=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-09-2012 18:00 - Freitag 14-09-2012 18:00
Handler: Stephan Richter
*** The Tinba/Tinybanker Malware ***
---------------------------------------------
"Trend Micro and CSIS have released a joint white paper about the Tinba
information-stealing malware. The paper contains a thorough technical
analysis of the malware itself, as well as the architecture of its
infrastructure, and its ties to other illegal activities. What is Tinba?..."
---------------------------------------------
http://blog.trendmicro.com/?p=44994
*** Blackhole 2: Crimeware kit gets stealthier, Windows 8 support ***
---------------------------------------------
Malware-flinging tool to target mobiles too Cybercrooks have unveiled a new
version of the Blackhole exploit kit. Version 2 of Blackhole is expressly
designed to better avoid security defences. Support for Windows 8 and
mobile devices is another key feature, a sign of the changing target
platforms for malware-based cyberscams.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/13/blackhole_e…
*** Bugtraq: Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities ***
---------------------------------------------
Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524157
*** Over half of Android devices have unpatched holes ***
---------------------------------------------
Fix is up to your carrier, Google, mobo maker - just about everyone Duo
Security is claiming that "over half" of Android devices have unpatched
vulnerabilities.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/14/duo_says_an…
*** Analyzing Malicious RTF Files Using OfficeMalScanners RTFScan, (Fri,
Sep 14th) ***
---------------------------------------------
Attackers have been using Rich Text Format (RTF) files to carry exploits
targeting vulnerabilities in Microsoft Office and other products. We
documented one such incident in June 2009. In a more recent example, the
CVE-2012-0158 vulnerability was present in Active X controls within
MSCOMCTL.OCX, which could be activated using Microsoft Office and other
applications. McAfee described one such exploit, which appeared in the wild
in April 2012: In the malicious RTF, a vulnerable OLE...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14092&rss
*** Lücke in SSL-Verschlüsselung kaum ausnutzbar ***
---------------------------------------------
Experten haben ein Problem bei der im Web üblichen SSL-Verschlüsselung
ausgemacht, das auftritt, wenn der Inhalt zuvor komprimiert wurde. Zum
Glück haben die betroffenen Browser-Hersteller bereits reagiert.
---------------------------------------------
http://www.heise.de/security/meldung/Luecke-in-SSL-Verschluesselung-kaum-au…
*** Vuln: OpenSLP SLPIntersectStringList() Function Denial of Service
Vulnerability ***
---------------------------------------------
OpenSLP SLPIntersectStringList() Function Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55540
*** [webapps] - Trend Micro InterScan Messaging Security Suite Stored XSS
and CSRF ***
---------------------------------------------
Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF
---------------------------------------------
http://www.exploit-db.com/exploits/21319
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-09-2012 08:00 - Donnerstag 13-09-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** ICS-CERT Monthly Monitor for August 2012 ***
---------------------------------------------
"Internet facing medical devices may have a very similar security risk
profile to industrial control systems (ICSs). ICSs and medical devices are
valuable equipment, often critical to the viability of the system to which
they are attached. In each case, lives may depend on the devices
functioning correctly...."
---------------------------------------------
http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_August_…
*** Vuln: OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass
Vulnerability ***
---------------------------------------------
OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55524
*** Cyber Defence & Network Security Conference - 28-31 Jan, 2013 ***
---------------------------------------------
"As a quick background, this is the best-attended cyber defence and network
security conference held by Defence IQ - covered by BBC in both 2011 and
2012. This event combines high-level strategic briefings from 26+ senior
international military and cyber experts, combined with valuable and
intimate networking opportunities with heads of CERT, Systems Security,
Military IT, Counter Terrorism, Cyber Crime and Networks professionals...."
