=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 18-12-2012 18:00 − Mittwoch 19-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** The Only 2013 Cybersecurity Predictions List You Need to Read ***
---------------------------------------------
"Please, allow me to save you some time reading all of those Top 10 Cybersecurity Threats of 2013 lists from journalists, bloggers, analysts, vendors and other crackpots. Nearly all of them will include the 10 following threats, in varying orders:The Cloud Lots of vulnerabilities out there. BYOD/Mobile malware Its a problem dealing with all these devices...."
---------------------------------------------
http://blogs.cio.com/security/17647/only-2013-cybersecurity-predictions-lis…
*** 1-15 December 2012 Cyber Attacks Timeline ***
---------------------------------------------
"Christmas is coming quickly, we have just passed the first half of December, and hence its time for the first update of the Cyber Attacks Timeline for December. The Team GhostShell has decided to close the year with a clamorous Cyber Attack, and hence,as part of the project ProjectWhiteFox, has leaked 1. 6 million of accounts from several organizations all over the world...."
---------------------------------------------
http://hackmageddon.com/2012/12/17/1-15-december-2012-cyber-attack-timeline/
*** Enterpriser16 LB 7.1 Cross Site Scripting ***
---------------------------------------------
Topic: Enterpriser16 LB 7.1 Cross Site Scripting Risk: Low Text:Title: Enterpriser16 LB v7.1 - Multiple Web Vulnerabilities Date: == 2012-12-12 References: == http://ww...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Pv935OaGGFY/WLB-20…
*** [webapps] - SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability ***
---------------------------------------------
SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability
---------------------------------------------
http://www.exploit-db.com/exploits/23498
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 17-12-2012 18:00 − Dienstag 18-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56846
*** Vuln: Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56847
*** Vuln: TWiki Multiple Security Vulnerabilities ***
---------------------------------------------
TWiki Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56950
*** Reminder: Java 6 end-of-live February 2013 , (Mon, Dec 17th) ***
---------------------------------------------
Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here: http://www.oracle.com/technetwork/java/javase/eol-135779.html ---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14719&rss
*** Bugtraq: IPv6 Neighbor Discovery security (new documents) ***
---------------------------------------------
IPv6 Neighbor Discovery security (new documents)
---------------------------------------------
http://www.securityfocus.com/archive/1/525063
*** Cyber Security Bulletin (SB12-352) - Vulnerability Summary for the Week of December 10, 2012 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability...
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB12-352.html
*** Carberp-in-the-Mobile found on Google Play ***
---------------------------------------------
"Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play cant be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps. Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2362
*** Lookout Predicts 18 Million Android Malware Infections by End of 2013 ***
---------------------------------------------
"Lookout Mobile Security recently published its mobile threat predictions for 2013, anticipating that 18 million Android users will encounter mobile malware between the beginning of 2012 and the end of 2013."The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0. 20 percent in Japan to 0. 40 percent in the US and as high as 34...."
---------------------------------------------
http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-…
*** Trojan Upclicker malware infecting PCs via mouse input ***
---------------------------------------------
"Windows PC owners be warned theres a new strain of malware out there that befuddles users into helping it accomplish its dirty deeds via mouse clicks. Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors. FireEye researchers Abhishek Singh and Yasir Khalid noted that Trojan Upclicker is a variant...
---------------------------------------------
http://www.itproportal.com/2012/12/17/trojan-upclicker-malware-infecting-pc…
*** EU to propose mandatory reporting of cyber incidents ***
---------------------------------------------
"The European Union may force companies operating critical infrastructure in areas such as banking, energy and stock exchanges to report major online attacks and reveal security breaches, according to draft report by the European Commission. The European Commission is due to present a proposal on cybersecurity in February once it has received feedback from the European Parliament and EU countries. The proposal was initially announced in May for the third quarter this year but has been...
---------------------------------------------
http://www.euractiv.com/infosociety/eu-propose-mandatory-reporting-c-news-5…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 14-12-2012 18:00 − Montag 17-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: MyBB DyMy User Agent Plugin SQL Injection Vulnerability ***
---------------------------------------------
MyBB DyMy User Agent Plugin SQL Injection Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56931
*** Bugtraq: Wordpress Pingback Port Scanner ***
---------------------------------------------
Wordpress Pingback Port Scanner
---------------------------------------------
http://www.securityfocus.com/archive/1/525045
*** Bugtraq: DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) ***
---------------------------------------------
DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)
---------------------------------------------
http://www.securityfocus.com/archive/1/525044
*** ENISA - Introduction to Return on Security Investment ***
---------------------------------------------
"As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention...."
---------------------------------------------
http://www.enisa.europa.eu/activities/cert/other-work/introduction-to-retur…
*** Foswiki Remote code execution and other vulnerabilities in MAKETEXT ***
---------------------------------------------
Topic: Foswiki Remote code execution and other vulnerabilities in MAKETEXT Risk: High Text: + Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/8WkKh9Nz_ZM/WLB-20…
*** Eurograbber: A Smart Trojan Attack - Hackers Methods Reveal Banking Know-How ***
---------------------------------------------
"The Eurograbber banking Trojan is an all-in-one hit, researchers say. It successfully compromises desktops and mobile devices, and has gotten around commonly used two-factor authentication practices in Europe. How can banking institutions defend themselves and their customers against this super-Trojan attack?..."
---------------------------------------------
http://www.bankinfosecurity.com/eurograbber-smart-trojan-attack-a-5359?rf=2…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-12-2012 18:00 − Freitag 14-12-2012 18:00
Handler: Christian Wojner
Co-Handler: n/a
*** Internet Explorer rats out the mouse - Update ***
---------------------------------------------
"Company Spider. io warns that Internet Explorer allows a users mouse position to be determined even if the mouse cursor is located outside of the browser window or the browser window isnt being displayed at all either because it is minimised or the user has switched to view another tab or window. This is potentially dangerous because it enables web pages to intercept sensitive data that is being entered via virtual keyboards and virtual keypads, say the researchers...."
---------------------------------------------
http://www.h-online.com/security/news/item/Internet-Explorer-rats-out-the-m…
*** Bugtraq: Addressbook v8.1.24.1 Group Name XSS ***
---------------------------------------------
Addressbook v8.1.24.1 Group Name XSS
---------------------------------------------
http://www.securityfocus.com/archive/1/525027
*** New Trojan attempts SMS fraud on OS X users ***
---------------------------------------------
"The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud. The new malware is a Trojan horse, dubbed "Trojan. SMSSend...."
---------------------------------------------
http://news.cnet.com/8301-1009_3-57558780-83/new-trojan-attempts-sms-fraud-…
*** Apple updates OS X malware definitions for new fake-installer/SMS trojan ***
---------------------------------------------
"MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as TrojanSMSSend...."
---------------------------------------------
http://9to5mac.com/2012/12/13/apple-updates-os-x-malware-definitions-for-ne…
*** Backdoor Found at NDIS Level ***
---------------------------------------------
"It is one thing to have a piece of malware that can focus on targeted attacks, but it is quite another to have it also be nearly invisible. That is just what a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel. A, is able to do, said researchers at Microsofts Malware Protection Center...."
---------------------------------------------
http://www.isssource.com/backdoor-found-at-ndis-level/
*** New Attacks from Gameover Gang ***
---------------------------------------------
"Millions of emails, which pose as coming from major U.S. banks, are spamming out, according to Dell SecureWorks Counter Threat Unit. The fake but convincing-looking emails appeal to a more security-minded banking customer: You have received a new encrypted message or a secure message from [XYZ] Bank, one of the email campaigns said, noting the bank has set up a secure email exchange for its customers as a way to allay privacy and security concerns. The message includes an infected
---------------------------------------------
http://www.isssource.com/new-attacks-from-gameover-gang/
*** Yet another eavesdrop vulnerability in Cisco phones ***
---------------------------------------------
Security groundhog day A university student presenting at the Amphion Forum has demonstrated turning a Cisco VoIP phone into a listening device, even when it's on the hook.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/13/cisco_voip_…
*** Dexter malware targets point of sale systems worldwide ***
---------------------------------------------
"You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems. First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking providers...."
---------------------------------------------
http://www.theregister.co.uk/2012/12/14/dexter_malware_targets_pos_systems/
*** Top 7 security predictions for 2013 ***
---------------------------------------------
"A seismic shift in who controls the Internet? Another Mac malware outbreak? Your smart TV being highjacked for a DDoS attack?..."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14120
*** [DNB] Joomla, WordPress Sites Hit by IFrame Injection Attacks ***
---------------------------------------------
'....Users of the popular Joomla content management system are being
urged by security experts to upgrade to the latest version after
reports of exploits being used to compromise websites built on the
platform......'
---------------------------------------------
https://threatpost.com/en_us/blogs/joomla-wordpress-sites-hit-iframe-inject…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 12-12-2012 18:00 − Donnerstag 13-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Researchers uncover Tor-powered Skynet botnet ***
---------------------------------------------
"Rapid7 researchers have recently unearthed an unusual piece of malware that turned out to be crucial to the formation of an elusive botnet - dubbed Skynet by the researchers - whose existence has been documented in a very popular Reddit "I Am A" thread. The Trojan in question has DDoS and Bitcoin-mining capabilities, but its main function is to steal banking credentials. The botnet operator spreads the malware via the Usenet discussion forum, which is also a popular platform for...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2357
*** "Dexter" malware steals credit card data from point-of-sale terminals ***
---------------------------------------------
"A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30...
---------------------------------------------
http://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-d…
*** New Findings Lend Credence to Project Blitzkrieg ***
---------------------------------------------
"Project Blitzkrieg," a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2013, was met with skepticism from some in the security community after news of the scheme came to light in October. Many assumed it was a law enforcement sting, or merely the ramblings of a wannabe criminal mastermind. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/RgJgMJ51mKo/
*** Cybersecurity company using hackers own devices against them ***
---------------------------------------------
"A California cybersecurity start-up, marketing itself as a private cyber intelligence agency, works to identify foreign attackers who are attempting to steal corporate secrets; it does so by using the attackers own techniques and vulnerabilities against them; the company also collects data on hackers and tricks intruders into stealing false information Shawn Henry, the head of the FBI cyber crimes division, this year left agency after twenty-four years to become the president CrowdStrike,...
---------------------------------------------
http://www.homelandsecuritynewswire.com/dr20121213-cybersecurity-company-us…
*** Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10 ***
---------------------------------------------
"Facebooks security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions. The arrests were carried out yesterday in the U.S., U.K., the Balkans, South America and New Zealand in connection with spreading the Yahos malware on Facebook from 2010 to this October. Yahos compromised more than 11 million computers, the FBI said...."
---------------------------------------------
http://threatpost.com/en_us/blogs/facebook-security-fbi-take-down-butterfly…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 11-12-2012 18:00 − Mittwoch 12-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** First fake-installer Trojan for Mac OS ***
---------------------------------------------
December 11, 2012 Russian anti-virus company Doctor Web informs users about a new Trojan for Mac OS X dubbed Trojan.SMSSend.3666. The malicious scheme used to spread this Trojan is notorious among many Windows users but until now it hasnt been employed to deceive owners of Macs. Trojan.SMSSend is a fake installer which can be downloaded from various sites under the guise of useful software. Trojan.SMSSend programs are found in large numbers on the Internet. These are fake installers available
---------------------------------------------
http://news.drweb.com/show/?i=3138&lng=en&c=9
*** Web-Seiten identifizieren Besucher über deren soziale Netze ***
---------------------------------------------
Der New Yorker Sumit Suman staunte nicht schlecht. Nach seinem Besuch der Web-Seiten von UberVu bekam er am nächsten Tag eine persönliche E-Mail mit Werbeangeboten der Firma.
---------------------------------------------
http://www.heise.de/security/meldung/Web-Seiten-identifizieren-Besucher-ueb…
*** Dezember-Patchday bei Microsoft und Adobe ***
---------------------------------------------
Microsoft und Adobe haben ihre Dezember-Patchdays abgehalten und dabei zahlreiche kritische Lücke geschlossen. Während Microsoft die meisten Windows-Versionen, den Internet Explorer, Word und einige Server-Produkte abgesichert hat, gab es von Adobe Patches für den Flash Player, AIR und ColdFusion.
---------------------------------------------
http://www.heise.de/security/meldung/Dezember-Patchday-bei-Microsoft-und-Ad…
*** Microsoft Internet Explorer 610 Mouse Tracking ***
---------------------------------------------
Topic: Microsoft Internet Explorer 610 Mouse Tracking Risk: Medium Text:Summary: Unprivileged attackers can track your system-wide mouse movements from any IE page, even when the page is unfocused o...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/GTaeIyspNpM/WLB-20…
*** Samsungs smart TVs wide open to exploits ***
---------------------------------------------
The downside to being more like a PC Samsungs Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/smart_tv_pw…
*** Russian space research org targeted by mystery malware attack ***
---------------------------------------------
Korean message forum becomes cyber-espionage hub Security researchers have discovered a targeted attack against Russian hi-tech firm that appears to originate in Korea.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/russian_cyb…
*** North America and Europe Most Threatened by Money-Stealing Android Trojans ***
---------------------------------------------
"If youre living in Europe or North America and if youre an Android user, the mobile malware that targets you is most likely designed to steal your money. On the other hand, if you live in Asia, youre more likely to be bombarded with aggressive adware and annoying ads. These are the results of a study performed by security firm Bitdefender with the aid of its mobile security solution, between January 1 and December 1, 2012...."
---------------------------------------------
http://news.softpedia.com/news/North-America-and-Europe-Most-Threatened-by-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 10-12-2012 18:00 − Dienstag 11-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Beware of Bitcoin miner posing as Trend Micro AV ***
---------------------------------------------
"Malware almost always comes in disguise, but some malware peddlers try to do a better job than others. Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself off as "Trend Micro AntiVirus Plus AntiSpyware" (click on the screenshot to enlarge it):Unfortunately for whose who get fooled, the software in question is a Trojan that creates the process svchost. exe and downloads additional malicious components such as a Bitcoin miner application
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2349
*** Multipurpose Necurs Trojan infects over 83,000 computers ***
---------------------------------------------
"The polivalent Necurs malware family has been wreaking havoc in November by infecting over 83,000 unique computers - and that are only the ones detected by Microsofts solutions! The Necurs Trojan is capable of:Modifying the computers registry in order to make itself start after every reboot. Dropping additional components that prevents a large number of security applications from functioning correctly, including the ones manufactured by Avira, Kaspersky Lab, Symantec and
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2350
*** 200,000 new malicious programs detected every day ***
---------------------------------------------
"Kaspersky Lab released its annual Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2012. The report revealed significant growth of Mac-specific malware and an explosive growth in the number of threats targeting the Android platform. Overall, Kaspersky Lab detected and blocked more than 1...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2352
*** Necurs Rootkit Infections Way Up ***
---------------------------------------------
"Infections from a nasty bit of malware, generally delivered by the Black Hole Exploit Kit, surged in November, hitting more than 83,000 machines. Microsofts Malware Protection Center rates the Necurs rootkit threat as severe. Dubbed a rootkit by Kaspersky Lab, Necurs has many dimensions to it...."
---------------------------------------------
http://threatpost.com/en_us/blogs/necurs-rootkit-infections-way-120712?
*** Joomla (and WordPress) Bulk Exploit Going on, (Mon, Dec 10th) ***
---------------------------------------------
Weve gotten some reports and discussion around many Joomla (and some WordPress) sites exploited and hosting IFRAMES pointing to bad places. Well get to the downloaded in a second, but the interesting thing to note is that it doesnt seem to be a scanner exploiting one vulnerability but some tool thats basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. Wed like PCAPs or weblogs if youre seeing something similar in your environment.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14677&rss
*** Russian ransomware strikes Queensland doctor ***
---------------------------------------------
Seven years of patients files encrypted by crooks. A medical practice in the Australian state of Queensland, the Miami Family Medical Centre, has been hit by ransomware said to originate in Russia.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/queensland_…
*** Unzuverlässige Trojaner-Warnungen durch Android 4.2 ***
---------------------------------------------
Nur 15 Prozent der in einer Analyse eingesetzten Schadsoftware hat der mit Googles Betriebssystem Jelly Bean (Android 4.2) kommende App Verification Service entdeckt.
---------------------------------------------
http://www.heise.de/security/meldung/Unzuverlaessige-Trojaner-Warnungen-dur…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 07-12-2012 18:00 − Montag 10-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Sophos Security Threat Report 2013, today... tomorrow ***
---------------------------------------------
"Sophos was one of the first security firms that has published a report, Sophos Security Threat Report 2013, on current status of security landscape making predictions for incoming year. The document propose an interesting overview on most common and dangerous cyber threats attempting to determine the level of penetration by different countries. The factors that have primary contributed to the diffusion of new cyber threats are the increasing in use of social networks platforms and
---------------------------------------------
http://www.infosecisland.com/blogview/22771-Sophos-Security-Threat-Report-2…
*** Onlinebanking lieber per Althandy ***
---------------------------------------------
Derzeit droht Nutzern von Internet-Banking-Diensten Gefahr durch den Trojaner Eurograbber, der Geld von mehr als 30 000 Bankkonten erbeutet haben soll. Er greift Online-Banking-Teilnehmer, die PC und Smartphone kombiniert einsetzen, gezielt an und fängt durch geschickte Fragen sowohl Kontodaten als auch Transaktionsnummern seiner Opfer ab. Internetnutzer können sich jedoch mit ein paar Tricks schützen.
---------------------------------------------
http://www.heise.de/security/meldung/Onlinebanking-lieber-per-Althandy-1764…
*** My Little Pronny: Autorun worms continue to turn ***
---------------------------------------------
"Malware activity exploiting Autorun on Windows computers has been generating quite a few calls to ESET support lines lately, reminding us that old infection techniques seldom die and USB flash drives can still be an effective means of getting malicious code onto a computer. USB drives can be used to infect computers that automatically execute files on removable media when that media is inserted. On Windows machines this is known as the Autorun feature (referred to as Autoplay in Windows
---------------------------------------------
http://blog.eset.com/2012/12/07/autorun-worm-continues-to-turn
*** 16-30 November 2012 Cyber Attacks Timeline ***
---------------------------------------------
"November has gone and its time to review this months cyber landscape. From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the
---------------------------------------------
http://hackmageddon.com/category/security/cyber-attacks-timeline/
*** That square QR barcode on the poster? Check its not a sticker ***
---------------------------------------------
Crooks slap on duff codes leading to evil sites Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/10/qr_code_sti…
*** Trojans spread from compromised Dalai Lama website ***
---------------------------------------------
December 5, 2012 Russian anti-virus company Doctor Web is informing users that several Trojans are being spread from compromised websites. In particular, malware is being downloaded from the official site of the Dalai Lama. Mac OS X systems are in danger as well as Windows PCs. Several days ago Doctor Web was informed that the official site of Tibet's spiritual leader, the Dalai Lama, had been compromised. Doctor Webs analysts discovered that when loading a page from the site in a
---------------------------------------------
http://news.drweb.com/show/?i=3124&lng=en&c=9
*** DDoS Attacks: Lessons Learned - 4 Thought Leaders Share Insights About Bank Attacks ***
---------------------------------------------
"Distributed-denial-of-service attacks waged against leading U.S. banks between mid-September and mid-October led to improved information sharing about threats. And that exchange proved effective in minimizing disruptions. Inter-bank and industry communication helped financial institutions targeted later in the DDoS campaign suffer less severe outages than those targeted earlier, says Mike Smith, a DDoS specialist at Web security vendor Akamai Technologies...."
---------------------------------------------
http://www.bankinfosecurity.com/ddos-attacks-lessons-learned-a-5343?rf=2012…
*** The "hidden" backdoor - VirTool:WinNT/Exforel.A ***
---------------------------------------------
Recently we discovered an advanced backdoor sample -
VirTool:WinNT/Exforel.A. Unlike traditional backdoor samples, this
backdoor is implemented at the NDIS (Network Driver Interface
Specification) level.
https://blogs.technet.com/b/mmpc/archive/2012/12/09/the-quot-hidden-quot-ba…
*** Vuln: TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities ***
---------------------------------------------
TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56602
*** VLC Media Player 2.0.4 Buffer Overflow ***
---------------------------------------------
Topic: VLC Media Player 2.0.4 Buffer Overflow Risk: High Text:Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : http:/...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JsOQvc6gSeY/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-12-2012 18:00 − Freitag 07-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Sieben Microsoft-Patches auf einen Streich am Patchday ***
---------------------------------------------
Microsoft kündigte an, anlässlich seines Dezember-Patchdays am kommenden Dienstag sieben Patch-Pakete (Bulletins) herauszugeben, die insgesamt elf Sicherheitslücken schließen. Fünf der Patch-Pakete stuft das Unternehmen als kritisch ein; sie schließen Lücken, die das Einschleusen von Schadcode aus der Ferne erlauben.
---------------------------------------------
http://www.heise.de/security/meldung/Sieben-Microsoft-Patches-auf-einen-Str…
*** Viele beliebte Windows-Programme unzureichend gesichert ***
---------------------------------------------
Der Autor der Software SlopFinder beschreibt, dass viele beliebte Windows-Programme selbst grundlegende Schutzmechanismen nicht verwenden. So soll bei DEP (Data Execution Prevention) der Prozessor über ein Flag (NX-Bit) die Ausführung von eingeschleustem Schadcode im Datenbereich verhindern.
---------------------------------------------
http://www.heise.de/security/meldung/Viele-beliebte-Windows-Programme-unzur…
*** RSA boss predicts "catastrophic" cyber attack ***
---------------------------------------------
"A large-scale attack on critical infrastructure will soon become a reality, according to RSA chief executive Art Coviello. The security boss said that poor government security protections combined with increasingly sophisticated attack techniques has left critical infrastructure at risk for attacks which could cause widespread damage."I abhor the phrase Cyber Pearl Harbor because I think it is a poor metaphor to describe the state I believe we are in," Coviello
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2229201/rsa-boss-art-coviello-predicts-catas…
*** Skynet, a Tor-powered botnet straight from Reddit ***
---------------------------------------------
FROM: Matthias Fraidl <fraidl(a)cert.at>
Following is an overview of this malware labelled by the creator as
Skynet: a Tor-powered trojan with DDoS, Bitcoin mining and Banking
capabilities, that we observed spreading through the veins of Usenet.
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor…
---------------------------------------------
/taranis/mod_assess/show_mail.pl?id=1826
*** BlackHole Exploit Kit Has Difficulties in Infecting Chrome Users, Experts Say ***
---------------------------------------------
"The notorious BlackHole exploit kit has been around for quite some time now, with new iterations being released periodically. While it can be considered one of the most efficient cybercriminal tools, BlackHole doesnt like it when its victims utilize Googles Chrome web browser. According to experts from Blue Coat, when potential victims are tricked into clicking on links that point to BlackHole-infested websites, theyre presented with a loading or a please wait message, while in the
---------------------------------------------
http://news.softpedia.com/news/BlackHole-Exploit-Kit-Has-Difficulties-in-In…
*** New Trojan Exploits Mobile Channel - Eurograbber Defeats Two-Factor Authentication ***
---------------------------------------------
"Eurograbber is more than just another banking Trojan. Its an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Points Darrell Burkey. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks...."
---------------------------------------------
http://www.bankinfosecurity.com/interviews/new-trojan-exploits-mobile-chann…
*** WhatsApp schließt Lücke erneut, aber nicht überall ***
---------------------------------------------
Das Katz-und-Maus-Spiel um die Sicherheit von WhatsApp geht in die nächste Runde: Nachdem heise Security vor rund einer Woche demonstriert hatte, dass die Android-Version nach wie vor anfällig für Account-Hijacking ist, bietet der Betreiber nun WhatsApp-Version 2.8.8968 über Google Play an, die eine verbesserte Rufnummern-Verifikation verspricht.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-schliesst-Luecke-erneut-aber-…