 25 Flaws *** --------------------------------------------- Adobe has issued an update for its Flash Player software that fixes at least 25 separate security vulnerabilities in the widely-installed program. The company also pushed out a security patch for its Adobe AIR software. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/MKdBYW3I3dQ/ *** Surprise! Microsoft patches latest IE10 Flash vulns on time *** --------------------------------------------- Issues fixes same day as Adobes patch Microsoft surprised Windows 8 and Windows Server 2012 users on Monday by issuing a patch that fixes 25 security vulnerabilities found in the Adobe Flash Player component of Internet Explorer 10, mere hours after Adobe issued its own patch for the Flash Player plug-in used by other browsers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/09/ms_ontime_i… *** Facebook: Lücke bei Telefonnummern-Suche *** --------------------------------------------- Durch eine unbeschränkte Abfrage über die Mobil-Webseite und eine offene Voreinstellung für Nutzer können mit Leichtigkeit Personen-Listen samt dazugehöriger Telefonnummern generiert werden, zeigen Sicherheits-Forscher auf. Sie rufen Nutzer zum überprüfen ihrer Auffindbarkeits-Einstellungen auf. --------------------------------------------- http://futurezone.at/digitallife/11783-facebook-luecke-bei-telefonnummern-s… *** Flaws Allow Every 3G Device To Be Tracked *** --------------------------------------------- mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victims outgoing traffic to different --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/NPPj-sqeBcM/flaws-allow-eve… *** Plugin - PrivacyFix für Google Chrome regelt Privatsphäre-Einstellungen *** --------------------------------------------- Facebook, Google und zahlreiche Websites: Mit PrivacyFix soll man den Überblick behalten --------------------------------------------- http://text.derstandard.at/1348285489060/PrivacyFix-fuer-Google-Chrome-rege… *** HTTPS Everywhere unterstützt mehr Websites *** --------------------------------------------- Die Electronic Frontier Foundation (EFF) hat eine neue Version ihrer Browser-Erweiterung HTTPS Everywhere veröffentlicht. Version 3.0 unterstütze jetzt verschlüsselte Verbindungen zu noch mehr Websites. Neben der stabilen Version für Firefox ist auch eine Entwicklerversion für Google Chrome und Chromium verfügbar. --------------------------------------------- http://www.heise.de/security/meldung/HTTPS-Everywhere-unterstuetzt-mehr-Web… *** Windows XP doppelt so oft infiziert wie Windows 7 *** --------------------------------------------- Im Microsoft Security Intelligence Report für das erste Halbjahr 2012 bilanziert der Betriebssystemhersteller, dass er rund doppelt so oft Schädlinge von Systemen mit Windows XP kratzen musste wie bei Windows 7 oder auch Vista. Bei rund einem Prozent der Durchläufe des Malicious Software Removal Tools (MSRT) auf Windows XP entdeckte der rudimentäre Scanner eine Infektion (9,5 von 1000); bei den neueren Windows-Versionen liegt diese Infektionsrate lediglich bei etwa 0,5 Prozent. --------------------------------------------- http://www.heise.de/security/meldung/Windows-XP-doppelt-so-oft-inifiziert-w… *** Practical IT: What is your companys threat response strategy? *** --------------------------------------------- "Weve recently seen some pretty high-profile vulnerabilities in Java and Internet Explorer. In both cases the issues became widely publicised before a patch was available after evidence emerged of in-the-wild exploitation by criminals. As someone looking after IT for your company, how do you react to reports like this?..." --------------------------------------------- http://nakedsecurity.sophos.com/2012/10/09/it-departments-threat-response-s… *** Bugtraq: Team SHATTER Security Advisory: Java Operating System command execution *** --------------------------------------------- Team SHATTER Security Advisory: Java Operating System command execution --------------------------------------------- http://www.securityfocus.com/archive/1/524336 *** Avaya IP Office Customer Call Reporter Command Execution *** --------------------------------------------- Topic: Avaya IP Office Customer Call Reporter Command Execution Risk: High Text: This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/za7W7e-s5xI/WLB-20…

1 0

Tageszusammenfassung - Montag 8-10-2012
by Daily end-of-shift report 08 Oct '12

08 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-10-2012 18:00 − Montag 08-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Reports of a Distributed Injection Scan, (Fri, Oct 5th) *** --------------------------------------------- We have received a report of a large distributed SQL Injection Scan from a reader. Behavior of scan is being reported as 9000+ Unique IPv4 Addresses and sends 4-10 requests to lightly fuzz the form field. Then the next IP will lightly fuzz the second form field within the same page and the next IP the next form field.Looks to be targeting MSSQL and seeking version. The reader reports that this scan has been going on for several days. Sample Payload: --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14251&rss *** Vuln: Ruby error.c Multiple Security Bypass Vulnerabilities *** --------------------------------------------- Ruby error.c Multiple Security Bypass Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55757 *** Over 82,000 Chrome Users Install Ad Injector Along with Fake Bad Piggies Game *** --------------------------------------------- "Barracuda Labs experts have identified a number of shady plugins hosted on Google Chromes web store, being advertised as the free online version of Bad Piggies. However, during installation, the plugins request permission to access data on all websites. This allows them to inject advertisements into several high-ranked sites, such as Yahoo!...." --------------------------------------------- http://news.softpedia.com/news/Over-82-000-Chrome-Users-Install-Ad-Injector… *** Update to Security Advisory: Adobe Revokes Code Signing Certificate (APSA12-01) *** --------------------------------------------- Following up on our communication from September 27, 2012, we have now revoked the Adobe code signing certificate for all code signed after July 10, 2012 (00:00 GMT). We have updated the Security Advisory (APSA12-01) to reflect this action. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- http://blogs.adobe.com/psirt/2012/10/update-to-security-advisory-adobe-revo… *** Windows Escalate UAC Protection Bypass *** --------------------------------------------- Topic: Windows Escalate UAC Protection Bypass Risk: High Text:## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial r... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/M58qqKeG-j8/WLB-20… *** Flame fallout: Microsoft encryption deadline looms Tuesday *** --------------------------------------------- "Starting Tuesday Microsoft platforms will block the use of encryption keys less than 1024 bits so businesses that are still using weaker keys better get busy. Changing the keys the Microsoft software uses isnt that tricky, but finding all the customer and third-party software in corporate networks that use smaller keys could require some searching. Users should download the update and test whether it breaks connections with existing applications before putting it into full production, --------------------------------------------- http://www.csoonline.com/article/718070/flame-fallout-microsoft-encryption-… *** Govt to build global cyber security centre *** --------------------------------------------- "Hague announces plan for new cyber security centre to guard against cyber attack and offer nations advice on improving their cyber defences Foreign secretary William Hague has announced that the government is planning to build a new global cyber security centre of excellence aimed at helping developing nations combat cyber crime. Speaking yesterday at the Budapest Conference on Cyberspace, Hague said the government will invest 2 million per year on the Centre for Global Cyber-Security --------------------------------------------- http://www.information-age.com/channels/security-and-continuity/news/212663… *** Most of the Mass Distributed Malware in Q3 2012 Were Banking Trojans, Study Finds *** --------------------------------------------- "Every once in a while we like to take a look at the quarterly reports issued by security companies to see how the threat landscape evolves. This time well analyze the figures and key findings of Solutionary Security Engineering Research Teams (SERT) Q3 2012 Quarterly Research Report. The figures from the study reveal that malware developers are getting better and better at hiding their creations from antivirus software...." --------------------------------------------- http://news.softpedia.com/news/Most-of-the-Mass-Distributed-Malware-in-Q3-2… *** Mozilla To Bug Firefox Users With Old Adobe Reader, Flash, Silverlight *** --------------------------------------------- An anonymous reader writes "Mozilla today announced it will soon start prompting Firefox users to upgrade select old plugins. This will only affect Windows users, and three plugins: Adobe Reader, Adobe Flash, and Microsoft Silverlight. Mozilla says Firefox users will soon see a notification urging them to update when they visit a web page that uses the plugins." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/YH6pPZWcwYk/mozilla-to-bug-… *** Fake Panda Cloud Antivirus Hides Data-Stealing Dark Angel Trojan *** --------------------------------------------- "The fake Panda Cloud Antivirus has been found to hide a nasty Trojan called DarkAngle which is designed to steal sensitive details such as passwords and online banking details. Once its executed, the malicious element logs all the commands entered by the victim and sends them back to a command and control server. To make sure that it can harvest as much information as possible, the threat is loaded each time the computer is rebooted...." --------------------------------------------- http://news.softpedia.com/news/Fake-Panda-Cloud-Antivirus-Hides-Data-Steali… *** Tablet security study finds BlackBerry still good for something *** --------------------------------------------- iPad,Galaxy Tab and PlayBook face off in BYOD probe A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/05/tablet_secu… *** Bank Hacks: 7 Misunderstood Facts *** --------------------------------------------- "Whos behind the recent online attacks against multiple financial institutions including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo? In recent weeks, all have bit hit by large-scale distributed denial-of-service (DDoS) attacks. Cue website outages and customer outrage...." --------------------------------------------- http://www.informationweek.com/security/attacks/bank-hacks-7-misunderstood-… *** ‘Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks *** --------------------------------------------- Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSAs advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. Im weighting in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/aCWwJrPN238/ *** Botnetz kartographiert das gesamte Internet *** --------------------------------------------- xhtml --------------------------------------------- http://www.heise.de/security/meldung/Botnetz-kartographiert-das-gesamte-Int…

1 0

Tageszusammenfassung - Freitag 5-10-2012
by Daily end-of-shift report 05 Oct '12

05 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-10-2012 18:00 − Freitag 05-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Microsoft Security Bulletin Advance Notification for October 2012 *** --------------------------------------------- "This is an advance notification of security bulletins that Microsoft is intending to release on October 9, 2012. This bulletin advance notification will be replaced with the October bulletin summary on October 9, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...." --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms12-oct *** Linux 3.7 Kernel To Support Multiple ARM Platforms *** --------------------------------------------- hypnosec writes with news that the Linux 3.7 kernel will support multiple ARM-based System on Chip platforms (Git commit page), writing "Up until now there has been a separate Linux kernel build for each of the ARM platforms or SoCs, which is one of the several problems when it comes to ARM based Linux. The merging of ARM multi-platform support into Linux 3.7 will put an end to this problem, enabling the new kernel to not only target multiple platforms but also be more in line with its x86 --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/CCv0Hi9ZkWM/linux-37-kernel… *** No Surprise - Ransomware On the Rise *** --------------------------------------------- "McAfees latest Threats Report shows a 1. 5 million increase in malware since last quarter. 2012 is in fact, far and away the busiest year ever for malware with an estimated total of 100 million malware samples worldwide by Q3 2012...." --------------------------------------------- http://www.infosecisland.com/blogview/22511-No-Surprise-Ransomware-On-the-R… *** Sybase ASE 15.x Java Command Execution *** --------------------------------------------- Topic: Sybase ASE 15.x Java Command Execution Risk: High Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Java Operating System command executi... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bHOU9UjsTIM/WLB-20… *** Botnet Spotted Silently Scanning IPv4 Address Space For Vulnerable VoIP *** --------------------------------------------- "A large peer-to-peer botnet known for its resilience was spotted sniffing out potential victim voice-over-IP (VoIP) servers using an advanced stealth technique of camouflaging its efforts to recruit new bots. The Sality botnet, which was first discovered in 2003 and has been estimated to have hundreds of thousands or more infected machines in its zombie army, scanned IPv4 addresses in February 2011 via a covert scanning method that flew under the radar, according to new research from the --------------------------------------------- http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabi… *** Facebook scannt private Nachrichten *** --------------------------------------------- Wenn ein Link zu einer Webseite, die einen Facebook Like-Button eingebunden hat, in einer privaten Nachricht versendet wird, erhöht sich der Like-Zähler. Das bedeutet, dass die Inhalte der Nachrichten von Facebook gescannt werden müssen. --------------------------------------------- http://futurezone.at/digitallife/11724-facebook-scannt-private-nachrichten.