=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-12-2012 18:00 − Freitag 07-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Sieben Microsoft-Patches auf einen Streich am Patchday ***
---------------------------------------------
Microsoft kündigte an, anlässlich seines Dezember-Patchdays am kommenden Dienstag sieben Patch-Pakete (Bulletins) herauszugeben, die insgesamt elf Sicherheitslücken schließen. Fünf der Patch-Pakete stuft das Unternehmen als kritisch ein; sie schließen Lücken, die das Einschleusen von Schadcode aus der Ferne erlauben.
---------------------------------------------
http://www.heise.de/security/meldung/Sieben-Microsoft-Patches-auf-einen-Str…
*** Viele beliebte Windows-Programme unzureichend gesichert ***
---------------------------------------------
Der Autor der Software SlopFinder beschreibt, dass viele beliebte Windows-Programme selbst grundlegende Schutzmechanismen nicht verwenden. So soll bei DEP (Data Execution Prevention) der Prozessor über ein Flag (NX-Bit) die Ausführung von eingeschleustem Schadcode im Datenbereich verhindern.
---------------------------------------------
http://www.heise.de/security/meldung/Viele-beliebte-Windows-Programme-unzur…
*** RSA boss predicts "catastrophic" cyber attack ***
---------------------------------------------
"A large-scale attack on critical infrastructure will soon become a reality, according to RSA chief executive Art Coviello. The security boss said that poor government security protections combined with increasingly sophisticated attack techniques has left critical infrastructure at risk for attacks which could cause widespread damage."I abhor the phrase Cyber Pearl Harbor because I think it is a poor metaphor to describe the state I believe we are in," Coviello
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2229201/rsa-boss-art-coviello-predicts-catas…
*** Skynet, a Tor-powered botnet straight from Reddit ***
---------------------------------------------
FROM: Matthias Fraidl <fraidl(a)cert.at>
Following is an overview of this malware labelled by the creator as
Skynet: a Tor-powered trojan with DDoS, Bitcoin mining and Banking
capabilities, that we observed spreading through the veins of Usenet.
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor…
---------------------------------------------
/taranis/mod_assess/show_mail.pl?id=1826
*** BlackHole Exploit Kit Has Difficulties in Infecting Chrome Users, Experts Say ***
---------------------------------------------
"The notorious BlackHole exploit kit has been around for quite some time now, with new iterations being released periodically. While it can be considered one of the most efficient cybercriminal tools, BlackHole doesnt like it when its victims utilize Googles Chrome web browser. According to experts from Blue Coat, when potential victims are tricked into clicking on links that point to BlackHole-infested websites, theyre presented with a loading or a please wait message, while in the
---------------------------------------------
http://news.softpedia.com/news/BlackHole-Exploit-Kit-Has-Difficulties-in-In…
*** New Trojan Exploits Mobile Channel - Eurograbber Defeats Two-Factor Authentication ***
---------------------------------------------
"Eurograbber is more than just another banking Trojan. Its an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Points Darrell Burkey. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks...."
---------------------------------------------
http://www.bankinfosecurity.com/interviews/new-trojan-exploits-mobile-chann…
*** WhatsApp schließt Lücke erneut, aber nicht überall ***
---------------------------------------------
Das Katz-und-Maus-Spiel um die Sicherheit von WhatsApp geht in die nächste Runde: Nachdem heise Security vor rund einer Woche demonstriert hatte, dass die Android-Version nach wie vor anfällig für Account-Hijacking ist, bietet der Betreiber nun WhatsApp-Version 2.8.8968 über Google Play an, die eine verbesserte Rufnummern-Verifikation verspricht.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-schliesst-Luecke-erneut-aber-…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-12-2012 18:00 − Mittwoch 05-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** SHA1-Schwäche begünstigt Passwortknacker ***
---------------------------------------------
Jens Steube, einer der Autoren des populären Passwortknackers Hashcat, hat eine "Schwäche im kryptografischen Hash-Verfahren SHA1" (PDF-Datei) ausgemacht, die es ihm erlaubt, das Knacken von Passwörtern um etwa 20 Prozent zu beschleunigen.
---------------------------------------------
http://www.heise.de/security/meldung/SHA1-Schwaeche-beguenstigt-Passwortkna…
*** ATM Thieves Swap Security Camera for Keyboard ***
---------------------------------------------
This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like childs play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/kPS5w9ExcfQ/
*** Twitter’s deathless spoofing bug gets the heart-stake again ***
---------------------------------------------
Facebook, Venmo also plug SMS vuln Twitter says it has plugged its years-old SMS spoofing vulnerability after yet-another disclosure, this time by security consultant Jonathan Rudenberg. Facebook and social payments outfit Venmo have also blocked the vulnerability.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/05/twitter_dum…
*** Security Patch released for BIND 9.9.2, (Wed, Dec 5th) ***
---------------------------------------------
A security patch was released for BIND 9.9.2. The patch addresses 26 different bugs and/or security issues. Update your bind DNS server to version 9.9.2-P1. Updates can be downloaded here: http://www.isc.org/downloads/all More information is available here: https://kb.isc.org/article/AA-0082 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14641&rss
*** Apache Tomcat CSRF Prevention Filter Bypass ***
---------------------------------------------
Topic: Apache Tomcat CSRF Prevention Filter Bypass Risk: Low Text:CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/llUlhAAXXjo/WLB-20…
*** Apache Tomcat Security Bypass ***
---------------------------------------------
Topic: Apache Tomcat Security Bypass Risk: Medium Text:CVE-2012-3546 Apache Tomcat Bypass of security constraints Severity: Important Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bHs7rEreGXQ/WLB-20…
*** HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03464042
*** HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS) ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03556108
*** HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
*** Sophos Security Threat Report 2013: Norway Is the Safest Country ***
---------------------------------------------
"Sophos has just released its Security Threat Report 2013. The study focuses on topics such as Mac malware, targeted attacks, polymorphic attacks, ransomware, Android threats, Java attacks, and the BlackHole exploit kit. An interesting part of the report is the one which details the 10 riskiest and the 10 safest countries in the world...."
---------------------------------------------
http://news.softpedia.com/news/Sophos-Security-Threat-Report-2013-Norway-Is…
*** New 25-GPU Monster Devours Strong Passwords In Minutes ***
---------------------------------------------
chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cC50oUE-O1A/story01.htm
*** The Citadel crimeware kit - under the microscope ***
---------------------------------------------
Ever since the source code of the Zeus crimeware kit, also known as
Zbot, was leaked onto the internet in May 2011, many new variants have
appeared. These have typically added new features and improved on the
old code. One particularly prevalent example is Citadel.
---------------------------------------------
http://nakedsecurity.sophos.com/2012/12/05/the-citadel-crimeware-kit-under-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 03-12-2012 18:00 − Dienstag 04-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Instagram-App anfällig für Account-Hijacking ***
---------------------------------------------
Der Netzwerkverkehr der Instagram-App ist offenbar unzureichend geschützt: Wie der Sicherheitsexperte Carlos Reventlov berichtet, kommuniziert die App der Fotogemeinde unverschlüsselt über HTTP mit dem Instagram-Server. Ein Angreifer kann beim Belauschen des Datenverkehrs laut Reventlov ein Session-Cookie stehlen und damit im Kontext des Belauschten auf den Nutzerbereich von instagram.com zugreifen.
---------------------------------------------
http://www.heise.de/security/meldung/Instagram-App-anfaellig-fuer-Account-H…
*** Bugtraq: FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability ***
---------------------------------------------
FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524894
*** Bugtraq: ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities ***
---------------------------------------------
ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524892
*** Vuln: OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability ***
---------------------------------------------
OpenStack Keystone CVE-2012-5571 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56726
*** Vuln: OpenStack Token Expiration Security Bypass Vulnerability ***
---------------------------------------------
OpenStack Token Expiration Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56727
*** Vrublevsky Sues Kaspersky ***
---------------------------------------------
The co-founder and owner of ChronoPay, one of Russias largest e-payment providers, is suing Russian security firm Kaspersky Lab, alleging that the latter published defamatory blog posts about him in connection with his ongoing cybercrime trial.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/7qcGBLXbf74/
*** Vuln: Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability ***
---------------------------------------------
Samsung and Dell printers Firmware Backdoor Unauthorized Access Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56692
*** Bugtraq: SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion ***
---------------------------------------------
SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion
---------------------------------------------
http://www.securityfocus.com/archive/1/524903
*** Snort-2.9.4 has been released, (Mon, Dec 3rd) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14629&rss
*** Vuln: Oracle MySQL acl_get() Buffer Overflow Vulnerability ***
---------------------------------------------
Oracle MySQL acl_get() Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56769
*** Bug Hunter Finds Blended Threat Targeting Yahoo Web Site ***
---------------------------------------------
"A Romanian bug hunter has discovered a "blended threat" targeting Yahoos Developer Network Web site that allows unauthorized access to Yahoo users emails and private profile data. At a security conference Sunday, Sergiu Dragos Bogdan demonstrated an abbreviated version of an attack using the YQL console on developer. yahoo...."
---------------------------------------------
http://threatpost.com/en_us/blogs/bug-hunter-finds-blended-threat-targeting…
*** Rumble in the Tumblr: Troll-worm infected thousands of blogs ***
---------------------------------------------
Infamous crew unleashed JavaScript nasty on trendy journals A worm spread like wildfire across Tumblr on Monday, defacing pages on the blogging website with an abusive message penned by a notorious trolling crew.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/04/tumblr_java…
*** Post aus der Vergangenheit: Security-Fix nach 8 Jahren ***
---------------------------------------------
Das Advisory von Januar 2005 war eines von hunderten, ähnlich gearteten dieser Zeit: Eine PHP-Applikation überprüft die Parameter einer Datenbankabfrage nicht und als Resultat kann ein Angreifer mit speziellen URLs beliebige Datenbankbefehle einschleusen. Das besondere an diesem Bug-Report zu PHP Gift Registry: Nach über 7 Jahren hat sich der Autor der Software die Mühe gemacht, dann doch noch zu antworten.
---------------------------------------------
http://www.heise.de/security/meldung/Post-aus-der-Vergangenheit-Security-Fi…
*** Schnelles Passwort-Knacken bei MySQL ***
---------------------------------------------
Der Hacker mit dem Pseudonym KingCope hat erneut eine Sicherheitsproblematik der beliebten MySQL-Datenbank veröffentlicht. Durch eine bereits bekannte Eigenart der Benutzerverwaltung ist es möglich, die Geschwindigkeit einer BruteForce-Attacke signifikant zu erhöhen. Beim sogenannten "Brute Forcing" wird einfach eine Vielzahl möglicher Passwörter durchprobiert, um so das tatsächliche Passwort des angegriffenen Kontos zu erraten.
---------------------------------------------
http://www.heise.de/security/meldung/Schnelles-Passwort-Knacken-bei-MySQL-1…
*** Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling ***
---------------------------------------------
Topic: Centrify Deployment Manager v2.1.0.283 /tmp insecure file handling Risk: Medium Text:Centrify Deployment Manager v2.1.0.283 While at a training session for centrify, I noticed poor handling of files in /tmp. I...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/6ZYCFcfGM0w/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 30-11-2012 18:00 − Montag 03-12-2012 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Bugtraq: NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator ***
---------------------------------------------
NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator
---------------------------------------------
http://www.securityfocus.com/archive/1/524879
*** Schöne Bescherung - Hacker veröffentlicht Exploits für MySQL und SSH ***
---------------------------------------------
Der berüchtigte Hacker mit dem Pseudonym KingCope hat offenbar seine Altbestände ausgemistet und zum ersten Advent eine ganze Reihe von Exploits veröffentlicht, die zum Teil schon aus dem Jahr 2011 stammen. Primäres Ziel ist die mittlerweile von Oracle übernommene Open-Source-Datenbank MySQL; aber auch die SSH-Server der Firma SSH und FreeSSHd/FreeFTPd sind akut gefährdet.
---------------------------------------------
http://www.heise.de/security/meldung/Schoene-Bescherung-Hacker-veroeffentli…
*** The top 25 computing coding errors that lead to 85% of criminal internet activity ***
---------------------------------------------
"The list is being hailed as a major breakthrough that should gradually make theInternet much safer. "When consumers see that most vulnerabilities are caused by amere 25 weaknesses, a new standard for due diligence is likely to emerge," saysKonrad Vesey, a member of the National Security Agencys Information AssuranceDirectorate...."
---------------------------------------------
http://www.sans.org/top25-software-errors/#s4
*** OurWebFTP 5.3.5 Cross Site Scripting ***
---------------------------------------------
Topic: OurWebFTP 5.3.5 Cross Site Scripting Risk: Low Text:HTTPCS Advisory : HTTPCS112 Product : OurWebFTP Version : 5.3.5 Page : /index.php Variables : mwb_control2=Enter&mw...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Z9CTYZ5_rmc/WLB-20…
*** Libsyn Cross Site Scripting ***
---------------------------------------------
Topic: Libsyn Cross Site Scripting Risk: Low Text:As you can see from my publications for last five years, I like holes which are placed at hundreds or millions of web sites. S...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/xmo2Up5J5oE/WLB-20…
*** FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities ***
---------------------------------------------
Topic: FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities Risk: Low Text:Title: FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: == 2012-12-01 References: == http://...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/WC5HCX-SaKI/WLB-20…
*** Critical infrastructure systems should never have moved online, warn security experts ***
---------------------------------------------
"UK businesses linked to critical infrastructure areas have opened themselves up to cyber attacks by prematurely moving key systems online, according to prominent security experts. Co-founder of information security site The Jericho Forum, Paul Simmonds, highlighted the fact that the desire to cut costs by moving systems online has left firms vulnerable to cyber attacks."Im worried were rushing headlong into connecting parts of critical infrastructure items to the internet," ...
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2228538/critical-infrastructure-systems-shou…
*** Blogger demonstrieren gewieften Passwortklau ***
---------------------------------------------
Mitarbeitern der Firma Neophasis haben herausgefunden, dass mit relativ einfachen Mitteln Passwörter und andere Nutzerdaten per JavaScript-Modifikationen aus Web-Browsern abgegriffen werden können. Dass der Diebstahl über eine oft genutzte Tastenkombination funktioniert, macht die Schwachstelle gefährlich.
---------------------------------------------
http://www.heise.de/security/meldung/Blogger-demonstrieren-gewieften-Passwo…
*** Opera Web Browser 12.11 WriteAV Vulnerability ***
---------------------------------------------
Topic: Opera Web Browser 12.11 WriteAV Vulnerability Risk: Medium Text:Title : Opera Web Browser 12.11 WriteAV Vulnerability Version : 12.11 Build 1661 and 12.12 Date : 2012-12-03 Vend...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bY9KoqQu62A/WLB-20…
*** Safety First: That Means Mobile Banking ***
---------------------------------------------
"The answer surprises; here is the question: Is it safer to bank using a desktop computer or an app on a mobile phone? The answer is that, all considered, you are vastly safer with that mobile banking app."Fraudsters go after the low-hanging fruit, and that is PC-based banking," said Andreas Baumhof, chief technology officer at ThreatMetrix, in an interview. There is substantially more traffic over online banking channels than there is mobile, and thus the keener interest of ...
---------------------------------------------
http://www.themobilityhub.com/author.asp?section_id=2262&doc_id=254931
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 29-11-2012 18:00 − Freitag 30-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Server der Atombehörde IAEA erneut attackiert ***
---------------------------------------------
Die Internationale Atombehörde IAEA wurde zum zweiten Mal binnen weniger Tage attackiert. Dabei sollen Hacker geheime Daten gestohlen haben. Über die Herkunft der Hacker ist nichts bekannt, bei den zweiten Angreifern könnte es sich allerdings um Mitglieder von Anonymous handeln.
---------------------------------------------
http://futurezone.at/netzpolitik/12741-server-der-atombehoerde-iaea-erneut-…
*** Virtualization Security: Protecting Virtualized Environments ***
---------------------------------------------
"Virtualization changes the playing field when it comes to security. There are new attack vectors, new operational patterns and complexity, and changes in IT architecture and deployment life cycles. Whats more, the technologies, best practices, and strategies used for securing physical environments do not provide sufficient protection for virtual environments...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14030
*** Sprachtwittern für Syrer ***
---------------------------------------------
Nachdem Syrien seit Donnerstag nahezu komplett vom Internet abgeschnitten ist haben Google und Twitter den Dienst "speak2tweet" wieder aufgenommen. Der Dienst nimmt Sprachnachrichten unter vier internationalen Rufnummern an, legt sie auf Google-Servern ab und veröffentlicht die Links auf Twitter (siehe da auch #SyriaBlackout).
---------------------------------------------
http://www.heise.de/security/meldung/Sprachtwittern-fuer-Syrer-1760015.html…
*** Mail hackt Router ***
---------------------------------------------
Eine ganze Reihe von Routern von Arcor, Asus und TP-Link sind anfällig für eine ungewollte Fernkonfiguration. Der Sicherheitsforscher Bogdan Calin demonstriert in seinem Blog eindrucksvoll, dass im Netz der Router schon das Anzeigen einer Mail weitreichende Konsequenzen haben kann: Seine speziell präparierte Testmail konfiguriert beim Öffnen den WLAN-Router so um, dass der Internet-Datenverkehr umgeleitet wird.
---------------------------------------------
http://www.heise.de/security/meldung/Mail-hackt-Router-1759354.html/from/at…
*** Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html, (Fri, Nov 30th) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14599&rss
*** Microsoft Security Essentials Loses AV-Test Certificate ***
---------------------------------------------
helix2301 writes "Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didnt pass the test to achieve certification. Although that may not sound that impressive, Microsofts program was the only one which didnt receive AV-Tests certificate. For comparison, the other free antivirus software, including Avast, AVG
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/jXCBvPS16VQ/story01.htm
*** Hotel-Einbrecher werden zu Arduino-Tüftlern ***
---------------------------------------------
Der auf der diesjährigen Hackerkonferenz BlackHat demonstrierte Angriff auf die elektronischen Türschlösser der Marke Onity HT wurde weiter perfektioniert und möglicherweise auch schon von Einbrechern eingesetzt. Inzwischen gibt es im Netz eine Vielzahl detaillierter Anleitungen und Videos über das Aushebeln der Türsperre.
---------------------------------------------
http://www.heise.de/security/meldung/Hotel-Einbrecher-werden-zu-Arduino-Tue…
*** Crooks inject malicious Java applet into FOREX trading website ***
---------------------------------------------
VXers wouldnt give a XXXX for anything else A FOREX trading website has been contaminated with a malicious Java applet that is designed to install malware on the systems of visiting surfers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/30/forex_tradi…
*** Latest phishing security test shows Chrome is the best, followed by IE10, Safari, and then Firefox ***
---------------------------------------------
"Phishing scams are becoming more and more prevalent, but thankfully browser makers have also stepped up their game: the average phishing URL catch rate in the top four browsers has jumped from 46 percent in 2009 to 92 percent in 2012 and the average time it took to block a new phishing URL also improved from 16. 43 hours to 4. 87 hours...."
---------------------------------------------
http://thenextweb.com/apps/2012/11/28/latest-phishing-security-test-shows-c…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 28-11-2012 18:00 − Donnerstag 29-11-2012 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** New version of wireshark is available (1.8.4), some security fixes included. , (Wed, Nov 28th) ***
---------------------------------------------
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14587&rss
*** Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime ***
---------------------------------------------
"In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been launched, including stock takings of legal and operational obstacles that prevent collaboration, advice resulting from that, workshops that brought together members of both communities, consultation with members of both communities, etc. It was soon
---------------------------------------------
http://www.enisa.europa.eu/activities/cert/support/fight-against-cybercrime…
*** Vuln: OpenDNSSEC cURL API Security Bypass Vulnerability ***
---------------------------------------------
OpenDNSSEC cURL API Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56679
*** How to Minimize Medical Device Risks - Ethical Hacker Offers Action Items ***
---------------------------------------------
"Malware and hackers present potential security threats to wireless medical devices and safety risks to the patients who use them. But healthcare organizations and device manufacturers can take several steps to curtail those risks, says an ethical hacker who has demonstrated the vulnerability of various devices. Barnaby Jack, director of embedded device security at services firm IOActive, recently demonstrated how an implanted wireless heart defibrillator can be hacked from 50 feet away to
---------------------------------------------
http://www.healthcareinfosecurity.com/how-to-minimize-medical-device-risks-…
*** [webapps] - Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities ***
---------------------------------------------
Oracle OpenSSO 8.0 Multiple XSS POST Injection Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/23004
*** Bugtraq: Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability ***
---------------------------------------------
Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524863
*** WhatsApp: Schwere Sicherheitslücke entdeckt ***
---------------------------------------------
Über die Handynummer sowie die Seriennummer kann relativ einfach das WhatsApp-Passwort erzeugt und so ein fremder Accounts übernommen werden. Das hat das deutsche Online-Portal heise Security aufgedeckt. Die Entwickler von WhatsApp wollen aber offenbar nichts von der Lücke wissen.
---------------------------------------------
http://futurezone.at/produkte/12738-whatsapp-schwere-sicherheitsluecke-entd…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 27-11-2012 18:00 − Mittwoch 28-11-2012 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Java Zero-Day Exploit on Sale for ‘Five Digits’ ***
---------------------------------------------
Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracles Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/P9epzhQazQ0/
*** Cooperation is key for Europes cyber security - Conclusion of ENISA Brussels event ***
---------------------------------------------
"A high-level event organised by Europes cyber security agency, ENISA, recognised closer cyber cooperation and mutual support as key factors for boosting cyber security for Europes citizens, governments and businesses. The meeting, held today (27th November) in Brussels, was led by ENISAs Executive Director, Professor Udo Helmbrecht, and brought together key figures from the European Parliament, European Commission and the computer industry. Participants included Ms Amelia Andersdotter,
---------------------------------------------
http://mb.cision.com/Main/119/9341197/71035.pdf
*** Sysadmin creates tool to scour web for hacked data ***
---------------------------------------------
"A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards. Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin. Or it could scour Stack Exchange for intellectual property code
---------------------------------------------
http://www.itnews.com.au/News/324176,sysadmin-creates-tool-to-scour-web-for…
*** Vuln: Tor Remote Denial of Service Vulnerability ***
---------------------------------------------
Tor Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56675
*** Yahoo zero day exploit goes on sale for $700 ***
---------------------------------------------
"A hacker has begun selling what they claim is a zero-day exploit that will let criminals hijack control of Yahoo Mail users accounts. The hacker, who goes by the moniker TheHell, posted a video marketing a $700 exploit kit on the secretive Darkode cybercrime market on Monday. The video was later spotted and re-posted onto YouTube by security blogger Brian Krebs."Im selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers...."
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2227722/yahoo-zero-day-exploit-goes-on-sale-…
*** DNS servers filled with wrong Kool-Aid, big names waylaid in Romania ***
---------------------------------------------
Microsoft, Yahoo!, Google, PayPal all graffitid A hacker today redirected web surfers looking for Yahoo, Microsoft or Google to a page showing a TV test card by apparently poisoning Googles public DNS system.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/28/google_roma…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 26-11-2012 18:00 − Dienstag 27-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Call for Entries: RSA Conference 2013 Innovation Sandbox ***
---------------------------------------------
"RSA Conference (www. rsaconference. com), the worlds leading information security conferences and expositions, today announced its annual Innovation Sandbox program has opened a call for submissions to name the Most Innovative Company at RSA Conference 2013...."
---------------------------------------------
http://www.virtual-strategy.com/2012/11/26/call-entries-rsa%C2%AE-conferenc…
*** Hintertür in Traffic-Analyse-Software Piwik ***
---------------------------------------------
Über eine nachträglich eingefügte Hintertür in der Web-Server-Analyse-Software Piwik können Angreifer die volle Kontrolle über das System erlangen. Wer Piwik in den vergangenen Wochen vom Server des Open-Source-Projekts geladen und installiert hat, sollte seine Server sofort überprüfen.
---------------------------------------------
http://www.heise.de/security/meldung/Hintertuer-in-Traffic-Analyse-Software…
*** CyberCity allows government hackers to train for attacks ***
---------------------------------------------
"CyberCity has all the makings of a regular town. Theres a bank, a hospital and a power plant. A train station operates near a water tower...."
---------------------------------------------
http://www.washingtonpost.com/investigations/cybercity-allows-government-ha…
*** Go Daddy Resets Passwords of Customers Whose Sites Are Used to Spread Malware ***
---------------------------------------------
"Last week, researchers found that cybercriminals were altering the DNS records of Go Daddy websites in an effort to redirect their visitors to their own malware-spreading domains. Go Daddy reveals that the attackers compromised the accounts by phishing out the affected customers credentials. Go Daddy representatives have told The Next Web that theyve begun identifying the affected accounts...."
---------------------------------------------
http://news.softpedia.com/news/Go-Daddy-Resets-Passwords-of-Customers-Whose…
*** Yahoo! email! hijack! exploit!... Yours! for! $700! ***
---------------------------------------------
Cybercrook: Its a bargain, guys... They usually cost way more A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts, according to a hacker who is offering to sell an alleged zero-day vulnerability exploit for $700.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/27/yahoo_email…
*** Samsung-Netzwerkdrucker mit Hintertür ***
---------------------------------------------
Das US-CERT warnt vor einem fest einprogrammierten Administrator-Account in Samsung-Druckern, der die volle Kontrolle über die Geräte ermöglicht.
---------------------------------------------
http://www.heise.de/security/meldung/Samsung-Netzwerkdrucker-mit-Hintertuer…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 23-11-2012 18:00 − Montag 26-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Mystery Chrome 0-day exploit to be unveiled in India on Saturday ***
---------------------------------------------
I dont want $60k, I want FAME? A Georgian security researcher is due to present details of an unpatched vulnerability in Googles Chrome browser at the Malcon security conference in India over the weekend.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/23/mystery_chr…
*** eBay schließt kritische Sicherheitslöcher ***
---------------------------------------------
Das Online-Auktionshaus hat unter anderem eine Lücke geschlossen, durch die man lesend und schreibend auf eine seiner Datenbanken zugreifen konnte.
---------------------------------------------
http://www.heise.de/security/meldung/eBay-schliesst-kritische-Sicherheitslo…
*** Dreamhost Breached, Server & client information leaked ***
---------------------------------------------
A pastebin user using the handle Syst3mswt has posted a a dump of server information which appears to come from the well known and popular web hosting service Dream Host (http://www.dreamhost.com).
---------------------------------------------
http://www.cyberwarnews.info/2012/11/24/dreamhost-breached-server-client-in…
*** Digitally signed ransomware lurking in the wild ***
---------------------------------------------
"Trend Micro researchers have spotted two ransomware variants bearing the same (probably stolen) digital signature in order to fool users into running the files. Other than that, the malware acts like any other ransomware: it blocks the victims computer and shows messages that seem to come either from the FBI or the UKs Police Central e-crime Unit:"Users may encounter these files by visiting malicious sites or sites exploiting a Java vulnerability," say the researchers...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2331
*** Symantec Warns of New Malware Targeting SQL Databases ***
---------------------------------------------
"Symantec is warning of a new bit of malware that appears to be modifying corporate databases, particularly in the Middle East, though its showing up elsewhere in the world too. W32. Narilam, first discovered Nov. 15, follows a similar pattern of other worms by copying itself onto infected machines, adding registry keys and propogating through removable drives and network shares...."
---------------------------------------------
http://threatpost.com/en_us/blogs/symantec-warns-new-malware-targeting-sql-…
*** Google.com.pk and 284 Other .PK Domains Hacked ***
---------------------------------------------
ryzvonusef writes with news that hackers have taken down the local Pakistan versions of many popular websites, including google.com.pk, apple.pk, microsoft.pk and yahoo.pk. 284 sites were affected in total. Many of the sites were defaced, and a group called Eboz is taking credit for the hack. According to TechCrunch, "The root of today's attack, it seems, came via a breach of Pakistan's TLD operator, PKNIC, which administers and registers all .pk domains. Looking at affected
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/iiSda5ExrUk/story01.htm
*** New Cyber Security challenges take on Stuxnet and Malware ***
---------------------------------------------
"The Cyber Security Challenge UK has launched four new cyber challenges for budding information security experts. Professional teams from Orange, Prodrive, (ISC)2, the SANS Institute, QiniteQ and Sophos will be testing over 100 amatuer cyber defenders who will qualify via the first-round virtual contest. The challengers will have the opportunity to compete in one of four competitions:The Orange and Prodrive Risk Analysis Candidates will have to develop a complex security architecture to
---------------------------------------------
http://www.info4security.com/story.asp?sectioncode=9&storycode=4129799&c=1
*** 1-15 November 2012 Cyber Attacks Statistics ***
---------------------------------------------
"This November 2012 seems really to be endless from an Information Security Perspective. We have assisted so far to a remarkable number of Cyber Attacks. As usual is it time to provide the partial snapshot of November taken from the corresponding Cyber Attack Timeline and covering the first half of the month...."
---------------------------------------------
http://hackmageddon.com/2012/11/23/1-15-november-2012-cyber-attacks-statist…
*** EU plant Meldepflicht für Cyber-Attacken ***
---------------------------------------------
Zum besseren Schutz vor Cyber-Attacken denkt die EU auch über eine Meldepflicht von Cyberattacken für Unternehmen nach. "Ich bin ein großer Befürworter von Selbstregulierung, aber in diesem Fall fürchte ich, dass wir damit nicht weiterkommen", sagte die für die Digitale Agenda zuständige EU-Kommissarin Neelie Kroes der Süddeutschen Zeitung.
---------------------------------------------
http://www.heise.de/newsticker/meldung/EU-plant-Meldepflicht-fuer-Cyber-Att…
*** Phishing-Mail bittet um fotografierte TAN-Liste ***
---------------------------------------------
Die Ideen gehen den Phishern nicht aus: Eine neue Phishing-Mail bittet Kunden der Deutschen Bank AG, ihre TAN-Liste zu fotografieren oder einzuscannen und über eine präparierte Seite hochzuladen.
---------------------------------------------
http://www.heise.de/security/meldung/Phishing-Mail-bittet-um-fotografierte-…
*** Websense Proxy Filter Bypass ***
---------------------------------------------
Topic: Websense Proxy Filter Bypass Risk: Low Text:Websense Proxy Filter Bypass 1. Advisory Information Date published: 2012-11-25 Vendors contacted: Websense Release mo...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/OpLiRLavk6Y/WLB-20…
*** Vuln: ModSecurity POST Parameters Security Bypass Vulnerability ***
---------------------------------------------
ModSecurity POST Parameters Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56096