---------------------------------------------
http://www.cdans.org/redForms.aspx?id=821954&pdf_form=1
*** Security update released for ColdFusion 10 and earlier (APSB12-21) ***
---------------------------------------------
Today, a Security Bulletin (APSB12-21) has been posted in regards to a
security hotfix for Adobe ColdFusion 10 and earlier versions for Windows,
Macintosh and UNIX. Adobe recommends users update their product
installation using the instructions provided in the security bulletin. This
posting is provided AS IS with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2012/09/security-update-released-for-coldfusio…
*** Microsoft disrupts traffic associated with the Nitol botnet, (Thu, Sep
13th) ***
---------------------------------------------
There is an interesting article that was just published by Microsofts
Digital Crimes Unit. Attackers have been infecting manufacturer supply
chains to spread their evil warez. Some unnamed manufacturers have been
selling products loaded with counterfeit versions of Windows software
embedded with harmful malware. The article goes on to say that the Malware
allows criminals to steal a persons personal information to access and
abuse their online services, including e-mail, social networking
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14086&rss
*** PHP 5.5 soll Passwort-Schlamperei eindaemmen ***
---------------------------------------------
http://www.heise.de/security/meldung/PHP-5-5-soll-Passwort-Schlamperei-eind…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 11-09-2012 18:05 - Mittwoch 12-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Bugtraq: ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities ***
---------------------------------------------
ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524142
*** Bugtraq: Multiple vulnerabilities in Ezylog photovoltaic management
server ***
---------------------------------------------
Multiple vulnerabilities in Ezylog photovoltaic management server
---------------------------------------------
http://www.securityfocus.com/archive/1/524140
*** Vuln: libguac Remote Buffer Overflow Vulnerability ***
---------------------------------------------
libguac Remote Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55497
*** The geography of cybercrime: Western Europe and North America ***
---------------------------------------------
"The Internet knows no borders, but according to our data, cybercrime has
specific geographical features. In different parts of the world
cybercriminals launch different malicious programs, their attacks have
different priorities and they use different tricks to make money. This is
not just due to their physical location, but also due to the nature of the
countries where their potential victims are located...."
---------------------------------------------
http://www.securelist.com/en/analysis/204792244/The_geography_of_cybercrime…
*** Cosmo, the Hacker God Who Fell to Earth ***
---------------------------------------------
"Cosmo is huge 6 foot 7 and 220 pounds the last time he was weighed, at a
detention facility in Long Beach, California on June 26. And yet hes
getting bigger, because Cosmo also known as Cosmo the God, the
social-engineering mastermind who weaseled his way past security systems at
Amazon, Apple, AT&T, PayPal, AOL, Netflix, Network Solutions, and Microsoft
is just 15 years old. He turns 16 next March, and he may very well do so
inside a prison cell...."
---------------------------------------------
http://www.wired.com/gadgetlab/2012/09/cosmo-the-god-who-fell-to-earth/
*** Inside your users brains: Where they get security advice ***
---------------------------------------------
"IT professionals work hard to become experts in their field. They also
work hard protecting the infrastructure and users they're responsible for.
Unfortunately, not everyone has access to an IT expert...."
---------------------------------------------
http://www.techrepublic.com/blog/security/inside-your-users-brains-where-th…
*** Microsoft will Flash-Lücke im IE10 nun doch schlieÃen ***
---------------------------------------------
Nachdem es Kritik hagelte, will Microsoft den in seinem neuen Internet
Explorer festintegrierten Flash Player nun doch vor der offiziellen
Freigabe von Windows 8 aktualisieren.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-will-Flash-Luecke-im-IE10-nu…
*** Vuln: Dnsmasq Remote Denial of Service Vulnerability ***
---------------------------------------------
Dnsmasq Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54353
*** Cyber security strengthened at EU institutions ***
---------------------------------------------
"EU institutions have reinforced their fight against cyber threats by
establishing the EUs Computer Emergency Response Team, or CERT-EU, on a
permanent basis. This decision follows a successful one-year pilot for the
team, which drew positive assessments from clients and peers.
Vice-President Maros Sefcovic said: "The EU institutions, like any other
major organizations, are frequently the target of information security
incidents...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=13580
*** Cyber Crime: The QR code: A new frontier in mobile attackability ***
---------------------------------------------
A single poisoned link is all it takes to expose an entire organization to
a full-scale attack. Hackers write sophisticated browser-based attacks that
operate quite stealthily. Now, they're going a...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/OL5fpFtGGvU/article.php
*** Visas New End-to-End Encryption Service - P2P Encryption Program Aims
to Eliminate POS Card Risks ***
---------------------------------------------
"Visas new end-to-end encryption service aims to eliminate payment card
data at the merchant level. Eduardo Perez of Visas Risk Group discusses the
security value of this emerging solution. Visas Merchant Data Secure with
Point-to-Point Encryption solution wont launch until 2013...."
---------------------------------------------
http://www.bankinfosecurity.com/interviews/visas-new-end-to-end-encryption-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 10-09-2012 18:00 - Dienstag 11-09-2012 18:05
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** How to Defeat Zeus - Technology, Education Are Keys to Threat ***
---------------------------------------------
"Zeus continues to strike online bank accounts and users, and technology
designed to thwart these Trojan attacks continually fails to keep up.
Malware expert Andreas Baumhof says to defeat Zeus, financial institutions
have to change their approach. Zeus, a financially aimed malware, comes in
many different forms and flavors...."
---------------------------------------------
http://www.bankinfosecurity.com/how-to-defeat-zeus-a-5097?rf=2012-09-10-eb
*** PostgreSQL 9.2 Out with Greatly Improved Scalability ***
---------------------------------------------
The PostgreSQL project announced the release of PostgreSQL 9.2 today. The
headliner: "With the addition of linear scalability to 64 cores, index-only
scans and reductions in CPU power consumption, PostgreSQL 9.2 has
significantly improved scalability and developer flexibility for the most
demanding workloads. ... Up to 350,000 read queries per second (more than
4X faster) ... Index-only scans for data warehousing queries (2â20X
faster) ... Up to 14,000 data writes per second (5X ...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFHKonln9h4/postgresql-92-o…
*** E-publisher fesses up: Apple UDIDs were ours ***
---------------------------------------------
BlueToad clears FBI of device data collection It seems both Apple and the
FBI were telling the truth: the Apple UDIDs published last week didnât
come from either organization, with an American e-publisher posting a
statement that the data was stolen from its systems.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/10/bluetoad_so…
*** Java, Flash, and the Choice of Usability Over Security ***
---------------------------------------------
"So I happened to be switching to a new computer two weekends ago. Going
into it I was dead set on not installing Flash and Java. And I was all good
until @alexhutton posted a link to a video about the Beetles "happy
birthday" song and I just had to check it out...."
---------------------------------------------
http://www.infosecisland.com/blogview/22381-Java-Flash-and-the-Choice-of-Us…
*** Programm für deutsche OWASP-Konferenz steht ***
---------------------------------------------
Die fünfte Auflage des German OWASP Day 2012, einer Veranstaltung zur
Softwaresicherheit, findet am 7. November 2012 in München statt. Das
Programm wurde um einen Mobile Security Track erweitert.
---------------------------------------------
http://www.heise.de/security/meldung/Programm-fuer-deutsche-OWASP-Konferenz…
*** Apples soon-to-be-slurped securo firm shrugs off crypto warning ***
---------------------------------------------
Windows passwords exposure confusion AuthenTec, the security firm thats the
target of an $356m acquisition by Apple, has denied reports that possible
cryptographic weaknesses in its fingerprint scanner software pose a risk to
the security of laptops.â¦
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/11/fingerprint…
*** Anomaly Detection Rules & The Success of Open-Source Rule Testing ***
---------------------------------------------
Last November, the VRT established an open-source rule testing group,
composed of a number of Snort users from around the planet in industries
as diverse as defense contracting and education. To date, we've tested
well over a hundred rules with this group, and have had a great deal of
useful feedback in the process - which has led to both killing rules
that didn't perform as well as expected in the field, and the release of
rules that we would have never previously dared to put in public after
seeing them function well with the test group.
---------------------------------------------
http://vrt-blog.snort.org/2012/09/anomaly-detection-rules-success-of-open.h…
*** Initiative-S: Kostenloser Website-Check für kleine Unternehmen ***
---------------------------------------------
Der Verband der deutschen Internetwirtschaft eco hat auf den Internet
Security Days offiziell das Projekt Initiative-S gestartet. Mit dem Angebot
sollen sich besonders kleine und mittelständische Unternehmen dagegen
schützen, dass ihre Internetpräsenzen als Trojanerschleuder missbraucht werden.
---------------------------------------------
http://www.heise.de/security/meldung/Initiative-S-Kostenloser-Website-Check…
*** GoDaddy Outage: RFC for Dummies ***
---------------------------------------------
"Yesterday was a black day for GoDaddy. com. During a few hours all they
hosting services were interrupted...."
---------------------------------------------
http://blog.rootshell.be/2012/09/11/godaddy-outage-rfc-for-dummies/
*** Vuln: RocketTheme RokModule Joomla! Component module Parameter SQL
Injection Vulnerability ***
---------------------------------------------
RocketTheme RokModule Joomla! Component module Parameter SQL Injection
Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55477
*** Bugtraq: [SE-2012-01] Security vulnerabilities in IBM Java ***
---------------------------------------------
[SE-2012-01] Security vulnerabilities in IBM Java
---------------------------------------------
http://www.securityfocus.com/archive/1/524134
*** Bugtraq: [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP
Methods ***
---------------------------------------------
[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods
---------------------------------------------
http://www.securityfocus.com/archive/1/524137
*** Bugtraq: Wordpress Download Monitor - Download Page Cross-Site
Scripting ***
---------------------------------------------
Wordpress Download Monitor - Download Page Cross-Site Scripting
---------------------------------------------
http://www.securityfocus.com/archive/1/524138
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 07-09-2012 17:56 - Montag 10-09-2012 17:56
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Wordpress 3.4.2 stopft Lücken und korrigiert Fehler ***
---------------------------------------------
Die Wordpress-Version 3.4.2 korrigiert rund 20 Fehler in der
Weblog-Software und behebt einige Sicherheitsprobleme, die zu einer
Ausweitung der Zugriffsrechte führen können.
---------------------------------------------
http://www.heise.de/security/meldung/Wordpress-3-4-2-stopft-Luecken-und-kor…
*** An update from VirusTotal ***
---------------------------------------------
"Our goal is simple: to help keep you safe on the web. And weve worked hard
to ensure that the services we offer continually improve. But as a small,
resource-constrained company, that can sometimes be challenging...."
---------------------------------------------
http://blog.virustotal.com/2012/09/an-update-from-virustotal.html
*** Two ICS-CERT Advisories Published Yesterday ***
---------------------------------------------
"Yesterday ICS-CERT published advisories for control systems
vulnerabilities in two control systems products; one a demonstration
product that doesnt really control anything and the other a distributed
control system that is used in a wide variety of situations. RealWinDemo
AdvisoryThis advisory describes a DLL hijack vulnerability in RealWinDemo
and RealWin products from RealFlex; both products are generally used as
sales demonstration tools, but RealWin has been used in small automation
---------------------------------------------
http://chemical-facility-security-news.blogspot.nl/2012/09/two-ics-cert-adv…
*** Adobe confirms Windows 8 users vulnerable to active Flash exploits ***
---------------------------------------------
"Microsofts Windows 8 is vulnerable to attack by exploits that hackers have
been aiming at PCs for several weeks, Adobe confirmed Friday. Microsoft
said it will not patch the bug in Flash Player until what it called "GA,"
for "general availability." That would be Oct. 26, when Windows 8 hits
retail and PCs powered by the new operating system go on sale."We will
update Flash in Windows 8 via Windows Update as needed," a spokeswoman said
in a reply to questions.
---------------------------------------------
http://www.computerworld.com/s/article/9231076/Adobe_confirms_Windows_8_use…
*** Elderwood hacker gang claims unlimited supply of zero-day bugs -
Symantec ***
---------------------------------------------
"An elite hacker group targeting defense industry sub-contractors has an
inexhaustible supply of zero-days, or vulnerabilities that have yet to be
publicised, much less patched, according to Symantec. In a blog post, the
security firm said, "The group seemingly has an unlimited supply of
zero-day vulnerabilities."Symantec also laid out its analysis of the gang,
which it said was behind a slew of attacks dubbed the "Elderwood Project,"
after a source code variable used
---------------------------------------------
http://news.techworld.com/security/3380122/elderwood-hacker-gang-claims-unl…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-09-2012 18:00 - Freitag 07-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Microsoft Security Bulletin Advance Notification for September 2012 ***
---------------------------------------------
"This is an advance notification of security bulletins that Microsoft is
intending to release on September 11, 2012. This bulletin advance
notification will be replaced with the September bulletin summary on
September 11, 2012. For more information about the bulletin advance
notification service, see Microsoft Security Bulletin Advance Notification...."
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms12-sep
*** Bugtraq: [security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business
Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request
Forgery (CSRF), and Web Session Hijacking ***
---------------------------------------------
[security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability
Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF),
and Web Session Hijacking
---------------------------------------------
http://www.securityfocus.com/archive/1/524119
*** Flash-Lücke im Internet Explorer 10 ***
---------------------------------------------
Die mit Windows 8 ausgelieferte Flash-Version ist von einer
Sicherheitslücke betroffen, die in Verbindung mit dem Internet Explorer 10
auftritt. Der entsprechende Patch von Adobe kann nicht auf den neuen
Internet Explorer angewandt werden.
---------------------------------------------
http://futurezone.at/produkte/11190-flash-luecke-im-internet-explorer-10.ph…
*** ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow ***
---------------------------------------------
Topic: ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow Risk: High
Text:## # This file is part of the Metasploit Framework and may be subject
to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/uDV-PB41E8E/WLB-20…
*** N24 Dokumentation ***
---------------------------------------------
Wenn das Web zur Waffe wird
Mit der Weiterentwicklung der Technik von Computern und des Internets
werden auch immer neue Angriffsmöglichkeiten für virtuelle Kriminelle
geschaffen. Die Zeiten, in denen Computerviren lediglich Spam
verursachten, sind vorbei. Die Doku zeigt, welch folgenschwere Schäden
durch Cyber-Attacken in der modernen Welt verursacht werden können:
---------------------------------------------
http://www.n24.de/mediathek/cyber-war-wenn-das-web-zur-waffe-wird_1552737.h…
*** Vuln: Webmin Multiple Input Validation Vulnerabilities ***
---------------------------------------------
Webmin Multiple Input Validation Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55446
*** SSL BEASTie boys develop follow-up CRIME web attack ***
---------------------------------------------
Ill Communication The security researchers who developed the infamous BEAST
attack that broke SSL/TLS encryption are cooking up a new assault on the
same crucial protocols.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/07/https_sesh_…
*** [remote] - SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow ***
---------------------------------------------
SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow
---------------------------------------------
http://www.exploit-db.com/exploits/21034
*** US-CERT Alert TA12-251A - Microsoft Update For Minimum Certificate Key
Length ***
---------------------------------------------
FOR IMMEDIATE PUBLIC RELEASE
National Cyber Awareness System
US-CERT Alert TA12-251A
Microsoft Update For Minimum Certificate Key Length
Original release date: September 07, 2012
---------------------------------------------
http://www.us-cert.gov/cas/techalerts/TA12-251A.html
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 05-09-2012 18:00 - Donnerstag 06-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Umfrage: Viele Sysadmins beschäftigen sich nicht mit
IT-Sicherheitsmanagement ***
---------------------------------------------
Rund 1500 Administratoren haben zum Tag des Systemadministrators unter Love
Your Admin eine Umfrage der Firma Synetics ausgefüllt, die sich auf
Software zur Dokumentation von Administrationsaufgaben spezialisiert hat.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Umfrage-Viele-Sysadmins-beschaeftige…
*** Watch this - the funniest spam video youll ever see [VIDEO] ***
---------------------------------------------
"We all want our friends and family to learn more about how better to
secure their computers. But the eternal challenge is how can we make the
advice interesting and engaging for a non-techie audience, and not make the
mistake of endlessly droning on using buzzwords they are unlikely to
understand. The video below about spam - made by the folks at "Glove and
Boots" - manages to make what could be a tremendously dry topic, funny and
informative instead...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/09/05/funniest-spam-video/
*** Bugtraq: Cross-Site Scripting (XSS) in Kayako Fusion ***
---------------------------------------------
Cross-Site Scripting (XSS) in Kayako Fusion
---------------------------------------------
http://www.securityfocus.com/archive/1/524108
*** Vuln: CoDeSys Access Security Bypass Vulnerability ***
---------------------------------------------
CoDeSys Access Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/52942
*** Vuln: WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability ***
---------------------------------------------
WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/52940
*** Bugtraq: APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac
OS X 10.6 Update 10 ***
---------------------------------------------
APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6
Update 10
---------------------------------------------
http://www.securityfocus.com/archive/1/524112
*** Online bank punters tricked into approving theft of their OWN CASH ***
---------------------------------------------
Man-in-browser Trojan attack discovered Security researchers have
discovered a malware-based attack against the chipTAN system used by bank
customers in Germany to authorise transactions online.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/06/german_chip…
*** Vuln: HP SiteScope UploadFilesHandler Directory Traversal Vulnerability ***
---------------------------------------------
HP SiteScope UploadFilesHandler Directory Traversal Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55273
*** Vuln: HP SiteScope Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
HP SiteScope Multiple Security Bypass Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55269
*** Java 7 Attack Vectors, Oh My! ***
---------------------------------------------
"While researching how to successfully mitigate the recent Java 7
vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will
Dormann") found quite a mess. In the midst of discussion about exploit
activity and the out-of-cycle update from Oracle, Id like to call attention
to a couple other important points. First, theres the question of the
defensive value of the Java 7u7 update (and patching in general)...."
---------------------------------------------
http://www.cert.org/blogs/certcc/2012/09/java_7_attack_vectors_oh_my.html
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-09-2012 18:00 - Mittwoch 05-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Bugtraq: Secunia Research: Adobe Photoshop TIFF SGI24LogLum
Decompression Buffer Overflow ***
---------------------------------------------
Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer
Overflow
---------------------------------------------
http://www.securityfocus.com/archive/1/524090
*** Widely used fingerprint reader exposes Windows passwords in seconds ***
---------------------------------------------
"Fingerprint-reading software preinstalled on laptops sold by Dell, Sony,
and at least 14 other PC makers contains a serious weakness that makes it
trivial for hackers with physical control of the machine to quickly recover
account passwords, security researchers said. The UPEK Protector Suite,
which was acquired by Melbourne, Florida-based Authentec two years ago, is
marketed as a secure means for logging into Windows computers using an
owners unique fingerprint, rather than a
---------------------------------------------
http://news.hitb.org/content/widely-used-fingerprint-reader-exposes-windows…
*** Anonymous Project Mayhem 2012 - December 21st 2012. ***
---------------------------------------------
"You are Anonymous. You are Project Mayhem 2012 . On the 10 days that go
from 12-12-2012 to 12-21-2012, the world will see an unprecedented amount
of Corporate, Financial, Military and State leaks that will have been
secretly gathered by millions of CONSCIENTIOUS citizens, vigilantes,
whistle blowers and initiates. THE GLOBAL ECONOMIC SYSTEM WILL START THE
FINAL FINANCIAL MELTDOWNFOR *TRUST* IN FEAR BASED MONEY WILL BE FINALLY
BROKENPEOPLE ALL OVER THE WORLD, OUT OF FEAR TO GO BANKRUPT,
---------------------------------------------
http://www.youtube.com/watch?v=bqo1hDrj8eY
*** FBI says Apple ID heist claim is TOTALLY FALSE ***
---------------------------------------------
'Not our data' Popcorn time Hot on the heels of AntiSec's claim that the
purloined Apple device IDs it dumped to Pastebin came from the FBI, the
G-men have flatly denied the story.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/04/feds_deny_a…
*** Secret account in mission-critical router opens power plants to
tampering ***
---------------------------------------------
"The branch of the US Department of Homeland Security that oversees
critical infrastructure has warned power utilities, railroad operators, and
other large industrial players of a weakness in a widely used router that
leaves them open to tampering by untrusted employees. The line of
mission-critical routers manufactured by Fremont, California-based
GarrettCom contains an undocumented account with a default password that
gives unprivileged users access to advanced options and features,
---------------------------------------------
http://arstechnica.com/security/2012/09/secret-account-in-mission-critical-…
*** HP stellt sich erneut an den Security-Pranger ***
---------------------------------------------
Die Zero Day Initiative (ZDI) hat erneut Informationen über ungepatchte
Sicherheitslücken in HP-Produkten veröffentlicht
---------------------------------------------
http://www.heise.de/security/meldung/HP-stellt-sich-erneut-an-den-Security-…
*** Is Java now too dangerous to use? ***
---------------------------------------------
"Java, the great enabler of useful applications or a waste of space that is
doing more harm than good? After the last few weeks this has become a
question worthy of a philosophy lecture. First in late August came news of
two serious zero day Java vulnerabilities (CVE-2012-4681), with plenty of
evidence that criminals were exploiting them in a big enough way to pose
serious questions over Javas continued use...."
---------------------------------------------
http://features.techworld.com/security/3379294/is-java-now-too-dangerous-us…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-09-2012 18:00 - Dienstag 04-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Google-Sicherheitswarnung entpuppt sich als Trojaner ***
---------------------------------------------
http://www.heise.de/security/meldung/Google-Sicherheitswarnung-entpuppt-sic…
*** Xen-Based Secure OS Qubes Hits 1.0 ***
---------------------------------------------
Orome1 writes "Joanna Rutkowska, CEO of Invisible Things Lab, today
released version 1.0 of Qubes, a stable and reasonably secure desktop
OS. It is the most secure option among the existing desktop operating
systems - even more secure than Apples iOS, which puts each application
into its own sandbox and does not count on the user to make security
decisions. Qubes will offer users the option of using disposable virtual
machines for executing tasks they believe could harm their
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QFOuSOQL9zE/xen-based-secur…
*** Exposed Terminal Services Remains High Frequency Threat ***
---------------------------------------------
"Quickly reviewing the HITME data gathered from our global deployment of
HoneyPoint continues to show that exposed Terminal Services (RDP) on
port 3389 remains a high frequency threat. In terms of general contact
with the attack surface of an exposed Terminal Server connection, direct
probes and attacker interaction is seen on an average approximately two
times per hour. Given that metric, an organization who is using exposed
Terminal Services for remote access or management/support, may
---------------------------------------------
http://www.infosecisland.com/blogview/22273-Exposed-Terminal-Services-Remai…
*** Is it time to knock infected PCs off the internet? ***
---------------------------------------------
"Malware could block your access to the internet but in some cases by
those on the right side of the security fence, who are deploying tactics
such as blocked ports, letters in the mail and PCs quarantined from the
net to combat the most damaging threats. Last year, authorities led by
the FBI arrested the criminals behind the DNSCharger operation, taking
over their servers. The malware changed victims DNS settings, and
unplugging the servers would have cut off the four million infected PCs
---------------------------------------------
http://www.pcpro.co.uk/news/security/376696/is-it-time-to-knock-infected-pc…
*** Hack - AntiSec knackt FBI-Laptop - und "findet" 12 Mio.
Apple-Datensätze ***
---------------------------------------------
Samt Username, Telefonnummer und Adresse - 1 Million UDIDs als Beweis
veröffentlicht - Ãber Java-Lücke
---------------------------------------------
http://text.derstandard.at/1345166057287/AntiSec-knackt-FBI-Laptop---findet…
*** Browser plug-in and website warn about data harvesting by Facebook
apps ***
---------------------------------------------
"Secure. me has developed a website and a browser plug-in designed to
make Facebook users aware of the personal information that gets
harvested by third-party applications. The App Advisor Security Network
website has profiles on more than 500,000 third-party Facebook
applications that describe the user data they collect, what actions they
can take and whether they are considered unsafe...."
---------------------------------------------
http://news.techworld.com/security/3379011/browser-plug-in-website-warn-abo…
*** IFA 2012 - Samsung erpresst Blogger und schlittert in PR-Debakel ***
---------------------------------------------
Nokia springt ein und wird Retter in der Not
---------------------------------------------
http://derstandard.at/1345166104259/Samsung-erpresst-Blogger-und-schlittert…
*** [webapps] - Splunk <= 4.3.3 Arbitrary File Read ***
---------------------------------------------
Splunk <= 4.3.3 Arbitrary File Read
---------------------------------------------
http://www.exploit-db.com/exploits/21053
*** [webapps] - Group Office Calendar (calendar/json.php) SQL Injection ***
---------------------------------------------
Group Office Calendar (calendar/json.php) SQL Injection
---------------------------------------------
http://www.exploit-db.com/exploits/21056
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 31-08-2012 18:00 - Montag 03-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security
Vulnerabilities ***
---------------------------------------------
TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55052
*** Here we go again: Critical flaw found in just-patched Java ***
---------------------------------------------
Emergency fix rushed out half-baked Security Explorations, the Polish
security startup that discovered the Java SE 7 vulnerabilities that have
been the targets of recent web-based exploits, has spotted a new flaw
that affects the patched version of Java released this Thursday.â¦
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/08/31/critical_fl…
*** Security update released for Adobe Photoshop CS6 (APSB12-20) ***
---------------------------------------------
Today, a Security Bulletin (APSB12-20) has been posted in regards to a
security update for Adobe Photoshop CS6 (13.0) for Windows and
Macintosh. Adobe recommends that users apply the update for their
product installation. This posting is provided âAS ISâ with no
warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2012/08/security-update-released-for-adobe-pho…
*** Vuln: unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer
Overflow Vulnerabilities ***
---------------------------------------------
unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer Overflow
Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/53712
*** Vuln: Rugged Operating System Private Key Disclosure Vulnerability ***
---------------------------------------------
Rugged Operating System Private Key Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55123
*** Hackerszene trojanisiert Fernwartungswerkzeug ***
---------------------------------------------
http://www.heise.de/security/meldung/Hackerszene-trojanisiert-Fernwartungsw…
*** 30 new top cyber security advisors appointed to the EU Agency ENISAs
Permanent Stakeholders Group ***
---------------------------------------------
"A new composition of 30 top IT-security experts have started their term
of office as members of ENISAs Permanent Stakeholders Group (PSG). The
PSG will give top IT security advice to the EUs cyber security Agency
ENISA, the European Network and Information Security Agency. The PSG is
a group of leading IT-security experts that gives advice to the Agencys
Executive Director in, for example, drawing up a proposal for the
Agencys annual Work Programme...."
---------------------------------------------
http://www.cisionwire.com/enisa---european-network-and-information-security…
*** [webapps] - SugarCRM Community Edition 6.5.2 (Build 8410) Multiple
Vulnerabilities ***
---------------------------------------------
SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/20981
*** American Express doesnt take security seriously ***
---------------------------------------------
"We've already established that when it comes to security, passwords
alone are not a very good choice. Sure, they're better than nothing, but
with most people picking insecure passwords and companies saving them in
unencrypted formats, there are better solutions out there. American
Express takes insecure passwords and makes them even more insecure...."
---------------------------------------------
http://www.neowin.net/news/american-express-doesnt-take-security-seriously?
*** ICS-CERT - New JSAR, Advisory and Updated Alert ***
---------------------------------------------
"Still getting caught up after Isaac; while ICS-CERT hasnt been real
busy they havent waited for me either. So here is a quick look at a new
Joint Security Awareness Report (JSAR), a new privilege escalation
advisory and an update on a Siemens related alert. ICS-CERT and US-CERT
published a JSAR on Wednesday for the information-stealing malware W32...."
---------------------------------------------
http://chemical-facility-security-news.blogspot.nl/2012/09/ics-cert-new-jsa…
*** Russia unveils own Android-like, hack-proof mobile operating system ***
---------------------------------------------
"It seems that Russias defence ministry has little faith in Googles
operating systems: it has just unveiled its own encrypted version that
has the remarkably familiar feel of an Android. Russias very first smart
prototype was presented on the sidelines of a Berlin electronics show
this week to deputy prime minister Dmitry Rogozin -- an avowed
nationalist who oversees the militarys technological innovation. A
slimmed down version of the operating system in computer tablet form is
actually
---------------------------------------------
http://timesofindia.indiatimes.com/tech/news/software-services/Russia-unvei…
*** [papers] - Shellcoding in Linux ***
---------------------------------------------
Shellcoding in Linux
---------------------------------------------
http://www.exploit-db.com/download_pdf/21013
*** Hit by dubious claims, RBI junks ATM cash retraction ***
---------------------------------------------
"The banks have done away with the cash retraction system in ATMs. The
system, which enabled the machine to take back the currency if it is not
removed within a certain time, was withdrawn last week after the Reserve
Bank of India (RBI) agreed to National Payments Corporation of Indias
proposal for removing the feature from all ATMs to deal with the
increasing number of fraudulent claims about non-receipt of cash. Banks
have posted messages on their websites that the system has been
---------------------------------------------
http://economictimes.indiatimes.com/news/news-by-industry/banking/finance/b…
*** VMware sichert Serverprodukte ab ***
---------------------------------------------
http://www.heise.de/security/meldung/VMware-sichert-Serverprodukte-ab-16979…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 27-08-2012 18:14 - Freitag 31-08-2012 18:14
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Is the death knell sounding for traditional antivirus? ***
---------------------------------------------
"Antivirus developers need to run malcode in their labs in order to create
malware-identifying signatures. What happens if they cant? Developers of
traditional antivirus depend on:The ability to run malware in their labs...."
---------------------------------------------
http://www.techrepublic.com/blog/security/is-the-death-knell-sounding-for-t…
*** Joomla com_weblinks SQL Vulnerability ***
---------------------------------------------
Topic: Joomla com_weblinks SQL Vulnerability Risk: Medium Text: ## # #
Exploit Title : Joomla Com_Weblinks Sql Vulnerability # # Author : IrIsT.Ir
# # Discovered By : N...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/E7Kh6tyN_0k/WLB-20…
*** ReIssued Red Alert - Dorifel Decrypter v1.5 released. Supports new
Dorifel variant found in Canada, new RC4 key etc. ***
---------------------------------------------
"In the beginning of August 2012, Dutch government, public sector and
networks of private companies are hit hard by a new wave of crypto malware
named Trojan-Ransom. Win32. Dorifel...."
---------------------------------------------
http://www.surfright.nl/en/support/dorifel-decrypter
*** Bugtraq: Seeker Adv MS-06 - .Net Cross Site Scripting - Request
Validation Bypassing ***
---------------------------------------------
Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing
---------------------------------------------
http://www.securityfocus.com/archive/1/524043
*** Phishing without a webpage - researcher reveals how a link *itself* can
be malicious ***
---------------------------------------------
"The need for a reliable place to host your malicious website has been the
bane of phishers for much of the last decade. But, no longer. A researcher
at the University of Oslo in Norway says that page-less phishing and other
untraceable attacks may be possible, using a tried and true internet
communications standard: the uniform resource identifier, or URI...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-resea…
*** News, Technologies and Techniques: Virus on virus â set a thief to
catch a thief ***
---------------------------------------------
The old debate on whether it would be ethical to use viruses to detect and
even clean other viruses has largely been won by the law of unintended
consequences: its simply too dangerous. But that doesnât mean it
doesnât happen accidentally...
---------------------------------------------
http://www.infosecurity-magazine.com/view/27901/virus-on-virus-set-a-thief-…