Daily

daily@lists.cert.at

1 participants
3083 discussions

Tageszusammenfassung - Donnerstag 3-01-2013
by Daily end-of-shift report 03 Jan '13

03 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 02-01-2013 18:00 − Donnerstag 03-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan *** BSI warnt vor Sicherheitslücke im VLC Media Player *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik rät Nutzern der populären quelloffenen Videoabspielsoftware, auf die aktuelle Version 2.0.5 umzusteigen. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27218c1d/l/0L0Sheise0Bde0Cmel… *** Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack *** --------------------------------------------- "This weeks watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturers website has been serving malware related to the attack since September. Researcher Eric Romang said that Capstone Turbine Corp., which builds power generation equipment for utilities, has been infected with malware exploiting CVE 2012-4969 for four months and the latest IE --------------------------------------------- http://threatpost.com/en_us/blogs/energy-manufacturer-also-victimized-ie-ze… *** 6 Big cyber security predictions for 2013 *** --------------------------------------------- "If there is any weakness in security, you can guarantee the criminals will try to exploit it. And if a cyber criminal discovers a weakness in one community, it wont be long before that isolated crime turns into a trend. The commercialization of malware is rapidly becoming a well-organized and highly lucrative business...." --------------------------------------------- http://venturebeat.com/2013/01/02/6-big-cyber-security-predictions-for-2013/ *** Malware SNEAK dons cunning disguise, opens creaky back door to servers *** --------------------------------------------- Java-based exploit targets web-hosting servers A malicious backdoor designed to infect web servers poses a severe threat, Trend Micro warns. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2013/01/03/web_server_… *** A New Way of Detecting Cybersecurity Attacks *** --------------------------------------------- "Rajeev Bhargava is an acknowledged pioneer in the networking and software industry, and CEO of Toronto-based Decision Zone Inc. His career spans more than 30 years within the engineering and IT industry, and he has been closely associated with many of its major developments. Rajeev has advised many of North Americas largest organizations within the telecom, financial, high tech, military, retail, aerospace and government industries. He is the inventor of an anomaly detection solution used --------------------------------------------- http://www.digitalcommunities.com/articles/A-New-Way-of-Detecting-Cyber-Sec… *** Lücke in Ruby on Rails erlaubt SQL-Injections *** --------------------------------------------- Alle aktuellen Versionen des Fameworks Ruby on Rails sind von einer Sicherheitslücke betroffen, die das Einschleusen von beliebigem SQL-Code ermöglicht. Nutzer sollten ihre Software möglichst schnell aktualisieren. --------------------------------------------- http://www.heise.de/meldung/Luecke-in-Ruby-on-Rails-erlaubt-SQL-Injections-… *** Virenverseuchte Dia-Scanner bei Tchibo verkauft *** --------------------------------------------- Der Kaffeeröster Tchibo hat in der Vorweihnachtszeit des vergangenen Jahres einen virenverseuchten Dia-Scanner verkauft. Das Gerät wurde ab dem 11. Dezember 2012 für 60 Euro über die Filialen und den Tchibo-Onlineshop angeboten. --------------------------------------------- http://www.heise.de/meldung/Virenverseuchte-Dia-Scanner-bei-Tchibo-verkauft… *** Invasion of the Botnets *** --------------------------------------------- "Millions and millions of PCs have been silently infiltrated with bot malware, creating massive bot armies, poised to steal and inflict maximum damage when triggered by their Bot Commander. There are several botnets each comprising millions of compromised PCs, such as Zeus, Conficker, Mariposa, ZeroAccess and BredoLab, waiting for the next command from their Bot Commander, so that they can spring into action and obediently carry out their strike orders like a well-disciplined and --------------------------------------------- http://dwaterson.com/2013/01/02/invasion-of-the-botnets/ *** Cloud security to be most disruptive technology of 2013 *** --------------------------------------------- "The Security for Business Innovation Council, comprised of IT security professionals from 19 companies worldwide, called cloud computing the main disruptive force for 2013. In its report, "Information Security Shake-Up," the group said it was evident many organizations are preparing to move more business processes to the cloud. This year, it will even be "mission-critical apps and regulated data" consigned to the cloud...." --------------------------------------------- http://www.networkworld.com/news/2013/010313-cloud-security-265437.html *** Facebook-Lücke erlaubte unbemerkte Webcam-Aufnahmen *** --------------------------------------------- Rund vier Monate nachdem zwei Sicherheitsforscher eine Schwachstelle in Facebooks Video-Upload-Funktion meldeten, soll de Lücke geschlossen worden sein. Die Entdecker sind überrascht über die Höhe der von Facebook gezahlten Belohnung. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/2729d37e/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 2-01-2013
by Daily end-of-shift report 02 Jan '13

02 Jan '13

======================= = End-of-Shift report = ======================= Timeframe: Freitag 28-12-2012 18:00 − Mittwoch 02-01-2013 18:00 Handler: Matthias Fraidl Co-Handler: Stephan Richter *** Microsoft Warns of New Gaming Malware *** --------------------------------------------- "According to a recent report by Marianne Mallen of the Microsoft Malware Protection Center (MMPC), Microsoft researchers recently came across three new Trojans that specifically target Korean gamers."According to the ... MMPC, whoever is responsible for these pieces of malware is attempting to pilfer user login credentials, credit card information that is used to pay for in-game money and assorted upgrades, Korean ID numbers (a sort of Korean-variety Social Security number often --------------------------------------------- http://www.esecurityplanet.com/malware/microsoft-warns-of-new-gaming-malwar… *** Microsoft - Windows XP wird zum Sicherheitsrisiko *** --------------------------------------------- Die Zeitschrift ct warnt: "Ab 2014 kann man einen XP-Rechner nur noch in völliger Isolation betreiben" --------------------------------------------- http://text.derstandard.at/1356426331198/Windows-XP-wird-zum-Sicherheitsris… *** 29C3 - erfolgreicher Angriff auf verschlüsselnde Festplatten *** --------------------------------------------- Auch bei automatisch verschlüsselnden Festplatten (Self-Encrypting Drives, SED) können Angreifer die Daten mit wenigen Handgriffen auslesen: Der Informatiker Tilo Müller demonstrierte am Freitag auf dem 29. Hacker-Kongress des Chaos Computer Clubs (29C3) in Hamburg, wie sich die Hardware-Verschlüsselung von Desktop-Computern oder Laptops angreifen lässt. --------------------------------------------- http://www.heise.de/meldung/29C3-erfolgreicher-Angriff-auf-verschluesselnde… *** Windows 8 Will Be Harder to Hack - Security Expert *** --------------------------------------------- "Windows 8 has already been attacked by hackers who wanted to activate the operating system at no cost, but theres no doubt its one of the most secure Windows iterations released so far. And Microsoft uses this argument to promote Windows 8 with every single occasion, while security companies across the globe confirm that its harder to attack the new OS. McAfee said in its 2013 predictions report that Windows 8 may become hackers next big target, but Rapid7 CISO and Metasploit founder HD... --------------------------------------------- http://news.softpedia.com/news/Windows-8-Will-Be-Harder-to-Hack-Security-Ex… *** Bugtraq: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption *** --------------------------------------------- GnuPG 1.4.12 and lower - memory access errors and keyring database corruption --------------------------------------------- http://www.securityfocus.com/archive/1/525167 *** Worst email scams of 2012 *** --------------------------------------------- "The scammers have continued to flood us with dodgy emails this year. Here are some of the worst ones weve spotted. Identity fraud and theft continues to be a big issue in the UK...." --------------------------------------------- http://www.lovemoney.com/news/scams-and-rip-offs/scams/18904/worst-email-sc… *** Provisorischer Fix für kritische Lücke im Internet Explorer *** --------------------------------------------- Im Internet Explorer bis einschließlich Version 8 klafft eine kritische Sicherheitslücke. Microsoft hat nun ein Fix-It-Tool herausgegeben, mit dem sich Nutzer der betroffenen IE-Versionen schützen können, bis ein Patch fertig ist. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/27194e91/l/0L0Sheise0Bde0Cmel… *** Piraterie - Gecrackte Apps: Neue Dienste kapern iOS auch ohne Jailbreak *** --------------------------------------------- Nachfolger von Installous könnten wesentlich mehr User erreichen --------------------------------------------- http://derstandard.at/1356426557392/Gecrackte-Apps-Neue-Dienste-kapern-iOS-…

1 0

Tageszusammenfassung - Freitag 28-12-2012
by Daily end-of-shift report 28 Dec '12

28 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 27-12-2012 18:00 − Freitag 28-12-2012 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** ICS-CERT Closes-out Two Alerts *** --------------------------------------------- "Today the folks at DHS ICS-CERT published two advisories for different systems that were based upon uncoordinated disclosures reported earlier by ICS-CERT. Actually ICS-CERT only notes that one is based upon an earlier alert, but records show that both were. The affected systems are from RuggecCom and Carlo Gavazzi Automation...." --------------------------------------------- http://chemical-facility-security-news.blogspot.nl/2012/12/ics-cert-closes-… *** RealPlayer RealMedia File Handling Buffer Overflow *** --------------------------------------------- Topic: RealPlayer RealMedia File Handling Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bi_N1sR5TgU/WLB-20… *** Joomla bch and Content Shell Upload *** --------------------------------------------- Topic: Joomla bch and Content Shell Upload Risk: High Text: [ Joomla com_content Shell Upload Vulnerability] [x] Author : Agd_Scorp [x] Home : www.turkguvenligi.info ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/vUggqlfFDmw/WLB-20… *** Vuln: Real Networks RealPlayer Multiple Security Vulnerabilities *** --------------------------------------------- Real Networks RealPlayer Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56956 Next End-of-Shift report on 2013-01-02

1 0

Tageszusammenfassung - Donnerstag 27-12-2012
by Daily end-of-shift report 27 Dec '12

27 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 21-12-2012 18:00 − Donnerstag 27-12-2012 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Vuln: Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability *** --------------------------------------------- Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/55465 *** Java 7 update offers more security options *** --------------------------------------------- "A recent Java 7 update (Update 10) has added more security options that will appeal to security conscious users and businesses. A new option under the Java control panel, for example, allows users to disable Java applications from running inside their browsers by clearing the "enable Java content in the browser" checkbox. The plethora of security attacks that exploit flaws in the Java platform means that disallowing Java from browsers has long been recommended by security... --------------------------------------------- http://www.fiercecio.com/techwatch/story/java-7-update-offers-more-security… *** India Developing Its Own Secure Operating System *** --------------------------------------------- "According to The Times of India, 150 engineers from all across the country have already been working on the project for over one year and a half, but it will take another three before the operating systems can be rolled out. The director general of the DRDO has explained that India needs its own operating system to strengthen cyber security. He has emphasized that the current operating systems used in India, regardless whether theyre Windows or Linux-based, contain numerous security... --------------------------------------------- http://news.softpedia.com/news/India-Developing-Its-Own-Secure-Operating-Sy… *** Vuln: WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability *** --------------------------------------------- WordPress Multiple CMSMasters Themes upload.php Arbitrary File Upload Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56988 *** Hook Analyser Malware Tool 2.2 *** --------------------------------------------- "Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes: The UI and modules of the project have been re-written...." --------------------------------------------- http://packetstormsecurity.org/files/119087 *** PHP-CGI Argument Injection Remote Code Execution *** --------------------------------------------- Topic: PHP-CGI Argument Injection Remote Code Execution Risk: High Text:#!/usr/bin/python import requests import sys print """ CVE-2012-1823 PHP-CGI Arguement Injection Remote Code Execution T... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/HMIGwX9uCpo/WLB-20… *** [remote] - IBM Lotus Notes Client URL Handler Command Injection *** --------------------------------------------- IBM Lotus Notes Client URL Handler Command Injection --------------------------------------------- http://www.exploit-db.com/exploits/23650 *** [remote] - Microsoft SQL Server Database Link Crawling Command Execution *** --------------------------------------------- Microsoft SQL Server Database Link Crawling Command Execution --------------------------------------------- http://www.exploit-db.com/exploits/23649 *** NVidia Display Driver Service (nvvsvc.exe) Exploit *** --------------------------------------------- Topic: NVidia Display Driver Service (nvvsvc.exe) Exploit Risk: High Text:/* NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012 - Bypass DEP + ASLR + /GS + CoE = (@... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/RWnidJO9giU/WLB-20…

1 0

Tageszusammenfassung - Freitag 21-12-2012
by Daily end-of-shift report 21 Dec '12

21 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 20-12-2012 18:00 − Freitag 21-12-2012 18:00 Handler: Stephan Richter Co-Handler: L. Aaron Kaplan *** WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout *** --------------------------------------------- Topic: WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Risk: Low Text:*Summary = WordPress 3.4.2 fails to invalidate a user's sessions upon logout. WordPress was originally notified of... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/m7FLRoPAp58/WLB-20… *** HPSBUX02835 SSRT100763 rev.1 - HP-UX Running BIND, Remote Domain Name Revalidation *** --------------------------------------------- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03577598 *** Vuln: Squid cachemgr.cgi Remote Denial of Service Vulnerability *** --------------------------------------------- Squid cachemgr.cgi Remote Denial of Service Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56957 *** QNAP-NAS anfällig für cross-site-scripting (XSS) *** --------------------------------------------- Twitter-User @rootdial ist aufgefallen, dass in manchen Web-Anwendungen des QNAP-NAS nicht richtig geprüft wird, was übergeben wird. So ist z.B. die Photostation und die TVStation anfällig für XSS. --------------------------------------------- http://sdcybercom.wordpress.com/ *** CA20121220-01: Security Notice for CA IdentityMinder *** --------------------------------------------- CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. --------------------------------------------- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B… *** VMWare posts some updates, (Fri, Dec 21st) *** --------------------------------------------- Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that).... .... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch! -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14740&rss Next End-of-Shift report on 2012-12-27

1 0

Tageszusammenfassung - Donnerstag 20-12-2012
by Daily end-of-shift report 20 Dec '12

20 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 19-12-2012 18:00 − Donnerstag 20-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Sweet Orange Exploit Kit Offers Customers Higher Infection Rates *** --------------------------------------------- "The newly emerging Sweet Orange Exploit Kit boasts a 10 to 25 percent infection rate and is promising to drive 150,000 unique visitors per day to the websites of its customers, according to Jeff Doty and Chris Larsen of Blue Coat Security. If the claims of Sweet Oranges authors reflect reality, it means that users of the kit can expect to add anywhere between 15,000 and 37,500 machines to their botnet per day. Sweet Orange has 45 dedicated IP addresses and 267 unique domains, which Doty... --------------------------------------------- http://threatpost.com/en_us/blogs/sweet-orange-exploit-kit-offers-customers… *** MyBB MyYoutube Cross Site Scripting *** --------------------------------------------- Topic: MyBB MyYoutube Cross Site Scripting Risk: Low Text:# Exploit Title: MyYoutube MyBB Stored XSS # Date: 17.12.2012 # Exploit Author: limb0 # Vendor Homepage: http://www.mybb-es.... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/C8aZDfreDmo/WLB-20… *** MyBB Xbox Live ID Cross Site Scripting *** --------------------------------------------- Topic: MyBB Xbox Live ID Cross Site Scripting Risk: Low Text:# Exploit Title: Xbox Live ID MyBB Plugin Stored XSS # Date: 13/12/2012 # Exploit Author: limb0 # Vendor Homepage: http://ww... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/qUghUFk2MwE/WLB-20… *** Vuln: Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities *** --------------------------------------------- Cerberus FTP Server Web Admin Multiple HTML-Injection Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56906 *** Bugtraq: EMC Avamar: World writable cache files *** --------------------------------------------- EMC Avamar: World writable cache files --------------------------------------------- http://www.securityfocus.com/archive/1/525095 *** Apache plug-in doles out Zeus attack *** --------------------------------------------- Points victims to Sweet Orange exploit server, slurps banking credentials Anti-virus outfit Eset has discovered a malicious Apache module in the wild that serves up malware designed to steal banking credentials. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/apache_dang… *** SurgeFTP Remote Command Execution *** --------------------------------------------- Topic: SurgeFTP Remote Command Execution Risk: High Text:require msf/core class Metasploit3 --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/iwcAssIZcxo/WLB-20… *** Drupal Core 6.x & 7.x Access Bypass & Code Execution *** --------------------------------------------- Topic: Drupal Core 6.x & 7.x Access Bypass & Code Execution Risk: High Text:View online: http://drupal.org/SA-CORE-2012-004 * Advisory ID: DRUPAL-SA-CORE-2012-004 * Project: Drupal core [1] * ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/bLFpBaVeTdc/WLB-20… *** ENISA on Smart Grids: a Risk-Based Approach Is Key to Secure Implementation *** --------------------------------------------- "The European Network and Information Security Agency (ENISA) has released a new report to help smart grid providers properly secure their infrastructures against cyberattacks. The European Union hopes to achieve a 20% increase in renewable energy, a 20% reduction in CO2 emissions, and a 20% increase in energy efficiency by 2020. Smart grids can help a lot in achieving these goals, but they must be rolled out in a secure way...." --------------------------------------------- http://news.softpedia.com/news/ENISA-on-Smart-Grids-a-Risk-Based-Approach-I… *** Vuln: Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities *** --------------------------------------------- Zend Framework Zend_Feed Component Information Disclosure Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56982 *** PGP, TrueCrypt-encrypted files CRACKED by £300 tool *** --------------------------------------------- Plod at the door? Better yank out that power cable ElcomSoft has built a utility that forages for encryption keys in snapshots of a PCs memory to decrypt PGP and TrueCrypt-protected data. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/20/elcomsoft_t… *** Sicherheitslücke in AMDs Catalyst-Control-Center *** --------------------------------------------- Eigentlich soll das Catalyst-Control-Center von AMD helfen die Treiber für Grafikkarten so aktuell wie möglich zu halten - über ein Ausnutzen der Update-Benachrichtigung kann vermutlich ein manipulierter Treiber untergejubelt werden. --------------------------------------------- http://rss.feedsportal.com/c/32407/f/463925/s/26cbb061/l/0L0Sheise0Bde0Cmel…

1 0

Tageszusammenfassung - Mittwoch 19-12-2012
by Daily end-of-shift report 19 Dec '12

19 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 18-12-2012 18:00 − Mittwoch 19-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** The Only 2013 Cybersecurity Predictions List You Need to Read *** --------------------------------------------- "Please, allow me to save you some time reading all of those Top 10 Cybersecurity Threats of 2013 lists from journalists, bloggers, analysts, vendors and other crackpots. Nearly all of them will include the 10 following threats, in varying orders:The Cloud Lots of vulnerabilities out there. BYOD/Mobile malware Its a problem dealing with all these devices...." --------------------------------------------- http://blogs.cio.com/security/17647/only-2013-cybersecurity-predictions-lis… *** 1-15 December 2012 Cyber Attacks Timeline *** --------------------------------------------- "Christmas is coming quickly, we have just passed the first half of December, and hence its time for the first update of the Cyber Attacks Timeline for December. The Team GhostShell has decided to close the year with a clamorous Cyber Attack, and hence,as part of the project ProjectWhiteFox, has leaked 1. 6 million of accounts from several organizations all over the world...." --------------------------------------------- http://hackmageddon.com/2012/12/17/1-15-december-2012-cyber-attack-timeline/ *** Enterpriser16 LB 7.1 Cross Site Scripting *** --------------------------------------------- Topic: Enterpriser16 LB 7.1 Cross Site Scripting Risk: Low Text:Title: Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: == 2012-12-12 References: == http://ww... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/Pv935OaGGFY/WLB-20… *** [webapps] - SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability *** --------------------------------------------- SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability --------------------------------------------- http://www.exploit-db.com/exploits/23498

1 0

Tageszusammenfassung - Dienstag 18-12-2012
by Daily end-of-shift report 18 Dec '12

18 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Montag 17-12-2012 18:00 − Dienstag 18-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/56846 *** Vuln: Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/56847 *** Vuln: TWiki Multiple Security Vulnerabilities *** --------------------------------------------- TWiki Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/56950 *** Reminder: Java 6 end-of-live February 2013 , (Mon, Dec 17th) *** --------------------------------------------- Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here: http://www.oracle.com/technetwork/java/javase/eol-135779.html --------------------------------------------- http://isc.sans.edu/diary.html?storyid=14719&rss *** Bugtraq: IPv6 Neighbor Discovery security (new documents) *** --------------------------------------------- IPv6 Neighbor Discovery security (new documents) --------------------------------------------- http://www.securityfocus.com/archive/1/525063 *** Cyber Security Bulletin (SB12-352) - Vulnerability Summary for the Week of December 10, 2012 *** --------------------------------------------- "The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability... --------------------------------------------- http://www.us-cert.gov/cas/bulletins/SB12-352.html *** Carberp-in-the-Mobile found on Google Play *** --------------------------------------------- "Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play cant be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps. Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile... --------------------------------------------- http://www.net-security.org/malware_news.php?id=2362 *** Lookout Predicts 18 Million Android Malware Infections by End of 2013 *** --------------------------------------------- "Lookout Mobile Security recently published its mobile threat predictions for 2013, anticipating that 18 million Android users will encounter mobile malware between the beginning of 2012 and the end of 2013."The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0. 20 percent in Japan to 0. 40 percent in the US and as high as 34...." --------------------------------------------- http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-… *** Trojan Upclicker malware infecting PCs via mouse input *** --------------------------------------------- "Windows PC owners be warned theres a new strain of malware out there that befuddles users into helping it accomplish its dirty deeds via mouse clicks. Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors. FireEye researchers Abhishek Singh and Yasir Khalid noted that Trojan Upclicker is a variant... --------------------------------------------- http://www.itproportal.com/2012/12/17/trojan-upclicker-malware-infecting-pc… *** EU to propose mandatory reporting of cyber incidents *** --------------------------------------------- "The European Union may force companies operating critical infrastructure in areas such as banking, energy and stock exchanges to report major online attacks and reveal security breaches, according to draft report by the European Commission. The European Commission is due to present a proposal on cybersecurity in February once it has received feedback from the European Parliament and EU countries. The proposal was initially announced in May for the third quarter this year but has been... --------------------------------------------- http://www.euractiv.com/infosociety/eu-propose-mandatory-reporting-c-news-5…

1 0

Tageszusammenfassung - Montag 17-12-2012
by Daily end-of-shift report 17 Dec '12

17 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Freitag 14-12-2012 18:00 − Montag 17-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner *** Vuln: MyBB DyMy User Agent Plugin SQL Injection Vulnerability *** --------------------------------------------- MyBB DyMy User Agent Plugin SQL Injection Vulnerability --------------------------------------------- http://www.securityfocus.com/bid/56931 *** Bugtraq: Wordpress Pingback Port Scanner *** --------------------------------------------- Wordpress Pingback Port Scanner --------------------------------------------- http://www.securityfocus.com/archive/1/525045 *** Bugtraq: DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) *** --------------------------------------------- DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) --------------------------------------------- http://www.securityfocus.com/archive/1/525044 *** ENISA - Introduction to Return on Security Investment *** --------------------------------------------- "As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention...." --------------------------------------------- http://www.enisa.europa.eu/activities/cert/other-work/introduction-to-retur… *** Foswiki Remote code execution and other vulnerabilities in MAKETEXT *** --------------------------------------------- Topic: Foswiki Remote code execution and other vulnerabilities in MAKETEXT Risk: High Text: + Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This ... --------------------------------------------- http://feedproxy.google.com/~r/securityalert_database/~3/8WkKh9Nz_ZM/WLB-20… *** Eurograbber: A Smart Trojan Attack - Hackers Methods Reveal Banking Know-How *** --------------------------------------------- "The Eurograbber banking Trojan is an all-in-one hit, researchers say. It successfully compromises desktops and mobile devices, and has gotten around commonly used two-factor authentication practices in Europe. How can banking institutions defend themselves and their customers against this super-Trojan attack?..." --------------------------------------------- http://www.bankinfosecurity.com/eurograbber-smart-trojan-attack-a-5359?rf=2…

1 0

Tageszusammenfassung - Freitag 14-12-2012
by Daily end-of-shift report 14 Dec '12

14 Dec '12

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 13-12-2012 18:00 − Freitag 14-12-2012 18:00 Handler: Christian Wojner Co-Handler: n/a *** Internet Explorer rats out the mouse - Update *** --------------------------------------------- "Company Spider. io warns that Internet Explorer allows a users mouse position to be determined even if the mouse cursor is located outside of the browser window or the browser window isnt being displayed at all either because it is minimised or the user has switched to view another tab or window. This is potentially dangerous because it enables web pages to intercept sensitive data that is being entered via virtual keyboards and virtual keypads, say the researchers...." --------------------------------------------- http://www.h-online.com/security/news/item/Internet-Explorer-rats-out-the-m… *** Bugtraq: Addressbook v8.1.24.1 Group Name XSS *** --------------------------------------------- Addressbook v8.1.24.1 Group Name XSS --------------------------------------------- http://www.securityfocus.com/archive/1/525027 *** New Trojan attempts SMS fraud on OS X users *** --------------------------------------------- "The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud. The new malware is a Trojan horse, dubbed "Trojan. SMSSend...." --------------------------------------------- http://news.cnet.com/8301-1009_3-57558780-83/new-trojan-attempts-sms-fraud-… *** Apple updates OS X malware definitions for new fake-installer/SMS trojan *** --------------------------------------------- "MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as TrojanSMSSend...." --------------------------------------------- http://9to5mac.com/2012/12/13/apple-updates-os-x-malware-definitions-for-ne… *** Backdoor Found at NDIS Level *** --------------------------------------------- "It is one thing to have a piece of malware that can focus on targeted attacks, but it is quite another to have it also be nearly invisible. That is just what a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel. A, is able to do, said researchers at Microsofts Malware Protection Center...." --------------------------------------------- http://www.isssource.com/backdoor-found-at-ndis-level/ *** New Attacks from Gameover Gang *** --------------------------------------------- "Millions of emails, which pose as coming from major U.S. banks, are spamming out, according to Dell SecureWorks Counter Threat Unit. The fake but convincing-looking emails appeal to a more security-minded banking customer: You have received a new encrypted message or a secure message from [XYZ] Bank, one of the email campaigns said, noting the bank has set up a secure email exchange for its customers as a way to allay privacy and security concerns. The message includes an infected --------------------------------------------- http://www.isssource.com/new-attacks-from-gameover-gang/ *** Yet another eavesdrop vulnerability in Cisco phones *** --------------------------------------------- Security groundhog day A university student presenting at the Amphion Forum has demonstrated turning a Cisco VoIP phone into a listening device, even when it's on the hook. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2012/12/13/cisco_voip_… *** Dexter malware targets point of sale systems worldwide *** --------------------------------------------- "You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems. First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking providers...." --------------------------------------------- http://www.theregister.co.uk/2012/12/14/dexter_malware_targets_pos_systems/ *** Top 7 security predictions for 2013 *** --------------------------------------------- "A seismic shift in who controls the Internet? Another Mac malware outbreak? Your smart TV being highjacked for a DDoS attack?..." --------------------------------------------- http://www.net-security.org/secworld.php?id=14120 *** [DNB] Joomla, WordPress Sites Hit by IFrame Injection Attacks *** --------------------------------------------- '....Users of the popular Joomla content management system are being urged by security experts to upgrade to the latest version after reports of exploits being used to compromise websites built on the platform......' --------------------------------------------- https://threatpost.com/en_us/blogs/joomla-wordpress-sites-hit-iframe-inject…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily