- Daily - CERT.at

Tageszusammenfassung - Donnerstag 11-10-2012
by Daily end-of-shift report 11 Oct '12

11 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 10-10-2012 18:00 − Donnerstag 11-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Expenditure Report Reveals Germany Monitors Skype, Google Mail, Facebook Chat *** --------------------------------------------- hypnosec writes "The German Government has gone a bit too far trying to be transparent, inadvertently revealing that German police monitor Skype, Google Mail, MSN Hotmail, Yahoo Mail, and Facebook chat when necessary. The revelations, spotted by the annalist blog, come from a report of expenses incurred by the Federal Ministry of the Interior following a parliamentary inquiry. The report contains lots of tables and as many would find those boring, some highlights: On page 34 and page 37 of... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/J2HxG9I5vdo/expenditure-rep… *** Microsoft addresses critical Word flaws, new RSA key length *** --------------------------------------------- "Microsoft will begin requiring digital certificates to support an RSA key length of at least 1024 bits today, in accordance with a security advisory being pushed through Windows Update. The new requirement, which Microsoft has been preparing customers for since August, was part of the software companys October 2012 Patch Tuesday security updates. Microsoft also addressed an issue with signature timestamps on valid files and released seven bulletins covering 20 vulnerabilities in Microsoft... --------------------------------------------- http://searchsecurity.techtarget.com/news/2240164725/Microsoft-addresses-cr… *** US and EU Clash Over Whois Data *** --------------------------------------------- itwbennett writes "ICANN wants to store more data (including credit card information) about domain name registrations in its Whois database, wants to hold on to that data for two years after registration ends, and wants to force registrant contact information to be re-verified annually - moves that are applauded by David Vladeck, director of the FTCs Bureau of Consumer Protection. The E.U.s Article 29 Working Group is markedly less enthusiastic, saying ICANNs plans trample on... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/6xJedYC9pQU/us-and-eu-clash… *** Sicherheitslücke in Firefox 16 *** --------------------------------------------- Eine Sicherheitslücke in Firefox 16 hat Mozilla in Alarmbereitschaft versetzt. Als Reaktion wurde Firefox 16 von der Mozilla Homepage entfernt und steht nicht mehr zur Installation zur Verfügung. --------------------------------------------- http://www.heise.de/security/meldung/Sicherheitsluecke-in-Firefox-16-172739… *** PGP founders mobile privacy app goes live *** --------------------------------------------- Zimmerman & Navy SEAL pals unveil safe comms, at $20 a month Updated Silent Circle, the secure mobile communications app backed by Phil Zimmerman, has gone live - offering protection from all but the most determined of government departments. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/10/secure_circ… *** Neue IPv6-Tools von "The Hackers Choice" *** --------------------------------------------- Die Hackergruppe "The Hackers Choice" hat das THC IPv6 Attack Toolkit für die Version 2.0 deutlich erweitert. Im Mittelpunkt der Tools steht nicht nur das Sammeln von Informationen über andere IPv6-Hosts, sondern auch über gezielte Angriffe, etwa um Pakete über sich umzuleiten und in eine Position als Man-in-the-Middle zu gelangen. --------------------------------------------- http://www.heise.de/security/meldung/Neue-IPv6-Tools-von-The-Hackers-Choice… *** Facebook Confirms Data Breach *** --------------------------------------------- another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. Its not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebooks 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited the Prakashs --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-ZGiVNpxow8/facebook-confir… *** Bugtraq: Multiple vulnerabilities in OpenX *** --------------------------------------------- Multiple vulnerabilities in OpenX --------------------------------------------- http://www.securityfocus.com/archive/1/524372

1 0

Tageszusammenfassung - Mittwoch 10-10-2012
by Daily end-of-shift report 10 Oct '12

10 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 09-10-2012 18:00 − Mittwoch 10-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Proxy service users download malware, unknowingly join botnet *** --------------------------------------------- "In yet another example of if-its-too-good-to-be-true-it-probably-isnt, hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. "The malware is Backdoor. Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware --------------------------------------------- http://www.net-security.org/malware_news.php?id=2290 *** Kernel crimps make Windows 8 a hacker hassle *** --------------------------------------------- The kernel is the new battleground, says ReactOS and iOS co-author Alex Ionescu Windows 8 will make hackers lives hard, says Windows internals expert, security researcher and co-author of Apples iOS and the open source Windows XP clone ReactOS, Alex Ionescu. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/09/windws_8_ha… *** Microsoft to devs: Bug users about security ... now! *** --------------------------------------------- Redmond reveals how and when it decides to remind you about security Microsoft has revealed the guidelines it gives its own developers to help them decide when users need a rude reminder to stop putting themselves at risk of security problems. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/10/microsoft_n… *** RSA simple password-protection to stop hackers *** --------------------------------------------- "RSA, the security division of EMC, today announced a security product intended to protect simple passwords stored within businesses for authentication purposes, by splitting these passwords in two pieces kept separately, in theory making it harder for hackers to get hold of them. Yahoos massive data breach contains Gmail, Hotmail, Comcast user names and passwordsThis year has seen a large number of password hacking exploits, including those against Yahoo, dating site eHarmony, and --------------------------------------------- http://www.itworld.com/security/301646/rsa-simple-password-protection-stop-… *** Mysterious Algorithm Was 4% of Trading Activity Last Week *** --------------------------------------------- A single mysterious computer program that placed orders - and then subsequently canceled them - made up 4 percent of all quote traffic in the U.S. stock market last week, according to the top tracker of high-frequency trading activity. The motive of the algorithm is still unclear. The program placed orders in 25-millisecond bursts involving about 500 stocks, according to Nanex, a market data firm. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gouGx0l7Y5E/mysterious-algo… *** Oktober ist Office-Patch-Monat *** --------------------------------------------- Microsoft schließt an seinem aktuellen Patchday sieben Sicherheitslücken, eine davon mit der Risikobewertung "kritisch", die restlichen mit der Bewertung "hoch". Vier der veröffentlichten Sicherheitsnotzien betreffen Microsoft Office, die kritische Lücke findet sich in allen Versionen von Word. Hier sind besonders Nutzer mit Administrationsrechten dem Risiko ausgesetzt, ihr System beim Aufrufen einer Website mit Schadcode zu infizieren. --------------------------------------------- http://www.heise.de/security/meldung/Oktober-ist-Office-Patch-Monat-1726703… *** Google disappears for Irish internet users - but was it a nameserver hack or admin screwup? *** --------------------------------------------- Thousands of Irish internet users found that they were unable to access Google earlier today when the nameservers for google.ie began to point to a third-party server based in Indonesia. --------------------------------------------- http://nakedsecurity.sophos.com/2012/10/09/google-disappears-for-irish-inte… *** Data-stealing hackers use DDoS to distract from attacks *** --------------------------------------------- Cybercriminals are distracting banks and other businesses with a DDoS attack while they quietly lay siege to sensitive data on the network, which they can use for credit card cloning and other fraud. --------------------------------------------- http://www.zdnet.com/symantec-data-stealing-hackers-use-ddos-to-distract-fr… *** Vuln: Microsoft Windows Kerberos CVE-2012-2551 Denial of Service Vulnerability *** --------------------------------------------- Microsoft Windows Kerberos CVE-2012-2551 Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55778 *** Vuln: Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability *** --------------------------------------------- Perl HTML::Template::Pro Module Cross Site Scripting Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51117

1 0

Tageszusammenfassung - Dienstag 9-10-2012
by Daily end-of-shift report 09 Oct '12

09 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 08-10-2012 18:00 − Dienstag 09-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** Studie: Cybercrime verursacht deutschen Unternehmen Millionenschäden *** --------------------------------------------- Datendiebstahl, Computerviren und Web-Attacken verursachen in einem deutschen Großunternehmen laut einer Studie von Hewlett-Packard jährlich einen Schaden von durchschnittlich 4,8 Millionen Euro. Deutschland liegt damit zwischen den USA (6,9 Millionen Euro) und Japan (3,9 Millionen Euro), wie das IT-Unternehmen am Montag in Büblingen bei Stuttgart mitteilte. --------------------------------------------- http://www.heise.de/security/meldung/Studie-Cybercrime-verursacht-deutschen… *** Trojan disguised as image delivered via Skype messages *** --------------------------------------------- "The spamming campaign has surfaced in the last few days and is being propagated via compromised Skype accounts. The offered links dont lead to an image, but to a malicious executable (skype_02102012_image. exe) posing as one...." --------------------------------------------- http://www.net-security.org/malware_news.php?id=2285 *** Bing is the most heavily poisoned search engine, study says *** --------------------------------------------- Bing search results are more affected by poisoning than those of other search engines, according to a study by SophosLabs. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/08/bing_worst_… *** Critical Adobe Flash Player Update Nixes 25 Flaws *** --------------------------------------------- Adobe has issued an update for its Flash Player software that fixes at least 25 separate security vulnerabilities in the widely-installed program. The company also pushed out a security patch for its Adobe AIR software. --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/MKdBYW3I3dQ/ *** Surprise! Microsoft patches latest IE10 Flash vulns on time *** --------------------------------------------- Issues fixes same day as Adobes patch Microsoft surprised Windows 8 and Windows Server 2012 users on Monday by issuing a patch that fixes 25 security vulnerabilities found in the Adobe Flash Player component of Internet Explorer 10, mere hours after Adobe issued its own patch for the Flash Player plug-in used by other browsers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/09/ms_ontime_i… *** Facebook: Lücke bei Telefonnummern-Suche *** --------------------------------------------- Durch eine unbeschränkte Abfrage über die Mobil-Webseite und eine offene Voreinstellung für Nutzer können mit Leichtigkeit Personen-Listen samt dazugehöriger Telefonnummern generiert werden, zeigen Sicherheits-Forscher auf. Sie rufen Nutzer zum überprüfen ihrer Auffindbarkeits-Einstellungen auf. --------------------------------------------- http://futurezone.at/digitallife/11783-facebook-luecke-bei-telefonnummern-s… *** Flaws Allow Every 3G Device To Be Tracked *** --------------------------------------------- mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victims outgoing traffic to different --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/NPPj-sqeBcM/flaws-allow-eve… *** Plugin - PrivacyFix für Google Chrome regelt Privatsphäre-Einstellungen *** --------------------------------------------- Facebook, Google und zahlreiche Websites: Mit PrivacyFix soll man den Überblick behalten --------------------------------------------- http://text.derstandard.at/1348285489060/PrivacyFix-fuer-Google-Chrome-rege… *** HTTPS Everywhere unterstützt mehr Websites *** --------------------------------------------- Die Electronic Frontier Foundation (EFF) hat eine neue Version ihrer Browser-Erweiterung HTTPS Everywhere veröffentlicht. Version 3.0 unterstütze jetzt verschlüsselte Verbindungen zu noch mehr Websites. Neben der stabilen Version für Firefox ist auch eine Entwicklerversion für Google Chrome und Chromium verfügbar. --------------------------------------------- http://www.heise.de/security/meldung/HTTPS-Everywhere-unterstuetzt-mehr-Web… *** Windows XP doppelt so oft infiziert wie Windows 7 *** --------------------------------------------- Im Microsoft Security Intelligence Report für das erste Halbjahr 2012 bilanziert der Betriebssystemhersteller, dass er rund doppelt so oft Schädlinge von Systemen mit Windows XP kratzen musste wie bei Windows 7 oder auch Vista. Bei rund einem Prozent der Durchläufe des Malicious Software Removal Tools (MSRT) auf Windows XP entdeckte der rudimentäre Scanner eine Infektion (9,5 von 1000); bei den neueren Windows-Versionen liegt diese Infektionsrate lediglich bei etwa 0,5 Prozent. --------------------------------------------- http://www.heise.de/security/meldung/Windows-XP-doppelt-so-oft-inifiziert-w… *** Practical IT: What is your companys threat response strategy? *** --------------------------------------------- "Weve recently seen some pretty high-profile vulnerabilities in Java and Internet Explorer. In both cases the issues became widely publicised before a patch was available after evidence emerged of in-the-wild exploitation by criminals. As someone looking after IT for your company, how do you react to reports like this?..." --------------------------------------------- http://nakedsecurity.sophos.com/2012/10/09/it-departments-threat-response-s… *** Bugtraq: Team SHATTER Security Advisory: Java Operating System command execution *** --------------------------------------------- Team SHATTER Security Advisory: Java Operating System command execution --------------------------------------------- http://www.securityfocus.com/archive/1/524336 *** Avaya IP Office Customer Call Reporter Command Execution *** --------------------------------------------- Topic: Avaya IP Office Customer Call Reporter Command Execution Risk: High Text: This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/za7W7e-s5xI/WLB-20…

1 0

Tageszusammenfassung - Montag 8-10-2012
by Daily end-of-shift report 08 Oct '12

08 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 05-10-2012 18:00 − Montag 08-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Reports of a Distributed Injection Scan, (Fri, Oct 5th) *** --------------------------------------------- We have received a report of a large distributed SQL Injection Scan from a reader. Behavior of scan is being reported as 9000+ Unique IPv4 Addresses and sends 4-10 requests to lightly fuzz the form field. Then the next IP will lightly fuzz the second form field within the same page and the next IP the next form field.Looks to be targeting MSSQL and seeking version. The reader reports that this scan has been going on for several days. Sample Payload: --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14251&rss *** Vuln: Ruby error.c Multiple Security Bypass Vulnerabilities *** --------------------------------------------- Ruby error.c Multiple Security Bypass Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55757 *** Over 82,000 Chrome Users Install Ad Injector Along with Fake Bad Piggies Game *** --------------------------------------------- "Barracuda Labs experts have identified a number of shady plugins hosted on Google Chromes web store, being advertised as the free online version of Bad Piggies. However, during installation, the plugins request permission to access data on all websites. This allows them to inject advertisements into several high-ranked sites, such as Yahoo!...." --------------------------------------------- http://news.softpedia.com/news/Over-82-000-Chrome-Users-Install-Ad-Injector… *** Update to Security Advisory: Adobe Revokes Code Signing Certificate (APSA12-01) *** --------------------------------------------- Following up on our communication from September 27, 2012, we have now revoked the Adobe code signing certificate for all code signed after July 10, 2012 (00:00 GMT). We have updated the Security Advisory (APSA12-01) to reflect this action. This posting is provided “AS IS” with no warranties and confers no rights. --------------------------------------------- http://blogs.adobe.com/psirt/2012/10/update-to-security-advisory-adobe-revo… *** Windows Escalate UAC Protection Bypass *** --------------------------------------------- Topic: Windows Escalate UAC Protection Bypass Risk: High Text:## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial r... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/M58qqKeG-j8/WLB-20… *** Flame fallout: Microsoft encryption deadline looms Tuesday *** --------------------------------------------- "Starting Tuesday Microsoft platforms will block the use of encryption keys less than 1024 bits so businesses that are still using weaker keys better get busy. Changing the keys the Microsoft software uses isnt that tricky, but finding all the customer and third-party software in corporate networks that use smaller keys could require some searching. Users should download the update and test whether it breaks connections with existing applications before putting it into full production, --------------------------------------------- http://www.csoonline.com/article/718070/flame-fallout-microsoft-encryption-… *** Govt to build global cyber security centre *** --------------------------------------------- "Hague announces plan for new cyber security centre to guard against cyber attack and offer nations advice on improving their cyber defences Foreign secretary William Hague has announced that the government is planning to build a new global cyber security centre of excellence aimed at helping developing nations combat cyber crime. Speaking yesterday at the Budapest Conference on Cyberspace, Hague said the government will invest 2 million per year on the Centre for Global Cyber-Security --------------------------------------------- http://www.information-age.com/channels/security-and-continuity/news/212663… *** Most of the Mass Distributed Malware in Q3 2012 Were Banking Trojans, Study Finds *** --------------------------------------------- "Every once in a while we like to take a look at the quarterly reports issued by security companies to see how the threat landscape evolves. This time well analyze the figures and key findings of Solutionary Security Engineering Research Teams (SERT) Q3 2012 Quarterly Research Report. The figures from the study reveal that malware developers are getting better and better at hiding their creations from antivirus software...." --------------------------------------------- http://news.softpedia.com/news/Most-of-the-Mass-Distributed-Malware-in-Q3-2… *** Mozilla To Bug Firefox Users With Old Adobe Reader, Flash, Silverlight *** --------------------------------------------- An anonymous reader writes "Mozilla today announced it will soon start prompting Firefox users to upgrade select old plugins. This will only affect Windows users, and three plugins: Adobe Reader, Adobe Flash, and Microsoft Silverlight. Mozilla says Firefox users will soon see a notification urging them to update when they visit a web page that uses the plugins." Read more of this story at Slashdot. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/YH6pPZWcwYk/mozilla-to-bug-… *** Fake Panda Cloud Antivirus Hides Data-Stealing Dark Angel Trojan *** --------------------------------------------- "The fake Panda Cloud Antivirus has been found to hide a nasty Trojan called DarkAngle which is designed to steal sensitive details such as passwords and online banking details. Once its executed, the malicious element logs all the commands entered by the victim and sends them back to a command and control server. To make sure that it can harvest as much information as possible, the threat is loaded each time the computer is rebooted...." --------------------------------------------- http://news.softpedia.com/news/Fake-Panda-Cloud-Antivirus-Hides-Data-Steali… *** Tablet security study finds BlackBerry still good for something *** --------------------------------------------- iPad,Galaxy Tab and PlayBook face off in BYOD probe A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/10/05/tablet_secu… *** Bank Hacks: 7 Misunderstood Facts *** --------------------------------------------- "Whos behind the recent online attacks against multiple financial institutions including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo? In recent weeks, all have bit hit by large-scale distributed denial-of-service (DDoS) attacks. Cue website outages and customer outrage...." --------------------------------------------- http://www.informationweek.com/security/attacks/bank-hacks-7-misunderstood-… *** ‘Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks *** --------------------------------------------- Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSAs advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. Im weighting in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/aCWwJrPN238/ *** Botnetz kartographiert das gesamte Internet *** --------------------------------------------- xhtml --------------------------------------------- http://www.heise.de/security/meldung/Botnetz-kartographiert-das-gesamte-Int…

1 0

Tageszusammenfassung - Freitag 5-10-2012
by Daily end-of-shift report 05 Oct '12

05 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 04-10-2012 18:00 − Freitag 05-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** Microsoft Security Bulletin Advance Notification for October 2012 *** --------------------------------------------- "This is an advance notification of security bulletins that Microsoft is intending to release on October 9, 2012. This bulletin advance notification will be replaced with the October bulletin summary on October 9, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...." --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms12-oct *** Linux 3.7 Kernel To Support Multiple ARM Platforms *** --------------------------------------------- hypnosec writes with news that the Linux 3.7 kernel will support multiple ARM-based System on Chip platforms (Git commit page), writing "Up until now there has been a separate Linux kernel build for each of the ARM platforms or SoCs, which is one of the several problems when it comes to ARM based Linux. The merging of ARM multi-platform support into Linux 3.7 will put an end to this problem, enabling the new kernel to not only target multiple platforms but also be more in line with its x86 --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/CCv0Hi9ZkWM/linux-37-kernel… *** No Surprise - Ransomware On the Rise *** --------------------------------------------- "McAfees latest Threats Report shows a 1. 5 million increase in malware since last quarter. 2012 is in fact, far and away the busiest year ever for malware with an estimated total of 100 million malware samples worldwide by Q3 2012...." --------------------------------------------- http://www.infosecisland.com/blogview/22511-No-Surprise-Ransomware-On-the-R… *** Sybase ASE 15.x Java Command Execution *** --------------------------------------------- Topic: Sybase ASE 15.x Java Command Execution Risk: High Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Java Operating System command executi... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bHOU9UjsTIM/WLB-20… *** Botnet Spotted Silently Scanning IPv4 Address Space For Vulnerable VoIP *** --------------------------------------------- "A large peer-to-peer botnet known for its resilience was spotted sniffing out potential victim voice-over-IP (VoIP) servers using an advanced stealth technique of camouflaging its efforts to recruit new bots. The Sality botnet, which was first discovered in 2003 and has been estimated to have hundreds of thousands or more infected machines in its zombie army, scanned IPv4 addresses in February 2011 via a covert scanning method that flew under the radar, according to new research from the --------------------------------------------- http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabi… *** Facebook scannt private Nachrichten *** --------------------------------------------- Wenn ein Link zu einer Webseite, die einen Facebook Like-Button eingebunden hat, in einer privaten Nachricht versendet wird, erhöht sich der Like-Zähler. Das bedeutet, dass die Inhalte der Nachrichten von Facebook gescannt werden müssen. --------------------------------------------- http://futurezone.at/digitallife/11724-facebook-scannt-private-nachrichten.… *** VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html, (Fri, Oct 5th) *** --------------------------------------------- Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14242&rss *** Visualizing the ZeroAccess botnet in Google Earth *** --------------------------------------------- "The ZeroAccess botnet is a very widespread malware threat that has been infecting computers around the world for years. Its estimated that the current version of ZeroAccess has been installed over nine million times, with roughly one million PCs still infected. The folks at F-Secure have plotted nearly 140,000 infections on Google Earth, based on the IP address of the infected computer, and the result is an amazing (and rather scary) map...." --------------------------------------------- http://www.gearthblog.com/blog/archives/2012/10/visualizing_the_zeroaccess_… *** Cyber crooks should make you very nervous *** --------------------------------------------- "Federal undercover agents are resorting to show and tell to combat a growing menacecriminal hackers. The Justice Department has been making headlines by publicizing prosecutions, disclosing investigative techniques and revealing findings before clinching guilty verdicts. Sure, calling attention to charges and arrests could discourage digital invaders...." --------------------------------------------- http://www.nextgov.com/cybersecurity/2012/10/cyber-crooks-should-make-you-v… *** Vuln: Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities *** --------------------------------------------- Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/54569 *** lost+found: Vom Versuch eine Ente wieder einzufangen *** --------------------------------------------- Das Magazin hakin9 ist einem Troll-Versuch aufgesessen und hat einen peinlichen Nonsens-Artikel veröffentlicht: Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning (man beachte die Abkürzung DICKS). Angesichts prominenter Autoren, deren Namen sich wie ein Who-is-Who der Security-Szene lesen, fiel offensichtlich niemandem mehr auf, dass Sätze wie "NMAP requires root access in order to allow B-trees" absolut keinen Sinn ergeben. --------------------------------------------- http://www.heise.de/security/meldung/lost-found-Vom-Versuch-eine-Ente-wiede… *** "Universal Man in the Browser": Datenklau in Echtzeit *** --------------------------------------------- Die amerikanische Sicherheitsfirma Trusteer hat eine neue Form der "Man in the Browser"-Attacke (MitB) ausgemacht, die niederschwelliger und effizienter als bereits bekannte MitB sein soll. Das Besondere an dem Spionageprogramm ist die eingebaute Logik, die es erlaubt, die gestohlenen Daten in Echtzeit auszuwerten und möglichst schnell einem Weiterverkauf zugänglich zu machen. Trusteer nennt diese neue Form 'Universal Man in the Browser' (uMitB). --------------------------------------------- http://www.heise.de/security/meldung/Universal-Man-in-the-Browser-Datenklau… *** Blacklist RFC-Ignorant.org stellt den Betrieb ein *** --------------------------------------------- Postmaster und andere Netz-Administratoren sollten RFC-Ignorant.org umgehend aus ihren Server-Konfigurationen entfernen. Die Meldestelle gegen Netzmissbrauch beantwortet bereits sämtliche Anfragen mit "Eintrag nicht vorhanden". --------------------------------------------- http://www.heise.de/security/meldung/Blacklist-RFC-Ignorant-org-stellt-den-…

1 0

Tageszusammenfassung - Donnerstag 4-10-2012
by Daily end-of-shift report 04 Oct '12

04 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 03-10-2012 18:00 − Donnerstag 04-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner *** IETF Starts Work On Next-Generation HTTP Standards *** --------------------------------------------- alphadogg writes "With an eye towards updating the Web to better accommodate complex and bandwidth-hungry applications, the Internet Engineering Task Force has started work on the next generation of HTTP, the underlying protocol for the Web. The HTTP Strict Transport Security (HSTS), is a security protocol designed to protect Internet users from hijacking. The HSTS is an opt-in security enhancement whereby web sites signal browsers to always communicate with it over a secure connection. If --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JocJDH2CeQw/ietf-starts-wor… *** Microsoft wins permanent settlement against Nitol botnet *** --------------------------------------------- "Microsoft has won a battle to permanently disrupt a haven for the Nitol botnet that it discovered within an Internet domain controlled by a Chinese ISP. The company has signed a private settlement that Peng Yong and Changzhou Bei Te Kang Mu Software Technology Co., Ltd., will block all connections to designated malicious subdomains of the 3322. org domain controlled by Peng and Bei Te Kang Mu Software...." --------------------------------------------- http://www.csoonline.com/article/717879/microsoft-wins-permanent-settlement… *** Google Glass, Augmented Reality Spells Data Headaches *** --------------------------------------------- Nervals Lobster writes "Google seems determined to press forward with Google Glass technology, filing a patent for a Google Glass wristwatch. As pointed out by CNET, the timepiece includes a camera and a touch screen that, once flipped up, acts as a secondary display. In the patent, Google refers to the device as a smart-watch. Whether or not a Google Glass wristwatch ever appears on the marketplace � just because a tech titan patents a particular invention doesnt mean its bound for --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/lVDzxD_8kXY/google-glass-au… *** How to Protect against Denial of Service Attacks: Refresher *** --------------------------------------------- "With all of the information about DoS attacks in recent months, it is easy to blame banks and say that they didnt have the proper security controls in place to withstand this type of attack, but in reality things are not that simple. So, how does this happen? Is it preventable?..." --------------------------------------------- http://www.infosecisland.com/blogview/22518-How-to-Protect-against-Denial-o… *** Europe joins forces in Cyber Europe 2012 *** --------------------------------------------- "Today, more than 300 cyber security professionals across Europe join forces to counter a massive simulated cyber-attack in the 2nd pan-European Cyber Exercise, Cyber Europe 2012. The exercise builds on and ties together extensive activities at both the national and European level to improve the resilience of critical information infrastructures. As such, Cyber Europe 2012 is a major milestone in the efforts to strengthen cyber crisis cooperation, preparedness and response across --------------------------------------------- http://www.enisa.europa.eu/media/press-releases/europe-joins-forces-in-cybe… *** Neue Oracle-Hacks *** --------------------------------------------- Die Sicherheitsexperten Laszlo Toth und Ferenc Spala haben im Rahmen der Konferenz DerbyCon 2.0 eine Reihe von zum Teil neuartigen Angriffen auf Oracle-Datenbanken und SQL-Server vorgestellt und dabei auch gleich die entsprechenden Werkzeuge dazu ver�ffentlicht. --------------------------------------------- http://www.heise.de/security/meldung/Neue-Oracle-Hacks-1722784.html/from/at… *** Middle East cyberattacks on Google users increasing *** --------------------------------------------- "Here we go again. Three months after it first began warning users of state-sponsored cyber attacks, Google is saying that the assault has only intensified. The New York Times reports that since it began warning users of state-sponsored attacks, "it has picked up thousands more instances of cyberattacks than it anticipated." Many of the attacks appear to be originating in the Middle East...." --------------------------------------------- http://news.cnet.com/8301-1009_3-57525334-83/middle-east-cyberattacks-on-go… *** Gut choreografierte dDoS-Attacken gegen US-Gro�banken *** --------------------------------------------- Mehrere US-Gro�banken, unter anderem Wells Fargo, PNC Financial Service Group, U.S. Bancorp, Citigroup, JPMorgan und Bank of America, sahen sich in den letzten Tagen einer Vielzahl von professionell gef�hrten DDoS-Attacken ausgesetzt. --------------------------------------------- http://www.heise.de/security/meldung/Gut-choreografierte-dDoS-Attacken-gege… *** Bugtraq: [security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information *** --------------------------------------------- [security bulletin] HPSBMU02817 SSRT100950 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/524302

1 0

Tageszusammenfassung - Mittwoch 3-10-2012
by Daily end-of-shift report 03 Oct '12

03 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 02-10-2012 18:00 − Mittwoch 03-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Otmar Lendl *** SHA-3 Winner Announced *** --------------------------------------------- An anonymous reader writes "The National Institute of Standards and Technology (NIST) has just announced the winner of the SHA-3 competition: Keccak, created by Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics and Michaël Peeters of NXP Semiconductors. Keccak has the added advantage of not being vulnerable in the same ways SHA-2 might be, says NIST computer security expert Tim Polk. An attack that could work on SHA-2 most likely would not work on Keccak because --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/eoZNXkbqy3w/sha-3-winner-an… *** Twitter account hijacking exposes easy-to-exploit security flaw *** --------------------------------------------- "The hijacking of the Twitter account that belongs to user Daniel Dennis Jones and his subsequent investigation into the matter has revealed a Twitter security weakness that makes it easy for hackers to do the same to all users that employ short and uninventive passwords, reports BuzzFeed. Over the weekend Jones - an early Twitter adopter who managed to snag himself the @blanket Twitter account - was unpleasantly surprised when he received an email from Twitter telling him his password had --------------------------------------------- http://www.net-security.org/secworld.php?id=13708 *** Handshakes Professional 4.1 SQL Injection *** --------------------------------------------- Topic: Handshakes Professional 4.1 SQL Injection Risk: Medium Text:HTTPCS Advisory : HTTPCS70 Product : Handshakes Professional Version : 4.1 Date : 2012-10-01 Criticality level : Highly Cri... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/AGsJ6_RuY30/WLB-20… *** Microsoft Reaches Settlement with Site Linked to Nitol Botnet *** --------------------------------------------- "Microsoft announced today its reached a settlement with the operator of a Chinese Web site whose domain and sub-domains hosted more than 500 kinds of malware, including the Nitol botnet found on brand new computers. In a lawsuit filed two weeks ago by the software giant, Microsoft alleged the domain 3322. org hosted Nitol, which was found being preloaded onto computers during an investigation into supply chain security last August...." --------------------------------------------- http://threatpost.com/en_us/blogs/microsoft-reaches-settlement-site-linked-… *** Sicherheit - Iran: Cyberattacken kappen Internetzugang *** --------------------------------------------- Infrastruktur wurden mit mehreren Gigabyte pro Sekunde bombardiert --------------------------------------------- http://derstandard.at/1348284881692/Iran-Cyberattacken-kappen-Internetzugang

1 0

Tageszusammenfassung - Dienstag 2-10-2012
by Daily end-of-shift report 02 Oct '12

02 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 01-10-2012 18:00 − Dienstag 02-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** SQL Injection bei Trend Micro Control Manager *** --------------------------------------------- Ein Update beseitigt eine SQL-Injection-Lücke in Trends Security-Management-Plattform. --------------------------------------------- http://www.heise.de/security/meldung/SQL-Injection-bei-Trend-Micro-Control-… *** Cisco CallManager vulnerable to brute force attack *** --------------------------------------------- "Roberto Suggi Liverani, founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager)...." --------------------------------------------- http://thehackernews.com/2012/10/cisco-callmanager-vulnerable-to-brute.html *** Expert fingers DDoS toolkit used in bank cyberattacks *** --------------------------------------------- "Cyberattackers who disrupted the websites of U.S. banks over the last two weeks used a highly sophisticated toolkit -- a finding that points to a well-funded operation, one security vendor said on Monday. Prolexic Technologies said the distributed denial of service (DDoS) toolkit called itsoknoproblembro was used against some of the banks which included Wells Fargo, U.S. Bank, PNC Bank, Bank of America and JPMorgan Chase. Each of the banks was struck on separate days...." --------------------------------------------- http://www.csoonline.com/article/717727/expert-fingers-ddos-toolkit-used-in… *** IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force *** --------------------------------------------- Topic: IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force Risk: Low Text:I want to warn you about Brute Force, Cross-Site Scripting, Cross-Site Request Forgery and Redirector vulnerabilities in IBM ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Gq2FiubAbh0/WLB-20… *** Switchvox Asterisk 5.1.2 Cross Site Scripting *** --------------------------------------------- Topic: Switchvox Asterisk 5.1.2 Cross Site Scripting Risk: Low Text:Title: Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/KtK8D-i6E-o/WLB-20… *** OPlayer 2.0.05 iOS Cross Site Scripting *** --------------------------------------------- Topic: OPlayer 2.0.05 iOS Cross Site Scripting Risk: Low Text:Title: OPlayer v2.0.05 iOS - Multiple Web Vulnerabilities Date: == 2012-10-01 References: == http://www.... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/NytSNRlZ814/WLB-20… *** GTA UTM Firewall GB 6.0.3 Cross Site Scripting *** --------------------------------------------- Topic: GTA UTM Firewall GB 6.0.3 Cross Site Scripting Risk: Low Text:Title: GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http:... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/vljvCj4a1PU/WLB-20… *** DDoS attacks reach new level of sophistication *** --------------------------------------------- "Prolexic Technologies warned of an escalating threat from unusually large and highly sophisticated DDoS attacks. The DDoS attacks have been launched in the last week using the so-called itsoknoproblembro DDoS toolkit. The malicious actor(s) behind the attacks have used this potent tool in conjunction with sophisticated attack methods that clearly demonstrate knowledge of common DDoS mitigation methods...." --------------------------------------------- http://www.net-security.org/secworld.php?id=13704 *** How a single spam from China ended up as an attack on the White House *** --------------------------------------------- "FoxNews leads today with a dramatic story entitled "Washington confirms Chinese hack attack on White House computer."In other important news, experts confirmed that there was a "high probability" that tomorrow, 03 October 2012, due to the rotation of the earth on its axis, the sun would once again give the impression of rising in the East. They also claimed that dinosaurs would "in all likelihood" continue in their state of alleged extinction.(You read it --------------------------------------------- http://nakedsecurity.sophos.com/2012/10/02/how-a-single-spam-from-china-end… *** Bugtraq: CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9 *** --------------------------------------------- CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9 --------------------------------------------- http://www.securityfocus.com/archive/1/524273 *** [papers] - A Pentesters Guide to Hacking OData *** --------------------------------------------- A Pentesters Guide to Hacking OData --------------------------------------------- http://www.exploit-db.com/download_pdf/21664 *** PCI Security Standard: Mobile Payment Acceptance Security Guidelines, (Tue, Oct 2nd) *** --------------------------------------------- What would Cyber Security Awareness Month with a Standards theme be without discussing some semblance of PCI-related content? Carefully avoiding the debate over the benefits and drawback of PCI DSS, Ill instead focus on a recent read with a quick summary of PCI Mobile Payment Acceptance Security Guidelines for Developers. This guideline hit my radar on 14 SEP courtesy of Ians Dragon News Bytes and was intriguing as I had just published Mobile application security best practices in a BYOD world --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14206&rss *** Bugtraq: [security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information *** --------------------------------------------- [security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information --------------------------------------------- http://www.securityfocus.com/archive/1/524275

1 0

Tageszusammenfassung - Montag 1-10-2012
by Daily end-of-shift report 01 Oct '12

01 Oct '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-09-2012 18:00 − Montag 01-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: openCryptoki Multiple Insecure File Creation Vulnerabilities *** --------------------------------------------- openCryptoki Multiple Insecure File Creation Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55627 *** Did NSA Put a Secret Backdoor in New Encryption Standard? *** --------------------------------------------- "Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency...." --------------------------------------------- http://cyberwarzone.com/did-nsa-put-secret-backdoor-new-encryption-standard *** Security Advisory: Adobe to Revoke Code Signing Certificate (APSA12-01) *** --------------------------------------------- A Security Advisory (APSA12-01) has been posted in regards to the misuse of an Adobe code signing certificate. Adobe plans to revoke the certificate on October 4, 2012 for all software code signed after July 10, 2012. Adobe is in the process of issuing updates for all affected products using a new digital certificate. For [...] --------------------------------------------- http://blogs.adobe.com/psirt/2012/09/security-advisory-adobe-to-revoke-code… *** Scary New Malware Uses Your Phone To Make A Map Of Your House For Robbers *** --------------------------------------------- "If you arent careful, much of the tech you hold near and dear can be used against you. An app called PlaceRaider, for instance, can use your phone to build a full 3D map of your house, all without you suspecting a thing. Developed by Robert Templeman at the Naval Surface Warfare centre and a few buddies from the University of Indiana, PlaceRader hijacks your phones camera and takes a series of secret photographs, recording the time, and the phones orientation and location with each --------------------------------------------- http://www.gizmodo.com.au/2012/09/scary-new-malware-uses-your-phone-to-make… *** A Convenient Scapegoat - Why All Cyber Attacks Originate in China *** --------------------------------------------- "A fairy tale has crept its way into the collective western InfoSec mindset and poisoned the well of reason and rational thought. I am referring to what I like to term, Lazy Neo-McArthyism, i.e. blaming the Red Menace, a.k. a China. It seems that every other cyber-incident, security breach or strain of malware is attributed to the superpower of the east...." --------------------------------------------- http://www.securityweek.com/convenient-scapegoat-why-all-cyber-attacks-orig… *** In a Zero-Day World, It’s Active Attacks that Matter *** --------------------------------------------- The recent zero-day vulnerability in Internet Explorer caused many (present company included) to urge Internet users to consider surfing the Web with a different browser until Microsoft issued a patch. Microsoft did so last month, but not before experts who ought to have known better began downplaying such advice, pointing out that other browser makers have more vulnerabilities and just as much exposure to zero-day flaws. This post examines hard data that shows why such reasoning is more --------------------------------------------- http://feedproxy.google.com/~r/KrebsOnSecurity/~3/kKKkx4TbxfY/ *** LG NAS Users and password hash disclosure *** --------------------------------------------- Topic: LG NAS Users and password hash disclosure Risk: High Text:# Exploit Title: LG NAS Users and password hash disclosure # Date: 2012-09-29 # Vendor Homepage: http://www.lg.com/ # Versio... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/_NaxSfrogiM/WLB-20… *** Internet scan finds thousands of device flaws, system weaknesses *** --------------------------------------------- "A scan of the Internet over 20 days has yielded terabytes of data and also some alarming weaknesses including misconfigured routers, vulnerability riddled databases and more than 1,000 exposed passwords. Its a project that HD Moore calls his hobby. The Internet-wide survey looked for open TCP ports, SNMP system descriptions, MDNS responders, UPNP endpoints and NetBIOS name queries...." --------------------------------------------- http://searchsecurity.techtarget.com/news/2240164210/Internet-scan-finds-th…

1 0

Tageszusammenfassung - Freitag 28-09-2012
by Daily end-of-shift report 28 Sep '12

28 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-09-2012 18:00 − Freitag 28-09-2012 18:00 Handler: Stephan Richter *** ISC Feature of the Week: Glossary, (Thu, Sep 27th) *** --------------------------------------------- Overview Our feature today is a page we just launched, the Glossary:Terms and Definitions page at https://isc.sans.edu/glossary.html! This page allows for browsing and list filtering of Computer and Security-related terms and definitions. There is also an API at https://isc.sans.edu/api/#glossary which Ill also detail below. We will soon be adding a Suggest a New Term or Definition form where you can contribute your thoughts to the list. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14188&rss *** Vuln: CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability *** --------------------------------------------- CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55570 *** Updated IEEE Statement on Security Incident *** --------------------------------------------- "We deeply regret the exposure of user IDs and passwords that we became aware of on 24 September 2012. We would like to take this opportunity to explain to our members and customers the circumstances under which the exposure occurred and provide assurances with respect to IEEEs security processes and policies. IEEE follows security best practices based on ISO and NIST standards...." --------------------------------------------- http://www.ieee.org/about/news/2012/27september_2012.html *** Adobe scrambles to revoke stolen cert *** --------------------------------------------- Malware signed as Adobe software Adobe has revealed an attack that compromised some of its software development servers, resulting in its code signing certificate being used to disguise malware as Adobe software. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/27/adobe_cert_… *** Cisco beseitigt angebliche DoS-Lücken *** --------------------------------------------- Acht Sicherheitslücken in Ciscos Router-Betriebssystem Cisco IOS beseitigt der Hersteller mit Updates, die zum fälligen halbjährlichen Patchday veröffentlicht wurden. Eine im Session Initiation Protocol (SIP) betrifft auch den Cisco Unified Communications Manager. Alle Lücken erlauben es nach Ciscos Einschätzung maximal, den betroffenen Dienst lahm zu legen. --------------------------------------------- http://www.heise.de/security/meldung/Cisco-beseitigt-angebliche-DoS-Luecken… *** Fast alle Hersteller von Steuercode-Problem in Android betroffen *** --------------------------------------------- Von der anfänglich Samsung zugeschriebenen Android-Steuercode-Schwachstelle sind anscheinend potenziell die meisten Smartphones und UMTS-Tablets betroffen, auf denen Ice Cream Sandwich (Version 4.0.x) oder eine ältere Android-Version läuft. Google hat den Code im Wählprogramm im Juli mit Version 4.1.1 aktualisiert, damit Steuercodes nicht mehr automatisch ausgeführt werden. --------------------------------------------- http://www.heise.de/security/meldung/Fast-alle-Hersteller-von-Steuercode-Pr…

1 0

Tageszusammenfassung - Donnerstag 27-09-2012
by Daily end-of-shift report 27 Sep '12

27 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 26-09-2012 18:00 − Donnerstag 27-09-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** Vuln: 389 Directory Server Access Bypass Vulnerability *** --------------------------------------------- 389 Directory Server Access Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55690 *** Vuln: Zend Framework Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- Zend Framework Multiple Cross Site Scripting Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55636 *** Do Reverse Proxies Provide Real Security? *** --------------------------------------------- "In the process of building / designing the infrastructure for a new project the following question was asked: shouldnt we use a reverse proxy to secure or protect the web servers? Of course the first question I asked myself is do reverse proxies provide real security? or is this a best / common practice that has been adopted without foundation?..." --------------------------------------------- http://www.infosecisland.com/documentview/22458-Do-Reverse-Proxies-Provide-… *** Maker of Smart-Grid Control Software Hacked *** --------------------------------------------- "The maker of an industrial control system designed to be used with so-called smart grid networks disclosed to customers last week that hackers had breached its network and accessed project files related to a control system used in portions of the electrical grid. Telvent, which is owned by Schneider Electric, told customers in a letter that on Sept. 10 it learned of the breach into its network. The attackers installed malicious software on the network and also accessed project files for --------------------------------------------- http://www.wired.com/threatlevel/2012/09/scada-vendor-telvent-hacked/ *** Cisco IOS Security Advisory Bundle - http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html, (Thu, Sep 27th) *** --------------------------------------------- -Kevin -- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14185&rss http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep12.html *** Netzbetreiber sehen Domain Name System durch Attacken zunehmend in Gefahr *** --------------------------------------------- Groß angelegte Attacken auf DNS-Server sind in den vergangenen Monaten sprunghaft angestiegen. Angriffe, die die Netze mit Datenraten von 50 bis 100 Gigabit/Sekunde in die Knie zwingen, seien an der Tagesordnung, sagte Paul Vixie, Gründer des Internet Systems Consortium (ISC). --------------------------------------------- http://www.heise.de/security/meldung/Netzbetreiber-sehen-Domain-Name-System… *** EU Banks Not Prepared for Attacks - Experts Cite Inadequate Controls, Information Sharing *** --------------------------------------------- "Website outages that so far have targeted five leading U.S. banks should serve as a warning to global institutions of cyberthreats to come. Yet, major European institutions are not prepared to prevent or respond to such attacks, according to fraud and security experts at the European Network and Information Security Agency and Barclays, one of the worlds leading banks."What I see so much in Europe, especially in the U.K., is that no one wants to talk about the attacks theyre... --------------------------------------------- http://www.bankinfosecurity.com/eu-banks-prepared-for-attacks-a-5144 *** [webapps] - Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth) *** --------------------------------------------- Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection (post-auth) --------------------------------------------- http://www.exploit-db.com/exploits/21546 *** [webapps] - JAMF Casper Suite MDM CSRF Vulnerability *** --------------------------------------------- JAMF Casper Suite MDM CSRF Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/21545 *** Bugtraq: NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution *** --------------------------------------------- NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution --------------------------------------------- http://www.securityfocus.com/archive/1/524248 *** Bugtraq: XSS in OSSEC wui 0.3 *** --------------------------------------------- XSS in OSSEC wui 0.3 --------------------------------------------- http://www.securityfocus.com/archive/1/524247 *** Cyber Security Bulletin SB12-269 - Vulnerability Summary for the Week of September 17, 2012 *** --------------------------------------------- "High Vulnerabilities : adobe -- flash_playeranecms -- anecmsapple -- mac_os_xapple -- mac_os_xbananadance -- banana_dancebioinformatics -- ordersysMedium Vulnerabilities:apache -- wicketapache -- cxfapple -- safariapple -- mac_os_xapple -- iphone_osblairwilliams -- pretty_link_lite_pluginburnsy -- jbshop_pluginLow Vulnerabilities:63reasons -- supercronalex_barth -- dataalquimia -- managesitecisco -- ioscollectivecolors -- taxonomy_view_integrator_moduledmitry_loac -- taxotouch..." --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB12-269.html#top *** News, Technologies and Techniques: Why SSD Drives Destroy Court Evidence, and What Can Be Done About It: Part 1 *** --------------------------------------------- Solid State drives SSD introduced dramatic changes to the principles of computer forensics. Forensic acquisition of computers equipped with SSD storage is very different from how we used to acquire PCs using traditional magnetic media. read more --------------------------------------------- http://www.dfinews.com/article/why-ssd-drives-destroy-court-evidence-and-wh…

1 0

Tageszusammenfassung - Mittwoch 26-09-2012
by Daily end-of-shift report 26 Sep '12

26 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 25-09-2012 18:00 − Mittwoch 26-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities *** --------------------------------------------- HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55272 *** Espionage Hackers Target Watering Hole Sites *** --------------------------------------------- "Security experts are accustomed to direct attacks, but some of todays more insidious incursions succeed in a roundabout way by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called watering hole tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities --------------------------------------------- http://krebsonsecurity.com/2012/09/espionage-hackers-target-watering-hole-s… *** QNX QCONN Remote Command Execution Vurnerability *** --------------------------------------------- Topic: QNX QCONN Remote Command Execution Vurnerability Risk: High Text:# Title : QNX QCONN Remote Command Execution Vurnerability # Version : QNX 6.5.0 >= , QCONN >= 1.4.207944 # Download: http://... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/ZxigkLQDTgU/WLB-20… *** Samba 3.6.3 remote root exploit *** --------------------------------------------- Topic: Samba 3.6.3 remote root exploit Risk: High Text:#!/usr/bin/python # # finding targets 4 31337z: # gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk {... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/JMaQdgM9SUg/WLB-20… (Kommentar: aktuell ist Samba 3.6.8, manche Long-Term Distributionen wie Debian liefern aber noch älteres wie 3.5.6 aus) *** phpMyAdmin mit Backdoor *** --------------------------------------------- Zeitweise wurde über einen der offiziellen Download-Server eine manipulierte Version des Datenbankverwaltungstools verteilt, die ein Backdoor-Skript enthält. --------------------------------------------- http://www.heise.de/security/meldung/phpMyAdmin-mit-Backdoor-1717377.html/f… *** Schutz vor Fernlöschung von Samsung-Smartphones *** --------------------------------------------- Einige Samsung-Smartphones kann man durch eine präparierte Webseite oder spezielle SMS ohne Einwilligung des Besitzers aus der Ferne löschen, wie am gestrigen Dienstag bekannt wurde. In Googles App-Shop Google Play gibt es nun das kostenlose Tool NoTelURL von Jörg Voss, das dafür sorgt, dass die USSD-Steuercodes nicht mehr ohne Zutun des Nutzers ausgeführt werden. --------------------------------------------- http://www.heise.de/security/meldung/Schutz-vor-Fernloeschung-von-Samsung-S… *** More Java Woes, (Wed, Sep 26th) *** --------------------------------------------- A number of readers alerted us of news reports stating that new full sandbox escape vulnerabilities had been reported to Oracle. At this point, there are no details available as to the nature of these vulnerabilities, and there is no evidence that any of these vulnerabilities are exploited. However, it is widely known that Oracle is working on a substantial backlog of these vulnerabilities. It is still recommended to use Java with caution. Some best practices: - Uninstall Java if you dont need --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14179&rss *** Malicious PhpMyAdmin Served From SourceForge Mirror *** --------------------------------------------- An anonymous reader writes with a bit of news about the compromised download of phpMyAdmin discovered on an sf.net mirror yesterday: "A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software. The file — phpMyAdmin-3.5.2.2-all-languages.zip — was modified to include a backdoor that allowed attackers to --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/15L5Bg-UnmY/malicious-phpmy… *** Vuln: libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability *** --------------------------------------------- libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51084

1 0

Tageszusammenfassung - Dienstag 25-09-2012
by Daily end-of-shift report 25 Sep '12

25 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 24-09-2012 18:00 − Dienstag 25-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Book Review: Digital Forensics For Handheld Devices *** --------------------------------------------- benrothke writes "Todays handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed." Read on for the rest of Bens review. Read more of --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fpv3Or7g974/book-review-dig… *** Schneier: We Dont Need SHA-3 *** --------------------------------------------- Trailrunner7 writes with this excerpt from Threatpost: "For the last five years, NIST, the government body charged with developing new standards for computer security, among other things, has been searching for a new hash function to replace the aging SHA-2 function. Five years is a long time, but this is the federal government and things move at their own pace in Washington, but NIST soon will be announcing the winner from the five finalists that were chosen last year. Despite the --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fJ7xmIOdp-o/schneier-we-don… *** Java SE 5/6/7 critical security issue *** --------------------------------------------- Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/VECe3FilPLE/WLB-20… *** Samsung-Smartphones aus der Ferne löschbar *** --------------------------------------------- Der Sicherheitsexperte Ravi Borgaonkar hat auf der Hackerkonferenz Ekoparty demonstriert, dass man Android-Smartphones von Samsung, bei denen der Hersteller die Android-Version mit eigener Software angepasst hat, aus der Ferne auf Werkseinstellungen zurücksetzen kann. Kern des Angriffs ist eine Schwachstelle im Samsung-eigenen Wählprogramm, durch die einzelne Smartphone-Varianten ohne Rückfrage sogenannte USSD-Codes (Unstructured Supplementary Service Data) ausführen, die über speziell präparierte Links übergeben werden. Der Code *2767*3855# sorgt dafür, dass das Handy sofort mit dem Zurücksetzen beginnt. --------------------------------------------- http://www.heise.de/security/meldung/Samsung-Smartphones-aus-der-Ferne-loes… *** Data Breach Reveals 100k IEEE.org Members Plaintext Passwords *** --------------------------------------------- First time accepted submitter radudragusin writes "IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100.000 compromised users are Apple, Google, IBM, Oracle and Samsung --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HCjl46a-6mM/data-breach-rev…

1 0

Tageszusammenfassung - Montag 24-09-2012
by Daily end-of-shift report 24 Sep '12

24 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-09-2012 18:00 − Montag 24-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** 1st It Security Industrial & Automation *** --------------------------------------------- "The IT Security & Industrial Automation 2012 on 13 and 14. 11. 2012 in Leipzig is the first conference of isits AG on protection of production and automation, which takes place in cooperation with escrypt GmbH and TV Rheinland...." --------------------------------------------- http://www.itsec-process.info/ *** Conference: Secure Communication for Energy Networks *** --------------------------------------------- "Focus of the second Conference Think smart - secure communication for energy networks, the issue of IT security is about smart energy, with particular emphasis in smart grids. With practical examples, current trends in the development, but also the security of smart technology and power grids are presented. Manufacturers of smart energy, utilities, and software quality assurance company manufacturers demonstrate the current situation with national and international pilot projects...." --------------------------------------------- http://www.thinksmart-energy.info/ *** Update - Sicherheitslücke in Microsofts Internet Explorer geschlossen *** --------------------------------------------- Umfangreiches Update veröffentlicht - auch eine Lücke im Flash-Player wurde behoben --------------------------------------------- http://text.derstandard.at/1348283691198/Sicherheitsluecke-in-Microsofts-In… *** Vuln: ZEN Load Balancer Multiple Security Vulnerabilities *** --------------------------------------------- ZEN Load Balancer Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55638 *** Google Go language gets used: For file-scrambling trojan, though *** --------------------------------------------- No-one sure why mobe rooter VXers like obscure lingo Virus writers are experimenting with Googles Go as a programming language for malware.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/24/google_go_t… *** IP-Adressverwaltung RIPE diskutiert Aktuelles zu DNS, IPv6, Routing *** --------------------------------------------- Seit dem heutigen Montag treffen sich in niederländischen Amsterdam Vertreter der am europäischen Adressverwalter RIPE beteiligten Unternehmen und Verbände zum 65. RIPE-Meeting. Die jährliche Tagung befasst sich bis zum Ende der Woche mit Vorträgen und Diskussionen zu aktuellen Entwicklungen bei der regionalen Internet Registry. Einige Themen wie das Domain Name System, das Internet Protocol Version 6 (IPv6) oder das Routing bearbeiten die Teilnehmer in Arbeitsgruppen während dieser Zeit. --------------------------------------------- http://www.heise.de/newsticker/meldung/IP-Adressverwaltung-RIPE-diskutiert-… *** Update für PostgreSQL 9.1 und 9.2 behebt kritische Fehler *** --------------------------------------------- Für die erst kürzlich veröffentlichte Version 9.2 der freien relationalen Datenbank PostgreSQL sowie für die Vorgängerversion 9.1 stehen Updates bereit, die zwei kritische Fehler beheben. Sie könnten zu beschädigten Datenbankindizes oder anderen Defekten führen, schreiben die Entwickler. --------------------------------------------- http://www.heise.de/newsticker/meldung/Update-fuer-PostgreSQL-9-1-und-9-2-b… *** Vuln: PHP CVE-2012-0057 Security Bypass Vulnerability *** --------------------------------------------- PHP CVE-2012-0057 Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/51806

1 0

Tageszusammenfassung - Freitag 21-09-2012
by Daily end-of-shift report 21 Sep '12

21 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-09-2012 18:00 − Freitag 21-09-2012 18:00 Handler: Stephan Richter *** Vuln: WebKit Multiple Unspecified Memory Corruption Vulnerabilities *** --------------------------------------------- WebKit Multiple Unspecified Memory Corruption Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55534 *** BitTorrent Users DDoS Websites Without Knowing *** --------------------------------------------- "Millions of BitTorrent users are unknowingly DDoSing websites because publishers of popular torrents mistakenly add website URLs as trackers. The DDoSes drag websites down and their operators have very few options to mitigate these attacks. But, thanks to a new BitTorrent protocol enhancement this is about to change...." --------------------------------------------- http://torrentfreak.com/bittorrent-users-ddos-websites-without-knowing-1209… *** Critical flaw exposes Oracle database passwords *** --------------------------------------------- Vuln leaves barn door open to brute-force attacks A security researcher says some versions of the Oracle database contain a vulnerability so serious that anyone with access to the server over a network can crack database passwords using a basic brute-force attack, given nothing more than the name of the database and a valid username.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/21/oracle_11g_… *** Vuln: Condor Multiple Security Bypass Vulnerabilities *** --------------------------------------------- Condor Multiple Security Bypass Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55632 *** Vuln: Red Hat Enterprise MRG Grid Multiple Remote Vulnerabilities *** --------------------------------------------- Red Hat Enterprise MRG Grid Multiple Remote Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55618 *** Will You Be More Secure if You Abandon Internet Explorer? *** --------------------------------------------- "The German government is urging people to abandon Internet Explorer to avoid zero-day attacks currently circulating in the wild. Microsoft is scrambling to develop a patch to address the problem. The dirty secret, though, is the attack relies on Java being present, so Java--not Internet Explorer--is the Achilles heel of this equation...." --------------------------------------------- http://www.cio.com/article/716711/Will_You_Be_More_Secure_if_You_Abandon_In…

1 0

Tageszusammenfassung - Donnerstag 20-09-2012
by Daily end-of-shift report 20 Sep '12

20 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-09-2012 08:00 − Donnerstag 20-09-2012 18:00 Handler: Stephan Richter Co-Handler: Matthias Fraidl *** Apple and Cisco Security Advisories (Thu, Sep 20th) *** --------------------------------------------- Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities. Advisory ID: cisco-sa-20120620-ac Apple security updates: APPLE-SA-2012-09-19-1 iOS 6 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 APPLE-SA-2012-09-19-3 Safari 6.0.1 Russ McRee | @holisticinfosec (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14143&rss *** Microsoft flickt kritische Internet-Explorer-Lücke *** --------------------------------------------- Microsoft hat ein Fix-it-Tool herausgegeben, mit dem die kritische Schwachstelle im Internet Explorer bis zum Erscheinen eines Patches provisorisch abgedichtet werden kann. Den endgültigen Patch will das Unternehmen ab dem morgigen Freitag über Windows Update verteilen, wie es in seinem Sicherheitsblog angekündigt hat. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-flickt-kritische-Internet-Ex… *** Sophos antivirus classifies its own update kit as malware *** --------------------------------------------- Fix issued swiftly, but naturally difficult to install! Sophos users woke up to mayhem on Thursday after the business-focussed antivirus firm released an update that classified itself and any other update utility as a virus. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/20/sophos_auto… *** IPv6: Nachholbedarf bei Sicherheitslösungen *** --------------------------------------------- Unternehmen sollten besonderes Augenmerk auf die IPv6-Fähigkeit bei Sicherheitssystemen legen. Konkret heißt das, dass sie beim Kauf von Sicherheits-Devices auf explizite IPv6-Unterstützung achten sollten. Dabei ist ein genauer Blick in die Featureliste wichtig, denn der Teufel steckt wie so oft im Detail, wie die dem Artikel zugrunde liegende Studie ergab. --------------------------------------------- http://www.heise.de/security/meldung/IPv6-Nachholbedarf-bei-Sicherheitsloes… *** Android Hacked Via NFC On the Samsung Galaxy S 3 *** --------------------------------------------- An anonymous reader writes with an item from The Next Web: "Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam [Wednesday] demonstrated how to hack Android through a Near Field Communication (NFC) vulnerability. The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZEgBeoGKrTk/android-hacked-…

1 0

Tageszusammenfassung - Mittwoch 19-09-2012
by Daily end-of-shift report 19 Sep '12

19 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-09-2012 18:00 − Mittwoch 19-09-2012 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Bugtraq: NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email *** --------------------------------------------- *** Bugtraq: NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account *** --------------------------------------------- *** Bugtraq: NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure *** --------------------------------------------- *** Bugtraq: NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator *** --------------------------------------------- http://www.securityfocus.com/archive/1/524191 http://www.securityfocus.com/archive/1/524190 http://www.securityfocus.com/archive/1/524193 http://www.securityfocus.com/archive/1/524192 *** Microsoft will kritische IE-Lücke behelfsmäßig schließen *** --------------------------------------------- Microsoft will im Laufe der nächsten Tage ein Fix-it-Tool anbieten, das die kritische Internet-Explorer-Lücke behelfsmäßig abdichten soll, bis ein passender Patch bereitsteht. Dies gab das Unternehmen in seinem Sicherheitsblog bekannt. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-will-kritische-IE-Luecke-beh… *** Tagungsband zur Fachkonferenz D.A.CH Security 2012 *** --------------------------------------------- Auf der zweitägigen Arbeitskonferenz D.A.CH Security 2012 soll in zahlreichen Vorträgen ein umfassendes Bild des aktuellen Stands rund um IT-Sicherheit gezeichnet werden. Die Referentenbeiträge sind in einem Begleitband zur Tagung zusammengefasst. --------------------------------------------- http://www.heise.de/security/meldung/Tagungsband-zur-Fachkonferenz-D-A-CH-S… *** Pushdo botnets smokescreen traffic hits legitimate websites *** --------------------------------------------- Aargh, capn, the server be like to founder Cybercrooks behind the resilient Pushdo botnet are bombarding legitimate small websites with bogus traffic in order to camouflage requests to the zombie networks command and control servers.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/19/pushdo_spew… *** FreeSWITCH remote denial of service vulnerability *** --------------------------------------------- Topic: FreeSWITCH remote denial of service vulnerability Risk: Medium Text:"FreeSWITCH is a scalable open source cross-platform telephony platform designed to route and interconnect popular communicati... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/LWCK4QkOGzg/WLB-20… *** [webapps] - Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities *** --------------------------------------------- Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/21392 *** New vicious UEFI bootkit vuln found for Windows 8 *** --------------------------------------------- Arr, tis typical: Redmond swabs lag behind OS X, again Security researchers have discovered security shortcomings in Windows 8 that create a means to infect the upcoming operating system with rootkit-style malware.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/19/win8_rootki…

1 0

Tageszusammenfassung - Dienstag 18-09-2012
by Daily end-of-shift report 18 Sep '12

18 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-09-2012 18:00 − Dienstag 18-09-2012 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Finally; Google Chrome will support Do Not Track *** --------------------------------------------- "Google has finally added support for the DNT (Do Not Track) header to their latest developer build of Chrome. The modification is likely to make it into an official release of Googles popular web browser before the end of the year. Do Not Track is a feature that allows users to express a simple yes or no preference about being tracked online...." --------------------------------------------- http://nakedsecurity.sophos.com/2012/09/17/finally-google-chrome-will-suppo… *** ITU will Internet nicht kontrollieren *** --------------------------------------------- Die International Telecommunication Union (ITU) hat nach eigenen Angaben keinen Appetit auf die Kontrolle des Internets. Themen der im Dezember anstehenden World Conference on International Telecommunication (WCIT) seien vielmehr, Mobilfunkroamingkosten zu verringern, gegen den betrügerischen Missbrauch von Rufnummern anzugehen und ein investitionsfreundliches Klima für die Netze zu schaffen. --------------------------------------------- http://www.heise.de/newsticker/meldung/ITU-will-Internet-nicht-kontrolliere… *** Studie: Webentwickler testen zu wenig auf Sicherheitsfehler *** --------------------------------------------- Der Softwarehersteller Coverity berichtet in seinem "Software Security Risk Report", dass nur etwa zwei Fünftel der Unternehmen aus der Webentwicklungsbranche während der Entwicklung testen und mehr als die Hälfte darauf verzichtet, ihren Code vor den Integrationstests auf Fehler und Schwachstellen zu überprüfen. Daher komme es auch deswegen häufiger zu Sicherheitsvorfällen mit Webanwendungen, das verursache außerdem höhere Kosten. --------------------------------------------- http://www.heise.de/newsticker/meldung/Studie-Webentwickler-testen-zu-wenig… *** VNC-Sicherheitslücke: Apple reicht Bugfix für Remote Desktop 3.5.2 nach *** --------------------------------------------- Apple hat in der Nacht zum Dienstag Apple Remote Desktop Admin 3.5.3 online gestellt. Dabei handelt es sich um ein Bugfix-Update für die Fernwartungslösung, das eine problematische Sicherheitslücke behebt: Diese führte im Zusammenhang mit VNC-Servern von Drittanbietern dazu, dass die Funktion "Den gesamten Datenverkehr verschlüsseln" nicht griff. Dabei erfolgte auch keine Warnmeldung. --------------------------------------------- http://www.heise.de/security/meldung/VNC-Sicherheitsluecke-Apple-reicht-Bug… *** How I CRASHED my bank, stole PINs with a touch-tone phone *** --------------------------------------------- Security bods boast harks back to 1980s phreaking era Miscreants can crash or infiltrate banks and help desks touch-tone and voice-controlled phone systems with a single call, a security researcher warns.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/18/dtmf_phone_…

1 0

Tageszusammenfassung - Montag 17-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-09-2012 18:00 − Montag 17-09-2012 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Oracle BTM FlashTunnelService Remote Code Execution *** --------------------------------------------- Topic: Oracle BTM FlashTunnelService Remote Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/26umQooi1WY/WLB-20… *** EFF Challenges Tracking-Services Patent Used to Threaten Cities Across the U.S. *** --------------------------------------------- "San Francisco - The Electronic Frontier Foundation (EFF) is challenging a dangerous patent used to wrongfully demand payment from cities and other municipalities that employ public tracking systems to tell transit passengers if their bus or train is on time. Today, EFF with the help of the Samuelson Law, Technology, and Public Policy Clinic at Berkeley Law, filed a request with the United States Patent and Trademark Office (USPTO), urging reexamination of the legitimacy of the ArrivalStar... --------------------------------------------- https://www.eff.org/press/releases/eff-challenges-tracking-services-patent-… *** Information Commissioner criticises dreamed up EU cookie directive *** --------------------------------------------- "The Information Commissioner Christopher Graham has questioned the effectiveness of the EU cookie directive, suggesting that it was "dreamed up by politicians in Brussels" without the appropriate market research to back it up. Speaking at the launch of a new report called The Data Dialogue by think tank Demos, Graham said that policies around the use of personal data by companies and public sector organisations need to be evidence-based...." --------------------------------------------- http://computerworld.co.nz/news.nsf/news/information-commissioner-criticise… *** Anonymous didnt steal from the FBI after all - new conspiracy theories needed! *** --------------------------------------------- "A techie named David Schuetz at security consultancy Intrepidus Group has done something so obvious, so simple, and so tellingly useful, that Im going to go all out and call it a stroke of genius. A week ago, a person called Anonymous published one-million-and-one stolen Apple device IDs. (Theres always room for numerological whimsy in hacking circles.)This Anonymous person then blamed the FBI - crimes are always someone elses fault if youre a hacker - by claiming that the data was stolen... --------------------------------------------- http://nakedsecurity.sophos.com/2012/09/11/fbi-data-leak-of-apple-udids-cam… *** Vuln: ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability *** --------------------------------------------- ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55530 *** Vuln: Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer Overflow Vulnerability *** --------------------------------------------- Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55551

1 0

Tageszusammenfassung - Freitag 14-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-09-2012 18:00 - Freitag 14-09-2012 18:00 Handler: Stephan Richter *** The Tinba/Tinybanker Malware *** --------------------------------------------- "Trend Micro and CSIS have released a joint white paper about the Tinba information-stealing malware. The paper contains a thorough technical analysis of the malware itself, as well as the architecture of its infrastructure, and its ties to other illegal activities. What is Tinba?..." --------------------------------------------- http://blog.trendmicro.com/?p=44994 *** Blackhole 2: Crimeware kit gets stealthier, Windows 8 support *** --------------------------------------------- Malware-flinging tool to target mobiles too Cybercrooks have unveiled a new version of the Blackhole exploit kit. Version 2 of Blackhole is expressly designed to better avoid security defences. Support for Windows 8 and mobile devices is another key feature, a sign of the changing target platforms for malware-based cyberscams. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/13/blackhole_e… *** Bugtraq: Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities *** --------------------------------------------- Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524157 *** Over half of Android devices have unpatched holes *** --------------------------------------------- Fix is up to your carrier, Google, mobo maker - just about everyone Duo Security is claiming that "over half" of Android devices have unpatched vulnerabilities. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/14/duo_says_an… *** Analyzing Malicious RTF Files Using OfficeMalScanners RTFScan, (Fri, Sep 14th) *** --------------------------------------------- Attackers have been using Rich Text Format (RTF) files to carry exploits targeting vulnerabilities in Microsoft Office and other products. We documented one such incident in June 2009. In a more recent example, the CVE-2012-0158 vulnerability was present in Active X controls within MSCOMCTL.OCX, which could be activated using Microsoft Office and other applications. McAfee described one such exploit, which appeared in the wild in April 2012: In the malicious RTF, a vulnerable OLE... --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14092&rss *** Lücke in SSL-Verschlüsselung kaum ausnutzbar *** --------------------------------------------- Experten haben ein Problem bei der im Web üblichen SSL-Verschlüsselung ausgemacht, das auftritt, wenn der Inhalt zuvor komprimiert wurde. Zum Glück haben die betroffenen Browser-Hersteller bereits reagiert. --------------------------------------------- http://www.heise.de/security/meldung/Luecke-in-SSL-Verschluesselung-kaum-au… *** Vuln: OpenSLP SLPIntersectStringList() Function Denial of Service Vulnerability *** --------------------------------------------- OpenSLP SLPIntersectStringList() Function Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55540 *** [webapps] - Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF *** --------------------------------------------- Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF --------------------------------------------- http://www.exploit-db.com/exploits/21319

1 0

Tageszusammenfassung - Donnerstag 13-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-09-2012 08:00 - Donnerstag 13-09-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** ICS-CERT Monthly Monitor for August 2012 *** --------------------------------------------- "Internet facing medical devices may have a very similar security risk profile to industrial control systems (ICSs). ICSs and medical devices are valuable equipment, often critical to the viability of the system to which they are attached. In each case, lives may depend on the devices functioning correctly...." --------------------------------------------- http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_August_… *** Vuln: OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass Vulnerability *** --------------------------------------------- OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55524 *** Cyber Defence & Network Security Conference - 28-31 Jan, 2013 *** --------------------------------------------- "As a quick background, this is the best-attended cyber defence and network security conference held by Defence IQ - covered by BBC in both 2011 and 2012. This event combines high-level strategic briefings from 26+ senior international military and cyber experts, combined with valuable and intimate networking opportunities with heads of CERT, Systems Security, Military IT, Counter Terrorism, Cyber Crime and Networks professionals...." --------------------------------------------- http://www.cdans.org/redForms.aspx?id=821954&pdf_form=1 *** Security update released for ColdFusion 10 and earlier (APSB12-21) *** --------------------------------------------- Today, a Security Bulletin (APSB12-21) has been posted in regards to a security hotfix for Adobe ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the security bulletin. This posting is provided AS IS with no warranties and confers no rights. --------------------------------------------- http://blogs.adobe.com/psirt/2012/09/security-update-released-for-coldfusio… *** Microsoft disrupts traffic associated with the Nitol botnet, (Thu, Sep 13th) *** --------------------------------------------- There is an interesting article that was just published by Microsofts Digital Crimes Unit. Attackers have been infecting manufacturer supply chains to spread their evil warez. Some unnamed manufacturers have been selling products loaded with counterfeit versions of Windows software embedded with harmful malware. The article goes on to say that the Malware allows criminals to steal a persons personal information to access and abuse their online services, including e-mail, social networking --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14086&rss *** PHP 5.5 soll Passwort-Schlamperei eindaemmen *** --------------------------------------------- http://www.heise.de/security/meldung/PHP-5-5-soll-Passwort-Schlamperei-eind…

1 0

Tageszusammenfassung - Mittwoch 12-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 11-09-2012 18:05 - Mittwoch 12-09-2012 18:00 Handler: Stephan Richter Co-Handler: Christian Wojner *** Bugtraq: ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities *** --------------------------------------------- ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities --------------------------------------------- http://www.securityfocus.com/archive/1/524142 *** Bugtraq: Multiple vulnerabilities in Ezylog photovoltaic management server *** --------------------------------------------- Multiple vulnerabilities in Ezylog photovoltaic management server --------------------------------------------- http://www.securityfocus.com/archive/1/524140 *** Vuln: libguac Remote Buffer Overflow Vulnerability *** --------------------------------------------- libguac Remote Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55497 *** The geography of cybercrime: Western Europe and North America *** --------------------------------------------- "The Internet knows no borders, but according to our data, cybercrime has specific geographical features. In different parts of the world cybercriminals launch different malicious programs, their attacks have different priorities and they use different tricks to make money. This is not just due to their physical location, but also due to the nature of the countries where their potential victims are located...." --------------------------------------------- http://www.securelist.com/en/analysis/204792244/The_geography_of_cybercrime… *** Cosmo, the Hacker God Who Fell to Earth *** --------------------------------------------- "Cosmo is huge 6 foot 7 and 220 pounds the last time he was weighed, at a detention facility in Long Beach, California on June 26. And yet hes getting bigger, because Cosmo also known as Cosmo the God, the social-engineering mastermind who weaseled his way past security systems at Amazon, Apple, AT&T, PayPal, AOL, Netflix, Network Solutions, and Microsoft is just 15 years old. He turns 16 next March, and he may very well do so inside a prison cell...." --------------------------------------------- http://www.wired.com/gadgetlab/2012/09/cosmo-the-god-who-fell-to-earth/ *** Inside your users brains: Where they get security advice *** --------------------------------------------- "IT professionals work hard to become experts in their field. They also work hard protecting the infrastructure and users they're responsible for. Unfortunately, not everyone has access to an IT expert...." --------------------------------------------- http://www.techrepublic.com/blog/security/inside-your-users-brains-where-th… *** Microsoft will Flash-LÃ¼cke im IE10 nun doch schlieÃen *** --------------------------------------------- Nachdem es Kritik hagelte, will Microsoft den in seinem neuen Internet Explorer festintegrierten Flash Player nun doch vor der offiziellen Freigabe von Windows 8 aktualisieren. --------------------------------------------- http://www.heise.de/security/meldung/Microsoft-will-Flash-Luecke-im-IE10-nu… *** Vuln: Dnsmasq Remote Denial of Service Vulnerability *** --------------------------------------------- Dnsmasq Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/54353 *** Cyber security strengthened at EU institutions *** --------------------------------------------- "EU institutions have reinforced their fight against cyber threats by establishing the EUs Computer Emergency Response Team, or CERT-EU, on a permanent basis. This decision follows a successful one-year pilot for the team, which drew positive assessments from clients and peers. Vice-President Maros Sefcovic said: "The EU institutions, like any other major organizations, are frequently the target of information security incidents...." --------------------------------------------- http://www.net-security.org/secworld.php?id=13580 *** Cyber Crime: The QR code: A new frontier in mobile attackability *** --------------------------------------------- A single poisoned link is all it takes to expose an entire organization to a full-scale attack. Hackers write sophisticated browser-based attacks that operate quite stealthily. Now, they're going a... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/OL5fpFtGGvU/article.php *** Visas New End-to-End Encryption Service - P2P Encryption Program Aims to Eliminate POS Card Risks *** --------------------------------------------- "Visas new end-to-end encryption service aims to eliminate payment card data at the merchant level. Eduardo Perez of Visas Risk Group discusses the security value of this emerging solution. Visas Merchant Data Secure with Point-to-Point Encryption solution wont launch until 2013...." --------------------------------------------- http://www.bankinfosecurity.com/interviews/visas-new-end-to-end-encryption-…

1 0

Tageszusammenfassung - Dienstag 11-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 10-09-2012 18:00 - Dienstag 11-09-2012 18:05 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** How to Defeat Zeus - Technology, Education Are Keys to Threat *** --------------------------------------------- "Zeus continues to strike online bank accounts and users, and technology designed to thwart these Trojan attacks continually fails to keep up. Malware expert Andreas Baumhof says to defeat Zeus, financial institutions have to change their approach. Zeus, a financially aimed malware, comes in many different forms and flavors...." --------------------------------------------- http://www.bankinfosecurity.com/how-to-defeat-zeus-a-5097?rf=2012-09-10-eb *** PostgreSQL 9.2 Out with Greatly Improved Scalability *** --------------------------------------------- The PostgreSQL project announced the release of PostgreSQL 9.2 today. The headliner: "With the addition of linear scalability to 64 cores, index-only scans and reductions in CPU power consumption, PostgreSQL 9.2 has significantly improved scalability and developer flexibility for the most demanding workloads. ... Up to 350,000 read queries per second (more than 4X faster) ... Index-only scans for data warehousing queries (2â20X faster) ... Up to 14,000 data writes per second (5X ... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFHKonln9h4/postgresql-92-o… *** E-publisher fesses up: Apple UDIDs were ours *** --------------------------------------------- BlueToad clears FBI of device data collection It seems both Apple and the FBI were telling the truth: the Apple UDIDs published last week didnât come from either organization, with an American e-publisher posting a statement that the data was stolen from its systems. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/10/bluetoad_so… *** Java, Flash, and the Choice of Usability Over Security *** --------------------------------------------- "So I happened to be switching to a new computer two weekends ago. Going into it I was dead set on not installing Flash and Java. And I was all good until @alexhutton posted a link to a video about the Beetles "happy birthday" song and I just had to check it out...." --------------------------------------------- http://www.infosecisland.com/blogview/22381-Java-Flash-and-the-Choice-of-Us… *** Programm für deutsche OWASP-Konferenz steht *** --------------------------------------------- Die fünfte Auflage des German OWASP Day 2012, einer Veranstaltung zur Softwaresicherheit, findet am 7. November 2012 in München statt. Das Programm wurde um einen Mobile Security Track erweitert. --------------------------------------------- http://www.heise.de/security/meldung/Programm-fuer-deutsche-OWASP-Konferenz… *** Apples soon-to-be-slurped securo firm shrugs off crypto warning *** --------------------------------------------- Windows passwords exposure confusion AuthenTec, the security firm thats the target of an $356m acquisition by Apple, has denied reports that possible cryptographic weaknesses in its fingerprint scanner software pose a risk to the security of laptops.â¦ --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/11/fingerprint… *** Anomaly Detection Rules & The Success of Open-Source Rule Testing *** --------------------------------------------- Last November, the VRT established an open-source rule testing group, composed of a number of Snort users from around the planet in industries as diverse as defense contracting and education. To date, we've tested well over a hundred rules with this group, and have had a great deal of useful feedback in the process - which has led to both killing rules that didn't perform as well as expected in the field, and the release of rules that we would have never previously dared to put in public after seeing them function well with the test group. --------------------------------------------- http://vrt-blog.snort.org/2012/09/anomaly-detection-rules-success-of-open.h… *** Initiative-S: Kostenloser Website-Check für kleine Unternehmen *** --------------------------------------------- Der Verband der deutschen Internetwirtschaft eco hat auf den Internet Security Days offiziell das Projekt Initiative-S gestartet. Mit dem Angebot sollen sich besonders kleine und mittelständische Unternehmen dagegen schützen, dass ihre Internetpräsenzen als Trojanerschleuder missbraucht werden. --------------------------------------------- http://www.heise.de/security/meldung/Initiative-S-Kostenloser-Website-Check… *** GoDaddy Outage: RFC for Dummies *** --------------------------------------------- "Yesterday was a black day for GoDaddy. com. During a few hours all they hosting services were interrupted...." --------------------------------------------- http://blog.rootshell.be/2012/09/11/godaddy-outage-rfc-for-dummies/ *** Vuln: RocketTheme RokModule Joomla! Component module Parameter SQL Injection Vulnerability *** --------------------------------------------- RocketTheme RokModule Joomla! Component module Parameter SQL Injection Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55477 *** Bugtraq: [SE-2012-01] Security vulnerabilities in IBM Java *** --------------------------------------------- [SE-2012-01] Security vulnerabilities in IBM Java --------------------------------------------- http://www.securityfocus.com/archive/1/524134 *** Bugtraq: [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods *** --------------------------------------------- [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods --------------------------------------------- http://www.securityfocus.com/archive/1/524137 *** Bugtraq: Wordpress Download Monitor - Download Page Cross-Site Scripting *** --------------------------------------------- Wordpress Download Monitor - Download Page Cross-Site Scripting --------------------------------------------- http://www.securityfocus.com/archive/1/524138

1 0

Tageszusammenfassung - Montag 10-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 07-09-2012 17:56 - Montag 10-09-2012 17:56 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Wordpress 3.4.2 stopft Lücken und korrigiert Fehler *** --------------------------------------------- Die Wordpress-Version 3.4.2 korrigiert rund 20 Fehler in der Weblog-Software und behebt einige Sicherheitsprobleme, die zu einer Ausweitung der Zugriffsrechte führen können. --------------------------------------------- http://www.heise.de/security/meldung/Wordpress-3-4-2-stopft-Luecken-und-kor… *** An update from VirusTotal *** --------------------------------------------- "Our goal is simple: to help keep you safe on the web. And weve worked hard to ensure that the services we offer continually improve. But as a small, resource-constrained company, that can sometimes be challenging...." --------------------------------------------- http://blog.virustotal.com/2012/09/an-update-from-virustotal.html *** Two ICS-CERT Advisories Published Yesterday *** --------------------------------------------- "Yesterday ICS-CERT published advisories for control systems vulnerabilities in two control systems products; one a demonstration product that doesnt really control anything and the other a distributed control system that is used in a wide variety of situations. RealWinDemo AdvisoryThis advisory describes a DLL hijack vulnerability in RealWinDemo and RealWin products from RealFlex; both products are generally used as sales demonstration tools, but RealWin has been used in small automation --------------------------------------------- http://chemical-facility-security-news.blogspot.nl/2012/09/two-ics-cert-adv… *** Adobe confirms Windows 8 users vulnerable to active Flash exploits *** --------------------------------------------- "Microsofts Windows 8 is vulnerable to attack by exploits that hackers have been aiming at PCs for several weeks, Adobe confirmed Friday. Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability." That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale."We will update Flash in Windows 8 via Windows Update as needed," a spokeswoman said in a reply to questions. --------------------------------------------- http://www.computerworld.com/s/article/9231076/Adobe_confirms_Windows_8_use… *** Elderwood hacker gang claims unlimited supply of zero-day bugs - Symantec *** --------------------------------------------- "An elite hacker group targeting defense industry sub-contractors has an inexhaustible supply of zero-days, or vulnerabilities that have yet to be publicised, much less patched, according to Symantec. In a blog post, the security firm said, "The group seemingly has an unlimited supply of zero-day vulnerabilities."Symantec also laid out its analysis of the gang, which it said was behind a slew of attacks dubbed the "Elderwood Project," after a source code variable used --------------------------------------------- http://news.techworld.com/security/3380122/elderwood-hacker-gang-claims-unl…

1 0

Tageszusammenfassung - Freitag 7-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 06-09-2012 18:00 - Freitag 07-09-2012 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Microsoft Security Bulletin Advance Notification for September 2012 *** --------------------------------------------- "This is an advance notification of security bulletins that Microsoft is intending to release on September 11, 2012. This bulletin advance notification will be replaced with the September bulletin summary on September 11, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...." --------------------------------------------- http://technet.microsoft.com/en-us/security/bulletin/ms12-sep *** Bugtraq: [security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Web Session Hijacking *** --------------------------------------------- [security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Web Session Hijacking --------------------------------------------- http://www.securityfocus.com/archive/1/524119 *** Flash-Lücke im Internet Explorer 10 *** --------------------------------------------- Die mit Windows 8 ausgelieferte Flash-Version ist von einer Sicherheitslücke betroffen, die in Verbindung mit dem Internet Explorer 10 auftritt. Der entsprechende Patch von Adobe kann nicht auf den neuen Internet Explorer angewandt werden. --------------------------------------------- http://futurezone.at/produkte/11190-flash-luecke-im-internet-explorer-10.ph… *** ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow *** --------------------------------------------- Topic: ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/uDV-PB41E8E/WLB-20… *** N24 Dokumentation *** --------------------------------------------- Wenn das Web zur Waffe wird Mit der Weiterentwicklung der Technik von Computern und des Internets werden auch immer neue Angriffsmöglichkeiten für virtuelle Kriminelle geschaffen. Die Zeiten, in denen Computerviren lediglich Spam verursachten, sind vorbei. Die Doku zeigt, welch folgenschwere Schäden durch Cyber-Attacken in der modernen Welt verursacht werden können: --------------------------------------------- http://www.n24.de/mediathek/cyber-war-wenn-das-web-zur-waffe-wird_1552737.h… *** Vuln: Webmin Multiple Input Validation Vulnerabilities *** --------------------------------------------- Webmin Multiple Input Validation Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55446 *** SSL BEASTie boys develop follow-up CRIME web attack *** --------------------------------------------- Ill Communication The security researchers who developed the infamous BEAST attack that broke SSL/TLS encryption are cooking up a new assault on the same crucial protocols. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/07/https_sesh_… *** [remote] - SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow *** --------------------------------------------- SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow --------------------------------------------- http://www.exploit-db.com/exploits/21034 *** US-CERT Alert TA12-251A - Microsoft Update For Minimum Certificate Key Length *** --------------------------------------------- FOR IMMEDIATE PUBLIC RELEASE National Cyber Awareness System US-CERT Alert TA12-251A Microsoft Update For Minimum Certificate Key Length Original release date: September 07, 2012 --------------------------------------------- http://www.us-cert.gov/cas/techalerts/TA12-251A.html

1 0

Tageszusammenfassung - Donnerstag 6-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 05-09-2012 18:00 - Donnerstag 06-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Umfrage: Viele Sysadmins beschäftigen sich nicht mit IT-Sicherheitsmanagement *** --------------------------------------------- Rund 1500 Administratoren haben zum Tag des Systemadministrators unter Love Your Admin eine Umfrage der Firma Synetics ausgefüllt, die sich auf Software zur Dokumentation von Administrationsaufgaben spezialisiert hat. --------------------------------------------- http://www.heise.de/newsticker/meldung/Umfrage-Viele-Sysadmins-beschaeftige… *** Watch this - the funniest spam video youll ever see [VIDEO] *** --------------------------------------------- "We all want our friends and family to learn more about how better to secure their computers. But the eternal challenge is how can we make the advice interesting and engaging for a non-techie audience, and not make the mistake of endlessly droning on using buzzwords they are unlikely to understand. The video below about spam - made by the folks at "Glove and Boots" - manages to make what could be a tremendously dry topic, funny and informative instead...." --------------------------------------------- http://nakedsecurity.sophos.com/2012/09/05/funniest-spam-video/ *** Bugtraq: Cross-Site Scripting (XSS) in Kayako Fusion *** --------------------------------------------- Cross-Site Scripting (XSS) in Kayako Fusion --------------------------------------------- http://www.securityfocus.com/archive/1/524108 *** Vuln: CoDeSys Access Security Bypass Vulnerability *** --------------------------------------------- CoDeSys Access Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/52942 *** Vuln: WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability *** --------------------------------------------- WAGO IPC 758-870 Hardcoded Password Security Bypass Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/52940 *** Bugtraq: APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 *** --------------------------------------------- APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 --------------------------------------------- http://www.securityfocus.com/archive/1/524112 *** Online bank punters tricked into approving theft of their OWN CASH *** --------------------------------------------- Man-in-browser Trojan attack discovered Security researchers have discovered a malware-based attack against the chipTAN system used by bank customers in Germany to authorise transactions online. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/06/german_chip… *** Vuln: HP SiteScope UploadFilesHandler Directory Traversal Vulnerability *** --------------------------------------------- HP SiteScope UploadFilesHandler Directory Traversal Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55273 *** Vuln: HP SiteScope Multiple Security Bypass Vulnerabilities *** --------------------------------------------- HP SiteScope Multiple Security Bypass Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55269 *** Java 7 Attack Vectors, Oh My! *** --------------------------------------------- "While researching how to successfully mitigate the recent Java 7 vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will Dormann") found quite a mess. In the midst of discussion about exploit activity and the out-of-cycle update from Oracle, Id like to call attention to a couple other important points. First, theres the question of the defensive value of the Java 7u7 update (and patching in general)...." --------------------------------------------- http://www.cert.org/blogs/certcc/2012/09/java_7_attack_vectors_oh_my.html

1 0

Tageszusammenfassung - Mittwoch 5-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-09-2012 18:00 - Mittwoch 05-09-2012 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl *** Bugtraq: Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow *** --------------------------------------------- Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow --------------------------------------------- http://www.securityfocus.com/archive/1/524090 *** Widely used fingerprint reader exposes Windows passwords in seconds *** --------------------------------------------- "Fingerprint-reading software preinstalled on laptops sold by Dell, Sony, and at least 14 other PC makers contains a serious weakness that makes it trivial for hackers with physical control of the machine to quickly recover account passwords, security researchers said. The UPEK Protector Suite, which was acquired by Melbourne, Florida-based Authentec two years ago, is marketed as a secure means for logging into Windows computers using an owners unique fingerprint, rather than a --------------------------------------------- http://news.hitb.org/content/widely-used-fingerprint-reader-exposes-windows… *** Anonymous Project Mayhem 2012 - December 21st 2012. *** --------------------------------------------- "You are Anonymous. You are Project Mayhem 2012 . On the 10 days that go from 12-12-2012 to 12-21-2012, the world will see an unprecedented amount of Corporate, Financial, Military and State leaks that will have been secretly gathered by millions of CONSCIENTIOUS citizens, vigilantes, whistle blowers and initiates. THE GLOBAL ECONOMIC SYSTEM WILL START THE FINAL FINANCIAL MELTDOWNFOR *TRUST* IN FEAR BASED MONEY WILL BE FINALLY BROKENPEOPLE ALL OVER THE WORLD, OUT OF FEAR TO GO BANKRUPT, --------------------------------------------- http://www.youtube.com/watch?v=bqo1hDrj8eY *** FBI says Apple ID heist claim is TOTALLY FALSE *** --------------------------------------------- 'Not our data' Popcorn time Hot on the heels of AntiSec's claim that the purloined Apple device IDs it dumped to Pastebin came from the FBI, the G-men have flatly denied the story. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/09/04/feds_deny_a… *** Secret account in mission-critical router opens power plants to tampering *** --------------------------------------------- "The branch of the US Department of Homeland Security that oversees critical infrastructure has warned power utilities, railroad operators, and other large industrial players of a weakness in a widely used router that leaves them open to tampering by untrusted employees. The line of mission-critical routers manufactured by Fremont, California-based GarrettCom contains an undocumented account with a default password that gives unprivileged users access to advanced options and features, --------------------------------------------- http://arstechnica.com/security/2012/09/secret-account-in-mission-critical-… *** HP stellt sich erneut an den Security-Pranger *** --------------------------------------------- Die Zero Day Initiative (ZDI) hat erneut Informationen Ã¼ber ungepatchte Sicherheitslücken in HP-Produkten veröffentlicht --------------------------------------------- http://www.heise.de/security/meldung/HP-stellt-sich-erneut-an-den-Security-… *** Is Java now too dangerous to use? *** --------------------------------------------- "Java, the great enabler of useful applications or a waste of space that is doing more harm than good? After the last few weeks this has become a question worthy of a philosophy lecture. First in late August came news of two serious zero day Java vulnerabilities (CVE-2012-4681), with plenty of evidence that criminals were exploiting them in a big enough way to pose serious questions over Javas continued use...." --------------------------------------------- http://features.techworld.com/security/3379294/is-java-now-too-dangerous-us…

1 0

Tageszusammenfassung - Dienstag 4-09-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-09-2012 18:00 - Dienstag 04-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Google-Sicherheitswarnung entpuppt sich als Trojaner *** --------------------------------------------- http://www.heise.de/security/meldung/Google-Sicherheitswarnung-entpuppt-sic… *** Xen-Based Secure OS Qubes Hits 1.0 *** --------------------------------------------- Orome1 writes "Joanna Rutkowska, CEO of Invisible Things Lab, today released version 1.0 of Qubes, a stable and reasonably secure desktop OS. It is the most secure option among the existing desktop operating systems - even more secure than Apples iOS, which puts each application into its own sandbox and does not count on the user to make security decisions. Qubes will offer users the option of using disposable virtual machines for executing tasks they believe could harm their --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QFOuSOQL9zE/xen-based-secur… *** Exposed Terminal Services Remains High Frequency Threat *** --------------------------------------------- "Quickly reviewing the HITME data gathered from our global deployment of HoneyPoint continues to show that exposed Terminal Services (RDP) on port 3389 remains a high frequency threat. In terms of general contact with the attack surface of an exposed Terminal Server connection, direct probes and attacker interaction is seen on an average approximately two times per hour. Given that metric, an organization who is using exposed Terminal Services for remote access or management/support, may --------------------------------------------- http://www.infosecisland.com/blogview/22273-Exposed-Terminal-Services-Remai… *** Is it time to knock infected PCs off the internet? *** --------------------------------------------- "Malware could block your access to the internet but in some cases by those on the right side of the security fence, who are deploying tactics such as blocked ports, letters in the mail and PCs quarantined from the net to combat the most damaging threats. Last year, authorities led by the FBI arrested the criminals behind the DNSCharger operation, taking over their servers. The malware changed victims DNS settings, and unplugging the servers would have cut off the four million infected PCs --------------------------------------------- http://www.pcpro.co.uk/news/security/376696/is-it-time-to-knock-infected-pc… *** Hack - AntiSec knackt FBI-Laptop - und "findet" 12 Mio. Apple-Datensätze *** --------------------------------------------- Samt Username, Telefonnummer und Adresse - 1 Million UDIDs als Beweis veröffentlicht - Ãber Java-LÃ¼cke --------------------------------------------- http://text.derstandard.at/1345166057287/AntiSec-knackt-FBI-Laptop---findet… *** Browser plug-in and website warn about data harvesting by Facebook apps *** --------------------------------------------- "Secure. me has developed a website and a browser plug-in designed to make Facebook users aware of the personal information that gets harvested by third-party applications. The App Advisor Security Network website has profiles on more than 500,000 third-party Facebook applications that describe the user data they collect, what actions they can take and whether they are considered unsafe...." --------------------------------------------- http://news.techworld.com/security/3379011/browser-plug-in-website-warn-abo… *** IFA 2012 - Samsung erpresst Blogger und schlittert in PR-Debakel *** --------------------------------------------- Nokia springt ein und wird Retter in der Not --------------------------------------------- http://derstandard.at/1345166104259/Samsung-erpresst-Blogger-und-schlittert… *** [webapps] - Splunk <= 4.3.3 Arbitrary File Read *** --------------------------------------------- Splunk <= 4.3.3 Arbitrary File Read --------------------------------------------- http://www.exploit-db.com/exploits/21053 *** [webapps] - Group Office Calendar (calendar/json.php) SQL Injection *** --------------------------------------------- Group Office Calendar (calendar/json.php) SQL Injection --------------------------------------------- http://www.exploit-db.com/exploits/21056

1 0

Tageszusammenfassung - Montag 3. 9. 2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-08-2012 18:00 - Montag 03-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities *** --------------------------------------------- TYPO3 Core TYPO3-CORE-SA-2012-004 Multiple Remote Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/55052 *** Here we go again: Critical flaw found in just-patched Java *** --------------------------------------------- Emergency fix rushed out half-baked Security Explorations, the Polish security startup that discovered the Java SE 7 vulnerabilities that have been the targets of recent web-based exploits, has spotted a new flaw that affects the patched version of Java released this Thursday.â¦ --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/08/31/critical_fl… *** Security update released for Adobe Photoshop CS6 (APSB12-20) *** --------------------------------------------- Today, a Security Bulletin (APSB12-20) has been posted in regards to a security update for Adobe Photoshop CS6 (13.0) for Windows and Macintosh. Adobe recommends that users apply the update for their product installation. This posting is provided âAS ISâ with no warranties and confers no rights. --------------------------------------------- http://blogs.adobe.com/psirt/2012/08/security-update-released-for-adobe-pho… *** Vuln: unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer Overflow Vulnerabilities *** --------------------------------------------- unixODBC SQLDriverConnect() FILEDSN and DRIVER Options Buffer Overflow Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/53712 *** Vuln: Rugged Operating System Private Key Disclosure Vulnerability *** --------------------------------------------- Rugged Operating System Private Key Disclosure Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55123 *** Hackerszene trojanisiert Fernwartungswerkzeug *** --------------------------------------------- http://www.heise.de/security/meldung/Hackerszene-trojanisiert-Fernwartungsw… *** 30 new top cyber security advisors appointed to the EU Agency ENISAs Permanent Stakeholders Group *** --------------------------------------------- "A new composition of 30 top IT-security experts have started their term of office as members of ENISAs Permanent Stakeholders Group (PSG). The PSG will give top IT security advice to the EUs cyber security Agency ENISA, the European Network and Information Security Agency. The PSG is a group of leading IT-security experts that gives advice to the Agencys Executive Director in, for example, drawing up a proposal for the Agencys annual Work Programme...." --------------------------------------------- http://www.cisionwire.com/enisa---european-network-and-information-security… *** [webapps] - SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities *** --------------------------------------------- SugarCRM Community Edition 6.5.2 (Build 8410) Multiple Vulnerabilities --------------------------------------------- http://www.exploit-db.com/exploits/20981 *** American Express doesnt take security seriously *** --------------------------------------------- "We've already established that when it comes to security, passwords alone are not a very good choice. Sure, they're better than nothing, but with most people picking insecure passwords and companies saving them in unencrypted formats, there are better solutions out there. American Express takes insecure passwords and makes them even more insecure...." --------------------------------------------- http://www.neowin.net/news/american-express-doesnt-take-security-seriously? *** ICS-CERT - New JSAR, Advisory and Updated Alert *** --------------------------------------------- "Still getting caught up after Isaac; while ICS-CERT hasnt been real busy they havent waited for me either. So here is a quick look at a new Joint Security Awareness Report (JSAR), a new privilege escalation advisory and an update on a Siemens related alert. ICS-CERT and US-CERT published a JSAR on Wednesday for the information-stealing malware W32...." --------------------------------------------- http://chemical-facility-security-news.blogspot.nl/2012/09/ics-cert-new-jsa… *** Russia unveils own Android-like, hack-proof mobile operating system *** --------------------------------------------- "It seems that Russias defence ministry has little faith in Googles operating systems: it has just unveiled its own encrypted version that has the remarkably familiar feel of an Android. Russias very first smart prototype was presented on the sidelines of a Berlin electronics show this week to deputy prime minister Dmitry Rogozin -- an avowed nationalist who oversees the militarys technological innovation. A slimmed down version of the operating system in computer tablet form is actually --------------------------------------------- http://timesofindia.indiatimes.com/tech/news/software-services/Russia-unvei… *** [papers] - Shellcoding in Linux *** --------------------------------------------- Shellcoding in Linux --------------------------------------------- http://www.exploit-db.com/download_pdf/21013 *** Hit by dubious claims, RBI junks ATM cash retraction *** --------------------------------------------- "The banks have done away with the cash retraction system in ATMs. The system, which enabled the machine to take back the currency if it is not removed within a certain time, was withdrawn last week after the Reserve Bank of India (RBI) agreed to National Payments Corporation of Indias proposal for removing the feature from all ATMs to deal with the increasing number of fraudulent claims about non-receipt of cash. Banks have posted messages on their websites that the system has been --------------------------------------------- http://economictimes.indiatimes.com/news/news-by-industry/banking/finance/b… *** VMware sichert Serverprodukte ab *** --------------------------------------------- http://www.heise.de/security/meldung/VMware-sichert-Serverprodukte-ab-16979…

1 0

Tageszusammenfassung - Freitag 31-08-2012
by Otmar Lendl 17 Sep '12

17 Sep '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-08-2012 18:14 - Freitag 31-08-2012 18:14 Handler: Stephan Richter Co-Handler: Christian Wojner *** Is the death knell sounding for traditional antivirus? *** --------------------------------------------- "Antivirus developers need to run malcode in their labs in order to create malware-identifying signatures. What happens if they cant? Developers of traditional antivirus depend on:The ability to run malware in their labs...." --------------------------------------------- http://www.techrepublic.com/blog/security/is-the-death-knell-sounding-for-t… *** Joomla com_weblinks SQL Vulnerability *** --------------------------------------------- Topic: Joomla com_weblinks SQL Vulnerability Risk: Medium Text: ## # # Exploit Title : Joomla Com_Weblinks Sql Vulnerability # # Author : IrIsT.Ir # # Discovered By : N... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/E7Kh6tyN_0k/WLB-20… *** ReIssued Red Alert - Dorifel Decrypter v1.5 released. Supports new Dorifel variant found in Canada, new RC4 key etc. *** --------------------------------------------- "In the beginning of August 2012, Dutch government, public sector and networks of private companies are hit hard by a new wave of crypto malware named Trojan-Ransom. Win32. Dorifel...." --------------------------------------------- http://www.surfright.nl/en/support/dorifel-decrypter *** Bugtraq: Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing *** --------------------------------------------- Seeker Adv MS-06 - .Net Cross Site Scripting - Request Validation Bypassing --------------------------------------------- http://www.securityfocus.com/archive/1/524043 *** Phishing without a webpage - researcher reveals how a link *itself* can be malicious *** --------------------------------------------- "The need for a reliable place to host your malicious website has been the bane of phishers for much of the last decade. But, no longer. A researcher at the University of Oslo in Norway says that page-less phishing and other untraceable attacks may be possible, using a tried and true internet communications standard: the uniform resource identifier, or URI...." --------------------------------------------- http://nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-resea… *** News, Technologies and Techniques: Virus on virus â set a thief to catch a thief *** --------------------------------------------- The old debate on whether it would be ethical to use viruses to detect and even clean other viruses has largely been won by the law of unintended consequences: its simply too dangerous. But that doesnât mean it doesnât happen accidentally... --------------------------------------------- http://www.infosecurity-magazine.com/view/27901/virus-on-virus-set-a-thief-…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily