=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 20-11-2012 18:00 − Mittwoch 21-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Hosting Provider Automatically Fixes Vulnerabilities In Customers Websites ***
---------------------------------------------
An anonymous reader writes "Dutch hosting provider Antagonist announced their in-house developed technology that automatically detects and fixes vulnerabilities in their customers websites. The service is aimed at popular software such as WordPress, Drupal and Joomla. As soon as a vulnerability is detected, we inform the customer. We also explain how the customer can resolve the issue. In case the customer does not respond to our first notice within the next two weeks, we automatically
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/VJkhR6QbCeA/story01.htm
*** PGP Zimmermann teams with Navy SEALs, SAS techies in London ***
---------------------------------------------
Offers Silent Phone crypto to biz, aid workers Encryption guru Phil Zimmermann is going after security conscious users with his new venture Silent Circle, a security start-up offering ultra-secure VoIP and texting services.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/21/silent_circ…
*** Vuln: Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability ***
---------------------------------------------
Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56484
*** Profi-Banking-Trojaner unterstützt SEPA-Überweisungen ***
---------------------------------------------
Cyber-Ganoven versuchen Geld von den Konten deutscher Online-Banking-Kunden über SEPA-Transaktionen abzubuchen, wie die zu Intel gehörende Sicherheitsfirma McAfee berichtet. Durch SEPA werden Transaktionen innerhalb der EU unkomplizierter, da nicht mehr zwischen inländischen und grenzüberschreitenden Vorgängen unterschieden wird.
---------------------------------------------
http://www.heise.de/security/meldung/Profi-Banking-Trojaner-unterstuetzt-SE…
*** HTTP Strict Transport Security als Internet-Standard ***
---------------------------------------------
Die Internet Engineering Task Force (IETF) hat die HTTPS-Sicherung HTTP Strict Transport Security (HSTS) als Internet-Standard im RFC 6797 veröffentlicht. Mit HSTS können einerseits (HTTP-)Server vorgeben, dass man die angebotenen Dienste ausschließlich über sichere, etwa per TLS verschlüsselte Verbindungen erreicht. Andererseits zwingt HSTS auch Anwendungsprogramme (User Agents) dazu, die Kommunikation mit Websites nur über verschlüsselte Verbindungen abzuwickeln.
---------------------------------------------
http://www.heise.de/security/meldung/HTTP-Strict-Transport-Security-als-Int…
*** Bugtraq: ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities ***
---------------------------------------------
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524794
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 19-11-2012 18:00 − Dienstag 20-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Bugtraq: CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers ***
---------------------------------------------
CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers
---------------------------------------------
http://www.securityfocus.com/archive/1/524767
*** Hotfix für ColdFusion 10 ***
---------------------------------------------
Das Update schließt eine DoS-Lücke in der Windows-Version von Adobes Anwendungsserver.
---------------------------------------------
http://www.heise.de/security/meldung/Hotfix-fuer-ColdFusion-10-1752975.html…
*** Vuln: Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities ***
---------------------------------------------
Splunk Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56581
*** An Android Malware Analysis: DroidKungFu ***
---------------------------------------------
"Few users are aware of how Android malware works. Few understand their complexity or the amount of data they can pillage from handsets. As such, we decided to come up with a short series of articles to take apart some of the most common and potentially dangerous Android malware strands that wreak havoc on smartphones...."
---------------------------------------------
http://www.hotforsecurity.com/blog/an-android-malware-analysis-droidkungfu-…
*** Nintendo fixes Wii U network after claims of accidental hack ***
---------------------------------------------
"Just hours after the US launch of Nintendos latest game console, the Wii U, a video game fan claims that he accidentally "hacked" into the consoles online component - the Miiverse. A Wii U user called "Trike" posted on NeoGAF that he had stumbled across a secret debug menu in the Miiverse that gave him access to a Japanese language list of administrators, with seemingly the ability to regenerate passwords and delete the access rights of admins."At first it asked...
---------------------------------------------
http://nakedsecurity.sophos.com/2012/11/19/nintendos-wii-u-network-hack/
*** Malware made which can share a smartcard over the internet ***
---------------------------------------------
Use a bank or ID card as though you had it with you Security researchers have developed proof-of-concept malware that allows attackers to obtain remote access to smart card readers attached to compromised Windows PCs.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/20/smart_card_…
*** Raiffeisen Introduces PhotoTAN to Protect Customer Transactions Against Malware ***
---------------------------------------------
"European banks, which are said to have implemented far more advanced security mechanisms to protect their customers than the ones from the US, are trying to live up to their reputation. Swiss bank Raiffeisen has introduced a new security feature that relies on Crontos Visual Transaction Signing Solution. Available for customers in Switzerland starting today, the CrontoSign is designed to protect online transactions against cyberattacks that rely on clever information-stealing Trojans such...
---------------------------------------------
http://news.softpedia.com/news/Raiffeisen-Introduces-PhotoTAN-to-Protect-Cu…
*** WhatsApp stopft Sicherheitsloch – und verlangt Abo-Gebühren ***
---------------------------------------------
Der Betreiber der beliebten SMS-Alternative WhatsApp hat heimlich Änderungen an seinem Dienst vorgenommen, um eine seit längerer Zeit bekannte Schwachstelle zu stopfen. Auf viele Nutzer wartete jedoch gleich die nächste böse Überraschung: Die WhatsApp-Nutzung kostet auf den meisten Smartphone-Plattformen ab sofort Geld.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-stopft-Sicherheitsloch-und-ve…
*** Bugtraq: OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures ***
---------------------------------------------
OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures
---------------------------------------------
http://www.securityfocus.com/archive/1/524779
*** Bugtraq: SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities ***
---------------------------------------------
SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524777
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 16-11-2012 18:00 − Montag 19-11-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** Bugtraq: [SE-2012-01] Security vulnerabilities in Java SE (details released) ***
---------------------------------------------
[SE-2012-01] Security vulnerabilities in Java SE (details released)
---------------------------------------------
http://www.securityfocus.com/archive/1/524746
*** Bugtraq: DC4420 - London DEFCON - November meet - Tuesday 20th November ***
---------------------------------------------
DC4420 - London DEFCON - November meet - Tuesday 20th November
---------------------------------------------
http://www.securityfocus.com/archive/1/524745
*** Stealing VM Keys from the Hardware Cache ***
---------------------------------------------
"This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the...
---------------------------------------------
http://www.schneier.com/blog/archives/2012/11/stealing_vm_key.html
*** Whats stopping your company from implementing full disk encryption? ***
---------------------------------------------
"You may have heard about the stolen NASA laptop, with its large amount of personally identifiable information of at least 10,000 NASA employees and contractors. The surprising question here, of course, has to do with the glaring absence of encryption. NASA says that that the laptop in question is scheduled to get encryption, though it would seem that not all laptops will get the same treatment...."
---------------------------------------------
http://www.fiercecio.com/techwatch/story/whats-stopping-your-company-implem…
*** perl-CGI Newline injection in Set-Cookie and P3P headers ***
---------------------------------------------
Topic: perl-CGI Newline injection in Set-Cookie and P3P headers Risk: Low Text:header() can generate Set-Cookie and P3P headers which contain invalid newlines. use CGI qw/header/; print header( -c...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/CF3xwRXWBfs/WLB-20…
*** NFR Agent FSFUI Record File Upload RCE ***
---------------------------------------------
Topic: NFR Agent FSFUI Record File Upload RCE Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zr0GNt7G1z0/WLB-20…
*** FreeBSD Project Discloses Security Breach Via Stolen SSH Key ***
---------------------------------------------
An anonymous reader writes "Following recent compromises of the Linux kernel.org and Sourceforge, the FreeBSD Project is now reporting that several machines have been broken into. After a brief outage, ftp.FreeBSD.org and other services appear to be back. The project announcement states that some deprecated services (e.g., cvsup) may be removed rather than restored. Users are advised to check for packages downloaded between certain dates and replace them, although not because known trojans...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KpcXI-S6fFw/freebsd-project…
*** Hackers Hate MVIS Security Center - the New WordPress Security Plugin ***
---------------------------------------------
"SEC Consult launches the beta phase of MVIS Security Center, an enterprise-grade security plugin for WordPress, the worlds most widely used content management system (CMS). WordPress attracts millions of users from around the world, and these users are facing increasing attacks from hackers. Even more alarming, these attacks occur on all types of websites, big or small which makes security an indispensable part of creating websites...."
---------------------------------------------
http://news.yahoo.com/hackers-hate-mvis-security-center-wordpress-security-…
*** Trojaner benutzt Google Docs als Kommunikationskanal ***
---------------------------------------------
Ein neue entdeckter Trojaner verwendet die Viewer-Funktion von Googles Office-Anwendung, um Verbindung mit seinem Kontrollrechner aufzunehmen. Google könnte das mit einer Firewall unterbinden.
---------------------------------------------
http://www.heise.de/security/meldung/Trojaner-benutzt-Google-Docs-als-Kommu…
*** Why smart people do dumb things online ***
---------------------------------------------
"David Petraeus is probably the last person you might have expected to wreck his career with an email scandal. Petraeus is smart: He graduated in the top five percent of his class at West Point and went on to earn a Ph.D. Petraeus has self-control: His self-discipline was " legendary," according to Time Magazine...."
---------------------------------------------
http://computerworld.co.nz/news.nsf/news/why-smart-people-do-dumb-things-on…
*** Active XSS flaw discovered on eBay ***
---------------------------------------------
"According to XSSed, Indian security researcher Shubham Upadhyay has discovered an active XSS flaw affecting Ebay. com. The potential attacker would need an Ebay seller account, where he would put XSS code into the HTML...."
---------------------------------------------
http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/
*** German Police Warn Mobile Phone Users of ZeuS Malware ***
---------------------------------------------
"Germanys Berlin Police Department has issued a warning after numerous bank customers have reported fraudulent cash withdrawals. All the victims own Android smartphones and they all rely on mTAN (mobile transaction authentication numbers) when performing banking transactions. F-Secure experts reveal that the malware involved in these incidents is most likely the mobile version of ZeuS, also known as ZeuS-in-the-Mobile or Zitmo...."
---------------------------------------------
http://news.softpedia.com/news/German-Police-Warns-Mobile-Phone-Users-of-Ze…
*** How Malware survives to Malware detection mechanisms ***
---------------------------------------------
Today I'd like to share some basic techniques that Malware(s) use to
protect themselves from being detected. Some of the most used approaches
to detect Maware could be described as follows:
1. Virtualize the environment in where Malware(s) run.
2. Attach a debugger to Malware processes and
3. Sandbox the execution of the analyzed Malware.
It comes straight forward that Malware writers need new techniques to...
---------------------------------------------
http://marcoramilli.blogspot.nl/2012/11/how-malware-survives-to-malware.html
*** Vuln: IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities ***
---------------------------------------------
IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56583
*** Vuln: Moodle Multiple Security Vulnerabilities ***
---------------------------------------------
Moodle Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56505
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 15-11-2012 18:00 − Freitag 16-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Google Chrome mit Sandbox für OS X ***
---------------------------------------------
Google Chrome sperrt das Flash-Plug-in mit dem aktuellen Stable-Release 23 auch unter OS X in eine Sandbox, wie die Entwickler in ihrem Blog berichten.
---------------------------------------------
http://www.heise.de/security/meldung/Google-Chrome-mit-Sandbox-fuer-OS-X-17…
*** Antivirus startup linked to infamous Chinese hacker ***
---------------------------------------------
"Anvisoft, a Chinese antivirus startup, has been linked to an infamous hacker suspected of developing sophisticated malware used to siphon sensitive information from Defense Department contractors in 2006. Through some high-tech sleuthing on the Web, Brian Krebs, author of the KrebsonSecurity blog, found Anvisoft-connected IP addresses connected Anvisoft to registered to "tandailin" in Gaoxingu, China. Tan Dailin, a.k.a. Withered Rose, was the subject of Verisigns 2007 iDefense
---------------------------------------------
http://www.csoonline.com/article/721678/antivirus-startup-linked-to-infamou…
*** Proof-of-concept malware can share USB smart card readers with attackers over Internet ***
---------------------------------------------
"A team of researchers have created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer over the Internet. The malware installs a special driver on the infected computer which allows for the USB devices connected to it to be shared over the Internet with the attackers computer. In the case of USB smart card readers, the attacker can use the middleware software provided by the smart card manufacturer to
---------------------------------------------
http://www.cio.com.au/article/442216/proof-of-concept_malware_can_share_usb…
*** Password Reset Zero-Day Reported to Skype Since October (Updated) ***
---------------------------------------------
"The details of a zero-day vulnerability that allows attackers to change the password of any Skype user have been posted on a Russian hacking forum. A similar security hole was identified by Vulnerability Lab researchers and it was reported to Skype at the beginning of October. The Next Web, which was the first to publicly reveal the existence of the flaw, reports that its details have been posted on the forum some two months ago...."
---------------------------------------------
http://news.softpedia.com/news/Skype-Password-Reset-Zero-Day-Reported-to-Sk…
*** Trojan.Gapz.1 infecting Windows in a new manner ***
---------------------------------------------
November 12, 2012 The anti-virus lab of Doctor Web - the Russian IT security vendor - has been informed of another piece of bootkit malware that is capable of concealing itself in an infected system. This application, added into virus databases under the name Trojan.Gapz.1, employs fairly interesting mechanisms to infect user computers. One of the rootkit´s purposes in an infected PC is to create an environment for loading its core modules which feature various functions.
---------------------------------------------
http://news.drweb.com/show/?i=2979&lng=en&c=9
*** How to report a computer crime: SQL injection website attack ***
---------------------------------------------
"Do you know how to report a computer crime? Or even who you would report it to? So far, weve looked at unauthorised email account access and malware in our series of articles on how to report a computer crime...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/11/15/computer-crime-sql-injection/
*** [papers] - Guidelines for Pentesting a Joomla Based Site ***
---------------------------------------------
Guidelines for Pentesting a Joomla Based Site
---------------------------------------------
http://www.exploit-db.com/download_pdf/22763
*** VMware security updates for vSphere API and ESX Service Console ***
---------------------------------------------
VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2012-0016.html
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 14-11-2012 18:00 − Donnerstag 15-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Battery-Powered Transmitter Could Crash A Citys 4G Network ***
---------------------------------------------
DavidGilbert99 writes "With a £400 transmitter, a laptop and a little knowledge you could bring down an entire citys high-speed 4G network. This information comes from research carried out in the U.S. into the possibility of using LTE networks as the basis for a next-generation emergency response communications system. Jeff Reed, director of the wireless research group at Virginia Tech, along with research assistant Marc Lichtman, described the vulnerabilities to the National
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RXIyRXl8838/story01.htm
*** Hacker Grabs 150k Adobe User Accounts Via SQL Injection ***
---------------------------------------------
CowboyRobot writes "Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do, he
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xRkFposRNps/story01.htm
*** Free hacking tool kits fuel cyber arms race ***
---------------------------------------------
"Ryan Linns hacks into corporate networks have become almost a matter of routine. On one recent morning, he woke up at his home near the Research Triangle in eastern North Carolina and walked down to an extra bedroom that he uses as an office. He sat at a workbench laden with computers, signed on to one of them and loaded a program called Metasploit...."
---------------------------------------------
http://www.smh.com.au/it-pro/security-it/free-hacking-tool-kits-fuel-cyber-…
*** Top 25 passwords of 2012 revealed ***
---------------------------------------------
"Just under a year ago we published a blog about the most popular passwords on the web as announced by security app company SplashData. The ranking is based on password information from compromised accounts posted by hackers online. This year, the list is back!..."
---------------------------------------------
http://blogs.avg.com/consumer/top-25-passwords-2012-revealed/?utm_source=AV…
*** Obama segnet angeblich Direktive zur Cyber-Sicherheit ab ***
---------------------------------------------
US-Präsident Obama hat vor einigen Wochen eine geheime Anweisung unterzeichnet, die die Operationen der USA im Cyberspace neu regeln soll. Das berichtete die Washington Post und beruft sich auf mehrere Quellen, die sich jedoch nicht öffentlich dazu äußern dürften.
---------------------------------------------
http://www.heise.de/security/meldung/Obama-segnet-angeblich-Direktive-zur-C…
*** NASA To Encrypt All of Its Laptops ***
---------------------------------------------
pev writes "After losing another laptop containing personal information, NASA wants to have all of its laptops encrypted within a months time with an intermediate ban of laptops containing sensitive information leaving its facilities. Between April 2009 and April 2011 it lost or had stolen 48 mobile computing devices. I wonder how it will be before other large organisations start following suit as a sensible precaution?" Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/vvQZvrqrp34/story01.htm
*** Opera site served Blackhole malvertising, says antivirus firm ***
---------------------------------------------
No need to issue a press release, firm tells press Opera has suspended ad-serving on its portal as a precaution while it investigates reports that surfers were being exposed to malware simply by visiting the Norwegian browser firms home page.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/15/opera_black…
*** Sicherheitsupdate für Mac Office 2008 und 2011 ***
---------------------------------------------
Microsoft hat in der Nacht zum Donnerstag für zwei Versionen seines Büropakets größere Aktualisierungen online gestellt. Laut Aussage des Konzerns beheben das Office 2008 for Mac 12.3.5 Update sowie Office for Mac 2011 14.2.5 signifikante Sicherheitslücken.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-Mac-Office-2008…
*** Bugzilla Informartion Leak & Cross Site Scripting ***
---------------------------------------------
Topic: Bugzilla Informartion Leak & Cross Site Scripting Risk: Medium Text:Summary = Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following securit...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/IoQFDSoFWoc/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 13-11-2012 18:00 − Mittwoch 14-11-2012 18:21
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Skype Disables Password Resets After Huge Security Hole Discovered ***
---------------------------------------------
another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)" concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XnPnK6MWZdY/story01.htm
*** Wichtige Updates für alle Windows-Nutzer ***
---------------------------------------------
An seinem November-Patchday hat Microsoft kritische Lücken in allen noch unterstützen Windows-Versionen geschlossen - von Windows XP SP3 bis hin zu dem gerade erst veröffentlichten Windows 8.
---------------------------------------------
http://www.heise.de/security/meldung/Wichtige-Updates-fuer-alle-Windows-Nut…
*** Lockheed Martin: dramatischer Anstieg von Cyber-Angriffen ***
---------------------------------------------
Die Anzahl der Attacken auf das Firmennetzwerk des US-Rüstungskonzerns Lockheed Martin haben sich in den letzten Jahren deutlich verstärkt. Das erklärte die Lockheed-Vizepräsidentin Chandra McMahon, wie die BBC berichtete.
---------------------------------------------
http://www.heise.de/security/meldung/Lockheed-Martin-dramatischer-Anstieg-v…
*** Trojan Horses, Malware and Other Cyber Attack Tools are Just a Click Away ***
---------------------------------------------
"Ryan Linns hacks into corporate networks have become almost a matter of routine. On one recent morning, he woke up at his home near the Research Triangle in eastern North Carolina and walked down to an extra bedroom that he uses as an office. He sat at a workbench laden with computers, signed on to one of them and loaded a program called Metasploit...."
---------------------------------------------
http://www.oregonlive.com/newsflash/index.ssf/story/trojan-horses-malware-a…
*** Online-Banking-Trojaner mit Android-Komplizen ***
---------------------------------------------
Online-Ganoven versuchen offenbar verstärkt auch die Smartphones von Online-Banking-Nutzern zu infizieren, um mTans abzugreifen. Bei der Berliner Polizei sind "in den letzten Wochen" mehrere Strafanzeigen von Opfern betrügerischer Geldabbuchungen eingegangen, bei denen die Smartphones der Opfer eine entscheidende Rolle spielten.
---------------------------------------------
http://www.heise.de/security/meldung/Online-Banking-Trojaner-mit-Android-Ko…
*** Windows 8 security is like a swiss cheese flak jacket - sez AV firm ***
---------------------------------------------
"The knives are out for Windows Defender, the basic anti-malware protection bundled with Windows 8: makers of rival antivirus products are lining up to criticise Microsofts efforts to secure its operating system. Windows 8 can be infected by 16 percent of the most common malware families, even with Windows Defender activated, according to tests by Romanian antivirus vendor Bitdefender. The latest version of Microsofts OS was compromised by 61 of 385 malware samples flung at it by
---------------------------------------------
http://www.theregister.co.uk/2012/11/13/win_defender_inadequate/
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 12-11-2012 18:00 − Dienstag 13-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stefan Lenzhofer
*** Ruby-Update behebt DoS-Lücke ***
---------------------------------------------
Die Entwickler der Programmiersprache Ruby schließen mit Version 1.9.3-p327 eine Schwachstelle, die es Angreifern erlaubt, ein System durch hohe CPU-Last lahm zu legen (Denial of Service, DoS). Der Fehler tritt beim Verarbeiten speziell präparierter Zeichenketten durch die Hash-Funktion MurmurHash auf.
---------------------------------------------
http://www.heise.de/security/meldung/Ruby-Update-behebt-DoS-Luecke-1748451.…
*** Cybercriminals start spamvertising Xmas themed scams and malware campaigns ***
---------------------------------------------
"Security researchers from Symantec are warning about a recently intercepted flood of Xmas themed malicious and fraudulent campaigns. Isn't it too early for such type of campaigns to be launched, or are the spammers behind these campaigns relying on a different set of marketing tactics? The campaign is a great example of a flawed event-based social engineering attempt...."
---------------------------------------------
http://www.zdnet.com/cybercriminals-start-spamvertising-xmas-themed-scams-a…
*** Firefox users slowest to update browser, Kaspersky Lab finds out ***
---------------------------------------------
"Nearly one in four PC users run out-of-date or obsolete versions of the most popular browsers for a month or longer with Mozilla Firefox users the slowest to update their software, Kaspersky Lab has found. The company looked at the browsers installed on a random 10-million sample of its antivirus user base, finding that Internet Explorer was marginally the most common default browser on 37,8 percent of users...."
---------------------------------------------
http://news.techworld.com/security/3410386/firefox-users-slowest-update-bro…
*** First Windows 8 and Windows RT Security Updates Due Next Week ***
---------------------------------------------
"Plenty is happening on the Microsoft patch management front. First, Adobe agreed to sync up its patch release cycles with Microsofts on the second Tuesday of every month, moving away from quarterly releases. And now on Tuesday, Microsoft will release its first security updates since the release of Windows 8...."
---------------------------------------------
http://threatpost.com/en_us/blogs/first-windows-8-and-windows-rt-security-u…
*** New report warns of SCADA CYBERGEDDON* ***
---------------------------------------------
In the worst case. The industrial control system fright machine is getting another kick along today, via a survey by Russian vendor Positive Technologies.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/12/scada_vulne…
*** Samsung Galaxy S3 sichert Passwörter im Klartext ***
---------------------------------------------
Beim beliebten Samsung Galaxy S3 ist eine Sicherheitslücke gefunden worden. Die interne App S-Memo speichert Passwörter im Klartext. Damit wird es möglich, dass jeder, der sich Zugriff beschaffen kann und weiß, wo das entsprechende File liegt, dieses auch tatsächlich lesen kann.
---------------------------------------------
http://futurezone.at/digitallife/12422-galaxy-s3-sichert-passwoerter-im-kla…
*** Even a CHILD can make a Trojan to pillage Windows Phone 8 ***
---------------------------------------------
Whippersnapper will reveal all in the Malcon tent A teenager has crafted prototype malware for Windows Phone 8 just weeks after the official unveiling of the smartphone platform.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/13/windows_pho…
*** BSI-Test: Verwundbarkeit von Windows-Rechnern im Netz ***
---------------------------------------------
Windows-Systeme soll man stets auf dem aktuellen Stand halten, beim Browser greift man am besten zu Google Chrome, auf Java verzichtet man möglichst ganz - das predigen sowohl c't als auch das Bundesamt für Sicherheit in der Informationstechnik (BSI).
---------------------------------------------
http://www.heise.de/security/meldung/BSI-Test-Verwundbarkeit-von-Windows-Re…
*** Top 5 Security Predictions for 2013 from Symantec ***
---------------------------------------------
"With this year quickly coming to an end, its time for us at Symantec to publish our predictions on what we expect will happen in the world of cybersecurity for the coming year. Most of us at Symantec tend to be fact-based, data-driven individuals. However, predicting the future always involves a bit of speculation...."
---------------------------------------------
http://www.symantec.com/connect/blogs/top-5-security-predictions-2013-syman…
*** Vuln: libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability ***
---------------------------------------------
libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55909
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 09-11-2012 18:00 − Montag 12-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
*** Webmix - 26 Terabyte Webseiten zu Österreich gesammelt ***
---------------------------------------------
Web@rchiv Österreich umfasst mittlerweile eine Milliarde Einzeldateien
---------------------------------------------
http://text.derstandard.at/1350260844999/26-Terabyte-Webseiten-zu-Oesterrei…
*** Windows 8 Defeats 85% of Malware Detected In the Past 6 Months ***
---------------------------------------------
An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsofts latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware thats already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender." Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HOHG0NiFov4/windows-8-defea…
*** Stuxnet Infected Chevrons IT Network ***
---------------------------------------------
"Stuxnet, a sophisticated computer virus created by the United States and Israel, to spy on and attack Irans nuclear enrichment facilities in Natanz also infected Chevron s network in 2010, shortly after it escaped from its intended target. Chevron found Stuxnet in its systems after the malware was first reported in July 2010, said Mark Koelmel, general manager of the earth sciences department at Chevron. I dont think the U.S. government even realized how far it had spread, he told CIO
---------------------------------------------
http://www.cyberwarzone.com/stuxnet-infected-chevron%E2%80%99s-it-network
*** Hintergrund: Dropbox ist "ziemlich sicher" ***
---------------------------------------------
Die beiden Sicherheitsexperten Florian Ledoux und Nicolas Ruff aus der IT-Abteilung von EADS haben einen kritischen Blick auf Dropbox geworfen und ihre Ergebnisse kürzlich auf der Security-Koferenz hack.lu vorgestellt.
---------------------------------------------
http://www.heise.de/security/artikel/Dropbox-ist-ziemlich-sicher-1746596.ht…
*** Weaponized Malware: Top Four Cyberattack Tools ***
---------------------------------------------
"Over the past two years, four pieces of malware have emerged as veritable weapons and have been used for destructive purposes or to assist in such attacks.1. Stuxnet is the most widely known of the four. Stuxnet was designed with a highly specialized malware payload that targeted SCADA systems that control specific industrial processes...."
---------------------------------------------
http://cyberwarzone.com/weaponized-malware-top-four-cyberattack-tools
*** Ransom malware gangs making huge profits, Symantec discovers ***
---------------------------------------------
"The problem of ransom malware has reached epidemic proportions and could be extracting fraudulent payments from as many as 3 percent of victims, a Symantec report has calculated. In a world already afflicted by botnets, banking Trojans and established problems such as keyloggers and spam, ransomware programs that lock victims computers or files until a ransom payment is made - has grown into a major problem, with surprisingly little coverage from security vendors until recently. Symantecs
---------------------------------------------
http://news.techworld.com/security/3410078/ransom-malware-gangs-making-huge…
*** Critical Vulnerabilities In Call of Duty: Modern Warfare 3, CryEngine 3 ***
---------------------------------------------
hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-players computer." "Once you
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/itbD8UlgSco/critical-vulner…
*** Sandy turned off the lights, the phones, and the heat. A cyber attack could make it all happen again ***
---------------------------------------------
"Verizons chief technology officer surveyed a flooded major switching facility in lower Manhattan and put it bluntly: "There is nothing working here. Quite frankly, this is wider than the impacts of 9/11." Damage from Sandy is estimated to reach $20 billion, and interrupted phone service is among the least of it. Flooding in New Yorks century-old subway system is without parallel...."
---------------------------------------------
http://www.foreignpolicy.com/articles/2012/11/07/network_news?page=0,0
*** Malware Spy Network Targeted Israelis, Palestinians ***
---------------------------------------------
Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. The discovery, by Oslo-based antivirus and security firm Norman ASA, is the latest in a series of revelations involving digital surveillance activity of unknown origin that [...]
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/k12j_R4yBAo/
*** Telekom regt Sicherheits-Allianz der Unternehmen an ***
---------------------------------------------
Die Deutsche Telekom wirbt verstärkt um ein gemeinsames Vorgehen der Wirtschaft im Kampf gegen Gefahren aus dem Internet. Der Chef der Geschäftskundentochter T-Systems, Reinhard Clemens, macht sich jetzt für eine gemeinsame IT-Sicherheitstruppe mit der Gründung eines spezialisierten Unternehmens stark, wie die Financial Times Deutschland berichtet.
---------------------------------------------
http://www.heise.de/security/meldung/Telekom-regt-Sicherheits-Allianz-der-U…
*** Citadel Trojan Tough for Banks to Beat ***
---------------------------------------------
"The banking Trojan known as Citadel, which debuted in underground forums in January 2012, has evolved to become one of the financial industrys greatest worries, cybersecurity experts say. Citadel, an advanced variant of Zeus, is a keylogger that steals online-banking credentials by capturing keystrokes. Fraudsters then use stolen login IDs and passwords to access online accounts, take them over and schedule fraudulent transactions...."
---------------------------------------------
http://www.bankinfosecurity.com/citadel-trojan-tough-for-banks-to-beat-a-52…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 08-11-2012 18:00 − Freitag 09-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Matthias Fraidl
*** PixSteal-A Trojan Steals Images, Uploads to Iraqi FTP Server ***
---------------------------------------------
"A new Trojan has been identified that has the capability of stealing images from infected computers, setting the stage for anything from identity theft to blackmail. PixSteal-A also pilfers . dmp, or Windows memory dump files that contain data on system crashes and sends all stolen data to a remote FTP server in Iraq, according to Sophos. This isnt the first malware to target non text-based files...."
---------------------------------------------
http://threatpost.com/en_us/blogs/pixsteal-trojan-steals-images-uploads-ira…
*** Microsoft Security Bulletin Advance Notification for November 2012 ***
---------------------------------------------
"This is an advance notification of security bulletins that Microsoft is intending to release on November 13, 2012. This bulletin advance notification will be replaced with the November bulletin summary on November 13, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...."
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
*** QRishing Study: Curiosity Is the Largest Motivating Factor for Scanning QR Codes ***
---------------------------------------------
"Researchers from the Carnegie Mellon Universitys CyLab have released the results of a study QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks which focuses on phishing attacks that rely on QR (Quick Response) codes. QRishing is a term utilized for phishing attacks initiated via the scanning of QR codes. Such attacks are not new, but in the past period researchers have started examining them because theyre becoming more and more common...."
---------------------------------------------
http://news.softpedia.com/news/QRishing-Study-Curiosity-is-the-Largest-Moti…
*** Windows 8, Surface slabs ALREADY need critical security patch ***
---------------------------------------------
Mega vulns affect ALL Windows kit from XP onward Microsoft will release critical updates for Windows 8 and other software on Novembers Patch Tuesday next week. The upgrades will arrive within weeks of the Win 8 launch at the end of last month.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/09/nov_patch_t…
*** IT-Business - Cisco warnt: "Cyberkriminelle nur einen Mausklick entfernt" ***
---------------------------------------------
Internetumfrage ortet große Mängel in Österreichs Unternehmen
---------------------------------------------
http://derstandard.at/1350260880632/Cisco-warnt-Cyberkriminelle-nur-einen-M…
*** Siemens software targeted by Stuxnet still full of holes ***
---------------------------------------------
Software made by Siemens and targeted by the Stuxnet malware is still full of other dangerous vulnerabilities, according to Russian researchers whose presentation at the Defcon security conference earlier this year was cancelled following a request from the company.
---------------------------------------------
https://www.computerworld.com/s/article/9233378/Siemens_software_targeted_b…
*** Kreditkarte mit Display und Tastatur ***
---------------------------------------------
Mastercard hat eine neue Kreditkarte vorgestellt, die mit einem monochromen LCD-Display und numerischen Tasten ausgestattet ist. Sie bietet laut dem Unternehmen neben den normalen Funktionen einer Kreditkarte auch die Möglichkeit, Einmal-Passworte zur Authentifizierung zu generieren.
---------------------------------------------
http://www.heise.de/security/meldung/Kreditkarte-mit-Display-und-Tastatur-1…
*** Facebook Chat Can Be Used to Launch DOS Attacks, Expert Finds ***
---------------------------------------------
Security researcher Chris C. Russo claims to have discovered a way to use Facebook's chat module to launch denial-of-service (DOS) attack against any user, even if they're not friends with the attacker.
---------------------------------------------
http://news.softpedia.com/news/Facebook-Chat-Can-Be-Used-to-Launch-DOS-Atta…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 07-11-2012 18:00 − Donnerstag 08-11-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** New Backdoor DDoS Malware Co-Existing on Gh0stRAT-Infected Machines ***
---------------------------------------------
"Gh0st RAT has a new roommate. A new backdoor called ADDNEW has been discovered on machines infected with the Gh0st remote access Trojan, adding new distributed denial of service attack capabilities, as well as a feature that targets passwords and credentials stored on the Firefox browser. Gh0st RAT is a notorious piece of malware having been used in the Aurora attacks on Google, Adobe and other large manufacturers and technology companies...."
---------------------------------------------
http://threatpost.com/en_us/blogs/new-backdoor-ddos-malware-co-existing-gh0…
*** Experts Warn of Zero-Day Exploit for Adobe Reader ***
---------------------------------------------
Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground.The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say theyve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/Kr8ZV2vC2Fc/
*** Malware Forum Logs from Control Systems, Part Deux ***
---------------------------------------------
"Last September, I did a guest blog post titled Online-Malware-Support-Shows-Infected-ICS-Computers, where I searched for HiJackThis posts containing automation software. Basically, there are forums available to users that had been infected with viruses. These users can run a set of programs, including HijackThis, DDS, OTS, and others, to pull information from the system...."
---------------------------------------------
http://www.digitalbond.com/2012/11/07/malware-forum-logs-from-control-syste…
*** Innenministerium plant IT-Sicherheitsgesetz ***
---------------------------------------------
Die IT-Beauftragte der Bundesregierung, Cornelia Rogall-Grothe, hat eine neue Security-Initiative umrissen. Mit einem IT-Sicherheitsgesetz sollten einschlägige Mindeststandards für Betreiber kritischer Infrastrukturen etwa in den Bereichen Energie, Informations- und Kommunikationstechnologien oder der Wasserversorgung verankert werden, erklärte die Staatssekretärin auf einem Symposium in Washington. Sie würden mit dem Vorhaben zudem dazu verpflichtet, "erhebliche IT-Sicherheitsvorfälle" zu melden.
---------------------------------------------
http://www.heise.de/security/meldung/Innenministerium-plant-IT-Sicherheitsg…
*** Apple patcht Quicktime für Windows ***
---------------------------------------------
Apple hat die Windows-Ausgabe seines Multimedia-Abspielsystems Quicktime auf Version 7.7.3 aktualisiert. Die neue Ausgabe behebt zahlreiche kritische Sicherheitslücken.
---------------------------------------------
http://www.heise.de/security/meldung/Apple-patcht-Quicktime-fuer-Windows-17…
*** [TYPO3-announce] Announcing TYPO3 CMS 4.5.21, 4.6.14 and 4.7.6 ***
---------------------------------------------
the TYPO3 Community has just released TYPO3 CMS versions 4.5.21, 4.6.14 and 4.7.6 which are now ready for you to download. All versions are
maintenance releases and contain bug fixes and security fixes.
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa…
*** E-Mail-Sicherheit: Hilfe gegen DKIM-Schwäche ***
---------------------------------------------
Lange und wechselnde Schlüssel mit Verfallsdatum sowie der nötige Nachdruck beim E-Mail-Provider helfen laut der Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) gegen die kürzlich bekannt gewordene Lücke bei DKIM, der Authentizitäts-Sicherung von E-Mail-Absendern.
---------------------------------------------
http://www.heise.de/security/meldung/E-Mail-Sicherheit-Hilfe-gegen-DKIM-Sch…
*** Sicherheitslücke im TOR-Client ***
---------------------------------------------
Wie Code-Experte Andrey Karpov bei einer Analyse des TOR-Quellcodes herausfand, verwendet die Anonymisierungssoftware eine Funktion namens memset() zum Löschen von Cache-Daten, welche nicht von allen Compilern unterstützt wird. Das kann unter Umständen dazu führen, dass der TOR-Client vertrauliche Daten wie etwa Passwörter im Speicher zurück lässt, wenn er beendet wird.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-im-TOR-Client-174652…