=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 20-09-2012 18:00 − Freitag 21-09-2012 18:00
Handler: Stephan Richter
*** Vuln: WebKit Multiple Unspecified Memory Corruption Vulnerabilities ***
---------------------------------------------
WebKit Multiple Unspecified Memory Corruption Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55534
*** BitTorrent Users DDoS Websites Without Knowing ***
---------------------------------------------
"Millions of BitTorrent users are unknowingly DDoSing websites because publishers of popular torrents mistakenly add website URLs as trackers. The DDoSes drag websites down and their operators have very few options to mitigate these attacks. But, thanks to a new BitTorrent protocol enhancement this is about to change...."
---------------------------------------------
http://torrentfreak.com/bittorrent-users-ddos-websites-without-knowing-1209…
*** Critical flaw exposes Oracle database passwords ***
---------------------------------------------
Vuln leaves barn door open to brute-force attacks A security researcher says some versions of the Oracle database contain a vulnerability so serious that anyone with access to the server over a network can crack database passwords using a basic brute-force attack, given nothing more than the name of the database and a valid username.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/21/oracle_11g_…
*** Vuln: Condor Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
Condor Multiple Security Bypass Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55632
*** Vuln: Red Hat Enterprise MRG Grid Multiple Remote Vulnerabilities ***
---------------------------------------------
Red Hat Enterprise MRG Grid Multiple Remote Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55618
*** Will You Be More Secure if You Abandon Internet Explorer? ***
---------------------------------------------
"The German government is urging people to abandon Internet Explorer to avoid zero-day attacks currently circulating in the wild. Microsoft is scrambling to develop a patch to address the problem. The dirty secret, though, is the attack relies on Java being present, so Java--not Internet Explorer--is the Achilles heel of this equation...."
---------------------------------------------
http://www.cio.com/article/716711/Will_You_Be_More_Secure_if_You_Abandon_In…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 20-09-2012 08:00 − Donnerstag 20-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Matthias Fraidl
*** Apple and Cisco Security Advisories (Thu, Sep 20th) ***
---------------------------------------------
Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities. Advisory ID: cisco-sa-20120620-ac Apple security updates: APPLE-SA-2012-09-19-1 iOS 6 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 APPLE-SA-2012-09-19-3 Safari 6.0.1 Russ McRee | @holisticinfosec (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14143&rss
*** Microsoft flickt kritische Internet-Explorer-Lücke ***
---------------------------------------------
Microsoft hat ein Fix-it-Tool herausgegeben, mit dem die kritische Schwachstelle im Internet Explorer bis zum Erscheinen eines Patches provisorisch abgedichtet werden kann. Den endgültigen Patch will das Unternehmen ab dem morgigen Freitag über Windows Update verteilen, wie es in seinem Sicherheitsblog angekündigt hat.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-flickt-kritische-Internet-Ex…
*** Sophos antivirus classifies its own update kit as malware ***
---------------------------------------------
Fix issued swiftly, but naturally difficult to install! Sophos users woke up to mayhem on Thursday after the business-focussed antivirus firm released an update that classified itself and any other update utility as a virus.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/20/sophos_auto…
*** IPv6: Nachholbedarf bei Sicherheitslösungen ***
---------------------------------------------
Unternehmen sollten besonderes Augenmerk auf die IPv6-Fähigkeit bei Sicherheitssystemen legen. Konkret heißt das, dass sie beim Kauf von Sicherheits-Devices auf explizite IPv6-Unterstützung achten sollten. Dabei ist ein genauer Blick in die Featureliste wichtig, denn der Teufel steckt wie so oft im Detail, wie die dem Artikel zugrunde liegende Studie ergab.
---------------------------------------------
http://www.heise.de/security/meldung/IPv6-Nachholbedarf-bei-Sicherheitsloes…
*** Android Hacked Via NFC On the Samsung Galaxy S 3 ***
---------------------------------------------
An anonymous reader writes with an item from The Next Web: "Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam [Wednesday] demonstrated how to hack Android through a Near Field Communication (NFC) vulnerability. The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ZEgBeoGKrTk/android-hacked-…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 18-09-2012 18:00 − Mittwoch 19-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Bugtraq: NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email ***
---------------------------------------------
*** Bugtraq: NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account ***
---------------------------------------------
*** Bugtraq: NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure ***
---------------------------------------------
*** Bugtraq: NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator ***
---------------------------------------------
http://www.securityfocus.com/archive/1/524191http://www.securityfocus.com/archive/1/524190http://www.securityfocus.com/archive/1/524193http://www.securityfocus.com/archive/1/524192
*** Microsoft will kritische IE-Lücke behelfsmäßig schließen ***
---------------------------------------------
Microsoft will im Laufe der nächsten Tage ein Fix-it-Tool anbieten, das die kritische Internet-Explorer-Lücke behelfsmäßig abdichten soll, bis ein passender Patch bereitsteht. Dies gab das Unternehmen in seinem Sicherheitsblog bekannt.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-will-kritische-IE-Luecke-beh…
*** Tagungsband zur Fachkonferenz D.A.CH Security 2012 ***
---------------------------------------------
Auf der zweitägigen Arbeitskonferenz D.A.CH Security 2012 soll in zahlreichen Vorträgen ein umfassendes Bild des aktuellen Stands rund um IT-Sicherheit gezeichnet werden. Die Referentenbeiträge sind in einem Begleitband zur Tagung zusammengefasst.
---------------------------------------------
http://www.heise.de/security/meldung/Tagungsband-zur-Fachkonferenz-D-A-CH-S…
*** Pushdo botnets smokescreen traffic hits legitimate websites ***
---------------------------------------------
Aargh, capn, the server be like to founder Cybercrooks behind the resilient Pushdo botnet are bombarding legitimate small websites with bogus traffic in order to camouflage requests to the zombie networks command and control servers.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/19/pushdo_spew…
*** FreeSWITCH remote denial of service vulnerability ***
---------------------------------------------
Topic: FreeSWITCH remote denial of service vulnerability Risk: Medium Text:"FreeSWITCH is a scalable open source cross-platform telephony platform designed to route and interconnect popular communicati...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/LWCK4QkOGzg/WLB-20…
*** [webapps] - Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities ***
---------------------------------------------
Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/21392
*** New vicious UEFI bootkit vuln found for Windows 8 ***
---------------------------------------------
Arr, tis typical: Redmond swabs lag behind OS X, again Security researchers have discovered security shortcomings in Windows 8 that create a means to infect the upcoming operating system with rootkit-style malware.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/19/win8_rootki…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 17-09-2012 18:00 − Dienstag 18-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Finally; Google Chrome will support Do Not Track ***
---------------------------------------------
"Google has finally added support for the DNT (Do Not Track) header to their latest developer build of Chrome. The modification is likely to make it into an official release of Googles popular web browser before the end of the year. Do Not Track is a feature that allows users to express a simple yes or no preference about being tracked online...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/09/17/finally-google-chrome-will-suppo…
*** ITU will Internet nicht kontrollieren ***
---------------------------------------------
Die International Telecommunication Union (ITU) hat nach eigenen Angaben keinen Appetit auf die Kontrolle des Internets. Themen der im Dezember anstehenden World Conference on International Telecommunication (WCIT) seien vielmehr, Mobilfunkroamingkosten zu verringern, gegen den betrügerischen Missbrauch von Rufnummern anzugehen und ein investitionsfreundliches Klima für die Netze zu schaffen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/ITU-will-Internet-nicht-kontrolliere…
*** Studie: Webentwickler testen zu wenig auf Sicherheitsfehler ***
---------------------------------------------
Der Softwarehersteller Coverity berichtet in seinem "Software Security Risk Report", dass nur etwa zwei Fünftel der Unternehmen aus der Webentwicklungsbranche während der Entwicklung testen und mehr als die Hälfte darauf verzichtet, ihren Code vor den Integrationstests auf Fehler und Schwachstellen zu überprüfen. Daher komme es auch deswegen häufiger zu Sicherheitsvorfällen mit Webanwendungen, das verursache außerdem höhere Kosten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Studie-Webentwickler-testen-zu-wenig…
*** VNC-Sicherheitslücke: Apple reicht Bugfix für Remote Desktop 3.5.2 nach ***
---------------------------------------------
Apple hat in der Nacht zum Dienstag Apple Remote Desktop Admin 3.5.3 online gestellt. Dabei handelt es sich um ein Bugfix-Update für die Fernwartungslösung, das eine problematische Sicherheitslücke behebt: Diese führte im Zusammenhang mit VNC-Servern von Drittanbietern dazu, dass die Funktion "Den gesamten Datenverkehr verschlüsseln" nicht griff. Dabei erfolgte auch keine Warnmeldung.
---------------------------------------------
http://www.heise.de/security/meldung/VNC-Sicherheitsluecke-Apple-reicht-Bug…
*** How I CRASHED my bank, stole PINs with a touch-tone phone ***
---------------------------------------------
Security bods boast harks back to 1980s phreaking era Miscreants can crash or infiltrate banks and help desks touch-tone and voice-controlled phone systems with a single call, a security researcher warns.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/18/dtmf_phone_…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 14-09-2012 18:00 − Montag 17-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Oracle BTM FlashTunnelService Remote Code Execution ***
---------------------------------------------
Topic: Oracle BTM FlashTunnelService Remote Code Execution Risk: High
Text:## # This file is part of the Metasploit Framework and may be subject
to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/26umQooi1WY/WLB-20…
*** EFF Challenges Tracking-Services Patent Used to Threaten Cities Across
the U.S. ***
---------------------------------------------
"San Francisco - The Electronic Frontier Foundation (EFF) is challenging a
dangerous patent used to wrongfully demand payment from cities and other
municipalities that employ public tracking systems to tell transit
passengers if their bus or train is on time. Today, EFF with the help of
the Samuelson Law, Technology, and Public Policy Clinic at Berkeley Law,
filed a request with the United States Patent and Trademark Office (USPTO),
urging reexamination of the legitimacy of the ArrivalStar...
---------------------------------------------
https://www.eff.org/press/releases/eff-challenges-tracking-services-patent-…
*** Information Commissioner criticises dreamed up EU cookie directive ***
---------------------------------------------
"The Information Commissioner Christopher Graham has questioned the
effectiveness of the EU cookie directive, suggesting that it was "dreamed
up by politicians in Brussels" without the appropriate market research to
back it up. Speaking at the launch of a new report called The Data Dialogue
by think tank Demos, Graham said that policies around the use of personal
data by companies and public sector organisations need to be
evidence-based...."
---------------------------------------------
http://computerworld.co.nz/news.nsf/news/information-commissioner-criticise…
*** Anonymous didnt steal from the FBI after all - new conspiracy theories
needed! ***
---------------------------------------------
"A techie named David Schuetz at security consultancy Intrepidus Group has
done something so obvious, so simple, and so tellingly useful, that Im
going to go all out and call it a stroke of genius. A week ago, a person
called Anonymous published one-million-and-one stolen Apple device IDs.
(Theres always room for numerological whimsy in hacking circles.)This
Anonymous person then blamed the FBI - crimes are always someone elses
fault if youre a hacker - by claiming that the data was stolen...
---------------------------------------------
http://nakedsecurity.sophos.com/2012/09/11/fbi-data-leak-of-apple-udids-cam…
*** Vuln: ISC DHCP IPv6 Lease Expiration Handling Denial of Service
Vulnerability ***
---------------------------------------------
ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55530
*** Vuln: Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer
Overflow Vulnerability ***
---------------------------------------------
Novell GroupWise Internet Agent CVE-2012-0271 Remote Integer Overflow
Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55551
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-09-2012 18:00 - Freitag 14-09-2012 18:00
Handler: Stephan Richter
*** The Tinba/Tinybanker Malware ***
---------------------------------------------
"Trend Micro and CSIS have released a joint white paper about the Tinba
information-stealing malware. The paper contains a thorough technical
analysis of the malware itself, as well as the architecture of its
infrastructure, and its ties to other illegal activities. What is Tinba?..."
---------------------------------------------
http://blog.trendmicro.com/?p=44994
*** Blackhole 2: Crimeware kit gets stealthier, Windows 8 support ***
---------------------------------------------
Malware-flinging tool to target mobiles too Cybercrooks have unveiled a new
version of the Blackhole exploit kit. Version 2 of Blackhole is expressly
designed to better avoid security defences. Support for Windows 8 and
mobile devices is another key feature, a sign of the changing target
platforms for malware-based cyberscams.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/13/blackhole_e…
*** Bugtraq: Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities ***
---------------------------------------------
Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524157
*** Over half of Android devices have unpatched holes ***
---------------------------------------------
Fix is up to your carrier, Google, mobo maker - just about everyone Duo
Security is claiming that "over half" of Android devices have unpatched
vulnerabilities.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/14/duo_says_an…
*** Analyzing Malicious RTF Files Using OfficeMalScanners RTFScan, (Fri,
Sep 14th) ***
---------------------------------------------
Attackers have been using Rich Text Format (RTF) files to carry exploits
targeting vulnerabilities in Microsoft Office and other products. We
documented one such incident in June 2009. In a more recent example, the
CVE-2012-0158 vulnerability was present in Active X controls within
MSCOMCTL.OCX, which could be activated using Microsoft Office and other
applications. McAfee described one such exploit, which appeared in the wild
in April 2012: In the malicious RTF, a vulnerable OLE...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14092&rss
*** Lücke in SSL-Verschlüsselung kaum ausnutzbar ***
---------------------------------------------
Experten haben ein Problem bei der im Web üblichen SSL-Verschlüsselung
ausgemacht, das auftritt, wenn der Inhalt zuvor komprimiert wurde. Zum
Glück haben die betroffenen Browser-Hersteller bereits reagiert.
---------------------------------------------
http://www.heise.de/security/meldung/Luecke-in-SSL-Verschluesselung-kaum-au…
*** Vuln: OpenSLP SLPIntersectStringList() Function Denial of Service
Vulnerability ***
---------------------------------------------
OpenSLP SLPIntersectStringList() Function Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55540
*** [webapps] - Trend Micro InterScan Messaging Security Suite Stored XSS
and CSRF ***
---------------------------------------------
Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF
---------------------------------------------
http://www.exploit-db.com/exploits/21319
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-09-2012 08:00 - Donnerstag 13-09-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** ICS-CERT Monthly Monitor for August 2012 ***
---------------------------------------------
"Internet facing medical devices may have a very similar security risk
profile to industrial control systems (ICSs). ICSs and medical devices are
valuable equipment, often critical to the viability of the system to which
they are attached. In each case, lives may depend on the devices
functioning correctly...."
---------------------------------------------
http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_August_…
*** Vuln: OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass
Vulnerability ***
---------------------------------------------
OpenStack Keystone Token Validation CVE-2012-4413 Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55524
*** Cyber Defence & Network Security Conference - 28-31 Jan, 2013 ***
---------------------------------------------
"As a quick background, this is the best-attended cyber defence and network
security conference held by Defence IQ - covered by BBC in both 2011 and
2012. This event combines high-level strategic briefings from 26+ senior
international military and cyber experts, combined with valuable and
intimate networking opportunities with heads of CERT, Systems Security,
Military IT, Counter Terrorism, Cyber Crime and Networks professionals...."
---------------------------------------------
http://www.cdans.org/redForms.aspx?id=821954&pdf_form=1
*** Security update released for ColdFusion 10 and earlier (APSB12-21) ***
---------------------------------------------
Today, a Security Bulletin (APSB12-21) has been posted in regards to a
security hotfix for Adobe ColdFusion 10 and earlier versions for Windows,
Macintosh and UNIX. Adobe recommends users update their product
installation using the instructions provided in the security bulletin. This
posting is provided AS IS with no warranties and confers no rights.
---------------------------------------------
http://blogs.adobe.com/psirt/2012/09/security-update-released-for-coldfusio…
*** Microsoft disrupts traffic associated with the Nitol botnet, (Thu, Sep
13th) ***
---------------------------------------------
There is an interesting article that was just published by Microsofts
Digital Crimes Unit. Attackers have been infecting manufacturer supply
chains to spread their evil warez. Some unnamed manufacturers have been
selling products loaded with counterfeit versions of Windows software
embedded with harmful malware. The article goes on to say that the Malware
allows criminals to steal a persons personal information to access and
abuse their online services, including e-mail, social networking
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14086&rss
*** PHP 5.5 soll Passwort-Schlamperei eindaemmen ***
---------------------------------------------
http://www.heise.de/security/meldung/PHP-5-5-soll-Passwort-Schlamperei-eind…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 11-09-2012 18:05 - Mittwoch 12-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Christian Wojner
*** Bugtraq: ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities ***
---------------------------------------------
ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524142
*** Bugtraq: Multiple vulnerabilities in Ezylog photovoltaic management
server ***
---------------------------------------------
Multiple vulnerabilities in Ezylog photovoltaic management server
---------------------------------------------
http://www.securityfocus.com/archive/1/524140
*** Vuln: libguac Remote Buffer Overflow Vulnerability ***
---------------------------------------------
libguac Remote Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55497
*** The geography of cybercrime: Western Europe and North America ***
---------------------------------------------
"The Internet knows no borders, but according to our data, cybercrime has
specific geographical features. In different parts of the world
cybercriminals launch different malicious programs, their attacks have
different priorities and they use different tricks to make money. This is
not just due to their physical location, but also due to the nature of the
countries where their potential victims are located...."
---------------------------------------------
http://www.securelist.com/en/analysis/204792244/The_geography_of_cybercrime…
*** Cosmo, the Hacker God Who Fell to Earth ***
---------------------------------------------
"Cosmo is huge 6 foot 7 and 220 pounds the last time he was weighed, at a
detention facility in Long Beach, California on June 26. And yet hes
getting bigger, because Cosmo also known as Cosmo the God, the
social-engineering mastermind who weaseled his way past security systems at
Amazon, Apple, AT&T, PayPal, AOL, Netflix, Network Solutions, and Microsoft
is just 15 years old. He turns 16 next March, and he may very well do so
inside a prison cell...."
---------------------------------------------
http://www.wired.com/gadgetlab/2012/09/cosmo-the-god-who-fell-to-earth/
*** Inside your users brains: Where they get security advice ***
---------------------------------------------
"IT professionals work hard to become experts in their field. They also
work hard protecting the infrastructure and users they're responsible for.
Unfortunately, not everyone has access to an IT expert...."
---------------------------------------------
http://www.techrepublic.com/blog/security/inside-your-users-brains-where-th…
*** Microsoft will Flash-Lücke im IE10 nun doch schlieÃen ***
---------------------------------------------
Nachdem es Kritik hagelte, will Microsoft den in seinem neuen Internet
Explorer festintegrierten Flash Player nun doch vor der offiziellen
Freigabe von Windows 8 aktualisieren.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-will-Flash-Luecke-im-IE10-nu…
*** Vuln: Dnsmasq Remote Denial of Service Vulnerability ***
---------------------------------------------
Dnsmasq Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/54353
*** Cyber security strengthened at EU institutions ***
---------------------------------------------
"EU institutions have reinforced their fight against cyber threats by
establishing the EUs Computer Emergency Response Team, or CERT-EU, on a
permanent basis. This decision follows a successful one-year pilot for the
team, which drew positive assessments from clients and peers.
Vice-President Maros Sefcovic said: "The EU institutions, like any other
major organizations, are frequently the target of information security
incidents...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=13580
*** Cyber Crime: The QR code: A new frontier in mobile attackability ***
---------------------------------------------
A single poisoned link is all it takes to expose an entire organization to
a full-scale attack. Hackers write sophisticated browser-based attacks that
operate quite stealthily. Now, they're going a...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/OL5fpFtGGvU/article.php
*** Visas New End-to-End Encryption Service - P2P Encryption Program Aims
to Eliminate POS Card Risks ***
---------------------------------------------
"Visas new end-to-end encryption service aims to eliminate payment card
data at the merchant level. Eduardo Perez of Visas Risk Group discusses the
security value of this emerging solution. Visas Merchant Data Secure with
Point-to-Point Encryption solution wont launch until 2013...."
---------------------------------------------
http://www.bankinfosecurity.com/interviews/visas-new-end-to-end-encryption-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 10-09-2012 18:00 - Dienstag 11-09-2012 18:05
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
*** How to Defeat Zeus - Technology, Education Are Keys to Threat ***
---------------------------------------------
"Zeus continues to strike online bank accounts and users, and technology
designed to thwart these Trojan attacks continually fails to keep up.
Malware expert Andreas Baumhof says to defeat Zeus, financial institutions
have to change their approach. Zeus, a financially aimed malware, comes in
many different forms and flavors...."
---------------------------------------------
http://www.bankinfosecurity.com/how-to-defeat-zeus-a-5097?rf=2012-09-10-eb
*** PostgreSQL 9.2 Out with Greatly Improved Scalability ***
---------------------------------------------
The PostgreSQL project announced the release of PostgreSQL 9.2 today. The
headliner: "With the addition of linear scalability to 64 cores, index-only
scans and reductions in CPU power consumption, PostgreSQL 9.2 has
significantly improved scalability and developer flexibility for the most
demanding workloads. ... Up to 350,000 read queries per second (more than
4X faster) ... Index-only scans for data warehousing queries (2â20X
faster) ... Up to 14,000 data writes per second (5X ...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RFHKonln9h4/postgresql-92-o…
*** E-publisher fesses up: Apple UDIDs were ours ***
---------------------------------------------
BlueToad clears FBI of device data collection It seems both Apple and the
FBI were telling the truth: the Apple UDIDs published last week didnât
come from either organization, with an American e-publisher posting a
statement that the data was stolen from its systems.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/10/bluetoad_so…
*** Java, Flash, and the Choice of Usability Over Security ***
---------------------------------------------
"So I happened to be switching to a new computer two weekends ago. Going
into it I was dead set on not installing Flash and Java. And I was all good
until @alexhutton posted a link to a video about the Beetles "happy
birthday" song and I just had to check it out...."
---------------------------------------------
http://www.infosecisland.com/blogview/22381-Java-Flash-and-the-Choice-of-Us…
*** Programm für deutsche OWASP-Konferenz steht ***
---------------------------------------------
Die fünfte Auflage des German OWASP Day 2012, einer Veranstaltung zur
Softwaresicherheit, findet am 7. November 2012 in München statt. Das
Programm wurde um einen Mobile Security Track erweitert.
---------------------------------------------
http://www.heise.de/security/meldung/Programm-fuer-deutsche-OWASP-Konferenz…
*** Apples soon-to-be-slurped securo firm shrugs off crypto warning ***
---------------------------------------------
Windows passwords exposure confusion AuthenTec, the security firm thats the
target of an $356m acquisition by Apple, has denied reports that possible
cryptographic weaknesses in its fingerprint scanner software pose a risk to
the security of laptops.â¦
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/11/fingerprint…
*** Anomaly Detection Rules & The Success of Open-Source Rule Testing ***
---------------------------------------------
Last November, the VRT established an open-source rule testing group,
composed of a number of Snort users from around the planet in industries
as diverse as defense contracting and education. To date, we've tested
well over a hundred rules with this group, and have had a great deal of
useful feedback in the process - which has led to both killing rules
that didn't perform as well as expected in the field, and the release of
rules that we would have never previously dared to put in public after
seeing them function well with the test group.
---------------------------------------------
http://vrt-blog.snort.org/2012/09/anomaly-detection-rules-success-of-open.h…
*** Initiative-S: Kostenloser Website-Check für kleine Unternehmen ***
---------------------------------------------
Der Verband der deutschen Internetwirtschaft eco hat auf den Internet
Security Days offiziell das Projekt Initiative-S gestartet. Mit dem Angebot
sollen sich besonders kleine und mittelständische Unternehmen dagegen
schützen, dass ihre Internetpräsenzen als Trojanerschleuder missbraucht werden.
---------------------------------------------
http://www.heise.de/security/meldung/Initiative-S-Kostenloser-Website-Check…
*** GoDaddy Outage: RFC for Dummies ***
---------------------------------------------
"Yesterday was a black day for GoDaddy. com. During a few hours all they
hosting services were interrupted...."
---------------------------------------------
http://blog.rootshell.be/2012/09/11/godaddy-outage-rfc-for-dummies/
*** Vuln: RocketTheme RokModule Joomla! Component module Parameter SQL
Injection Vulnerability ***
---------------------------------------------
RocketTheme RokModule Joomla! Component module Parameter SQL Injection
Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/55477
*** Bugtraq: [SE-2012-01] Security vulnerabilities in IBM Java ***
---------------------------------------------
[SE-2012-01] Security vulnerabilities in IBM Java
---------------------------------------------
http://www.securityfocus.com/archive/1/524134
*** Bugtraq: [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP
Methods ***
---------------------------------------------
[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods
---------------------------------------------
http://www.securityfocus.com/archive/1/524137
*** Bugtraq: Wordpress Download Monitor - Download Page Cross-Site
Scripting ***
---------------------------------------------
Wordpress Download Monitor - Download Page Cross-Site Scripting
---------------------------------------------
http://www.securityfocus.com/archive/1/524138
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 07-09-2012 17:56 - Montag 10-09-2012 17:56
Handler: Stephan Richter
Co-Handler: Otmar Lendl
*** Wordpress 3.4.2 stopft Lücken und korrigiert Fehler ***
---------------------------------------------
Die Wordpress-Version 3.4.2 korrigiert rund 20 Fehler in der
Weblog-Software und behebt einige Sicherheitsprobleme, die zu einer
Ausweitung der Zugriffsrechte führen können.
---------------------------------------------
http://www.heise.de/security/meldung/Wordpress-3-4-2-stopft-Luecken-und-kor…
*** An update from VirusTotal ***
---------------------------------------------
"Our goal is simple: to help keep you safe on the web. And weve worked hard
to ensure that the services we offer continually improve. But as a small,
resource-constrained company, that can sometimes be challenging...."
---------------------------------------------
http://blog.virustotal.com/2012/09/an-update-from-virustotal.html
*** Two ICS-CERT Advisories Published Yesterday ***
---------------------------------------------
"Yesterday ICS-CERT published advisories for control systems
vulnerabilities in two control systems products; one a demonstration
product that doesnt really control anything and the other a distributed
control system that is used in a wide variety of situations. RealWinDemo
AdvisoryThis advisory describes a DLL hijack vulnerability in RealWinDemo
and RealWin products from RealFlex; both products are generally used as
sales demonstration tools, but RealWin has been used in small automation
---------------------------------------------
http://chemical-facility-security-news.blogspot.nl/2012/09/two-ics-cert-adv…
*** Adobe confirms Windows 8 users vulnerable to active Flash exploits ***
---------------------------------------------
"Microsofts Windows 8 is vulnerable to attack by exploits that hackers have
been aiming at PCs for several weeks, Adobe confirmed Friday. Microsoft
said it will not patch the bug in Flash Player until what it called "GA,"
for "general availability." That would be Oct. 26, when Windows 8 hits
retail and PCs powered by the new operating system go on sale."We will
update Flash in Windows 8 via Windows Update as needed," a spokeswoman said
in a reply to questions.
---------------------------------------------
http://www.computerworld.com/s/article/9231076/Adobe_confirms_Windows_8_use…
*** Elderwood hacker gang claims unlimited supply of zero-day bugs -
Symantec ***
---------------------------------------------
"An elite hacker group targeting defense industry sub-contractors has an
inexhaustible supply of zero-days, or vulnerabilities that have yet to be
publicised, much less patched, according to Symantec. In a blog post, the
security firm said, "The group seemingly has an unlimited supply of
zero-day vulnerabilities."Symantec also laid out its analysis of the gang,
which it said was behind a slew of attacks dubbed the "Elderwood Project,"
after a source code variable used
---------------------------------------------
http://news.techworld.com/security/3380122/elderwood-hacker-gang-claims-unl…