… *** VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html, (Fri, Oct 5th) *** --------------------------------------------- Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14242&rss *** Visualizing the ZeroAccess botnet in Google Earth *** --------------------------------------------- "The ZeroAccess botnet is a very widespread malware threat that has been infecting computers around the world for years. Its estimated that the current version of ZeroAccess has been installed over nine million times, with roughly one million PCs still infected. The folks at F-Secure have plotted nearly 140,000 infections on Google Earth, based on the IP address of the infected computer, and the result is an amazing (and rather scary) map...." --------------------------------------------- http://www.gearthblog.com/blog/archives/2012/10/visualizing_the_zeroaccess_… *** Cyber crooks should make you very nervous *** --------------------------------------------- "Federal undercover agents are resorting to show and tell to combat a growing menacecriminal hackers. The Justice Department has been making headlines by publicizing prosecutions, disclosing investigative techniques and revealing findings before clinching guilty verdicts. Sure, calling attention to charges and arrests could discourage digital invaders...." --------------------------------------------- http://www.nextgov.com/cybersecurity/2012/10/cyber-crooks-should-make-you-v… *** Vuln: Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities *** --------------------------------------------- Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/54569 *** lost+found: Vom Versuch eine Ente wieder einzufangen *** --------------------------------------------- Das Magazin hakin9 ist einem Troll-Versuch aufgesessen und hat einen peinlichen Nonsens-Artikel veröffentlicht: Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning (man beachte die Abkürzung DICKS). Angesichts prominenter Autoren, deren Namen sich wie ein Who-is-Who der Security-Szene lesen, fiel offensichtlich niemandem mehr auf, dass Sätze wie "NMAP requires root access in order to allow B-trees" absolut keinen Sinn ergeben. --------------------------------------------- http://www.heise.de/security/meldung/lost-found-Vom-Versuch-eine-Ente-wiede… *** "Universal Man in the Browser": Datenklau in Echtzeit *** --------------------------------------------- Die amerikanische Sicherheitsfirma Trusteer hat eine neue Form der "Man in the Browser"-Attacke (MitB) ausgemacht, die niederschwelliger und effizienter als bereits bekannte MitB sein soll. Das Besondere an dem Spionageprogramm ist die eingebaute Logik, die es erlaubt, die gestohlenen Daten in Echtzeit auszuwerten und möglichst schnell einem Weiterverkauf zugänglich zu machen. Trusteer nennt diese neue Form 'Universal Man in the Browser' (uMitB). --------------------------------------------- http://www.heise.de/security/meldung/Universal-Man-in-the-Browser-Datenklau… *** Blacklist RFC-Ignorant.org stellt den Betrieb ein *** --------------------------------------------- Postmaster und andere Netz-Administratoren sollten RFC-Ignorant.org umgehend aus ihren Server-Konfigurationen entfernen. Die Meldestelle gegen Netzmissbrauch beantwortet bereits sämtliche Anfragen mit "Eintrag nicht vorhanden". --------------------------------------------- http://www.heise.de/security/meldung/Blacklist-RFC-Ignorant-org-stellt-den-…

1 0

Tageszusammenfassung - Donnerstag 4-10-2012
by Daily end-of-shift report 04 Oct '12

04 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-10-2012 18:00 − Donnerstag 04-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** IETF Starts Work On Next-Generation HTTP Standards *** --------------------------------------------- alphadogg writes "With an eye towards updating the Web to better accommodate complex and bandwidth-hungry applications, the Internet Engineering Task Force has started work on the next generation of HTTP, the underlying protocol for the Web. The HTTP Strict Transport Security (HSTS), is a security protocol designed to protect Internet users from hijacking. The HSTS is an opt-in security enhancement whereby web sites signal browsers to always communicate with it over a secure connection. If --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JocJDH2CeQw/ietf-starts-wor… *** Microsoft wins permanent settlement against Nitol botnet *** --------------------------------------------- "Microsoft has won a battle to permanently disrupt a haven for the Nitol botnet that it discovered within an Internet domain controlled by a Chinese ISP. The company has signed a private settlement that Peng Yong and Changzhou Bei Te Kang Mu Software Technology Co., Ltd., will block all connections to designated malicious subdomains of the 3322. org domain controlled by Peng and Bei Te Kang Mu Software...." --------------------------------------------- http://www.csoonline.com/article/717879/microsoft-wins-permanent-settlement… *** Google Glass, Augmented Reality Spells Data Headaches *** --------------------------------------------- Nervals Lobster writes "Google seems determined to press forward with Google Glass technology, filing a patent for a Google Glass wristwatch. As pointed out by CNET, the timepiece includes a camera and a touch screen that, once flipped up, acts as a secondary display. In the patent, Google refers to the device as a smart-watch. Whether or not a Google Glass wristwatch ever appears on the marketplace � just because a tech titan patents a particular invention doesnt mean its bound for --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lVDzxD_8kXY/google-glass-au… *** How to Protect against Denial of Service Attacks: Refresher *** --------------------------------------------- "With all of the information about DoS attacks in recent months, it is easy to blame banks and say that they didnt have the proper security controls in place to withstand this type of attack, but in reality things are not that simple. So, how does this happen? Is it preventable?..." --------------------------------------------- http://www.infosecisland.com/blogview/22518-How-to-Protect-against-Denial-o… *** Europe joins forces in Cyber Europe 2012 *** --------------------------------------------- "Today, more than 300 cyber security professionals across Europe join forces to counter a massive simulated cyber-attack in the 2nd pan-European Cyber Exercise, Cyber Europe 2012. The exercise builds on and ties together extensive activities at both the national and European level to improve the resilience of critical information infrastructures. As such, Cyber Europe 2012 is a major milestone in the efforts to strengthen cyber crisis cooperation, preparedness and response across --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/europe-joins-forces-in-cybe… *** Neue Oracle-Hacks *** --------------------------------------------- Die Sicherheitsexperten Laszlo Toth und Ferenc Spala haben im Rahmen der Konferenz DerbyCon 2.0 eine Reihe von zum Teil neuartigen Angriffen auf Oracle-Datenbanken und SQL-Server vorgestellt und dabei auch gleich die entsprechenden Werkzeuge dazu ver�ffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Neue-Oracle-Hacks-1722784.html/from/at… *** Middle East cyberattacks on Google users increasing *** --------------------------------------------- "Here we go again. Three months after it first began warning users of state-sponsored cyber attacks, Google is saying that the assault has only intensified. The New York Times reports that since it began warning users of state-sponsored attacks, "it has picked up thousands more instances of cyberattacks than it anticipated." Many of the attacks appear to be originating in the Middle East...." --------------------------------------------- http://news.cnet.com/8301-1009_3-57525334-83/middle-east-cyberattacks-on-go… *** Gut choreografierte dDoS-Attacken gegen US-Gro�banken *** --------------------------------------------- Mehrere US-Gro�banken, unter anderem Wells Fargo, PNC Financial Service Group, U.S. Bancorp, Citigroup, JPMorgan und Bank of America, sahen sich in den letzten Tagen einer Vielzahl von professionell gef�hrten DDoS-Attacken ausgesetzt. --------------------------------------------- http://www.heise.de/security/meldung/Gut-choreografierte-dDoS-Attacken-gege… *** Bugtraq: [security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information *** --------------------------------------------- [security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/524302

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily