[CERT-daily] Tageszusammenfassung - Freitag 9-11-2012

Fri Nov 9 18:02:35 CET 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Donnerstag 08-11-2012 18:00 − Freitag 09-11-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Matthias Fraidl

*** PixSteal-A Trojan Steals Images, Uploads to Iraqi FTP Server ***
---------------------------------------------
"A new Trojan has been identified that has the capability of stealing images from infected computers, setting the stage for anything from identity theft to blackmail. PixSteal-A also pilfers . dmp, or Windows memory dump files that contain data on system crashes and sends all stolen data to a remote FTP server in Iraq, according to Sophos. This isnt the first malware to target non text-based files...."
---------------------------------------------
http://threatpost.com/en_us/blogs/pixsteal-trojan-steals-images-uploads-iraqi-ftp-server-110712


*** Microsoft Security Bulletin Advance Notification for November 2012 ***
---------------------------------------------
"This is an advance notification of security bulletins that Microsoft is intending to release on November 13, 2012. This bulletin advance notification will be replaced with the November bulletin summary on November 13, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...."
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms12-nov


*** QRishing Study: Curiosity Is the Largest Motivating Factor for Scanning QR Codes ***
---------------------------------------------
"Researchers from the Carnegie Mellon Universitys CyLab have released the results of a study QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks which focuses on phishing attacks that rely on QR (Quick Response) codes. QRishing is a term utilized for phishing attacks initiated via the scanning of QR codes. Such attacks are not new, but in the past period researchers have started examining them because theyre becoming more and more common...."
---------------------------------------------
http://news.softpedia.com/news/QRishing-Study-Curiosity-is-the-Largest-Motivating-Factor-for-Scanning-QR-Codes-305514.shtml


*** Windows 8, Surface slabs ALREADY need critical security patch ***
---------------------------------------------
Mega vulns affect ALL Windows kit from XP onward Microsoft will release critical updates for Windows 8 and other software on Novembers Patch Tuesday next week. The upgrades will arrive within weeks of the Win 8 launch at the end of last month.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/09/nov_patch_tuesday_pre_alert/


*** IT-Business - Cisco warnt: "Cyberkriminelle nur einen Mausklick entfernt" ***
---------------------------------------------
Internetumfrage ortet große Mängel in Österreichs Unternehmen
---------------------------------------------
http://derstandard.at/1350260880632/Cisco-warnt-Cyberkriminelle-nur-einen-Mausklick-entfernt


*** Siemens software targeted by Stuxnet still full of holes ***
---------------------------------------------
Software made by Siemens and targeted by the Stuxnet malware is still full of other dangerous vulnerabilities, according to Russian researchers whose presentation at the Defcon security conference earlier this year was cancelled following a request from the company.
---------------------------------------------
https://www.computerworld.com/s/article/9233378/Siemens_software_targeted_by_Stuxnet_still_full_of_holes?


*** Kreditkarte mit Display und Tastatur ***
---------------------------------------------
Mastercard hat eine neue Kreditkarte vorgestellt, die mit einem monochromen LCD-Display und numerischen Tasten ausgestattet ist. Sie bietet laut dem Unternehmen neben den normalen Funktionen einer Kreditkarte auch die Möglichkeit, Einmal-Passworte zur Authentifizierung zu generieren.
---------------------------------------------
http://www.heise.de/security/meldung/Kreditkarte-mit-Display-und-Tastatur-1747180.html/from/atom10


*** Facebook Chat Can Be Used to Launch DOS Attacks, Expert Finds ***
---------------------------------------------
Security researcher Chris C. Russo claims to have discovered a way to use Facebook's chat module to launch denial-of-service (DOS) attack against any user, even if they're not friends with the attacker.
---------------------------------------------
http://news.softpedia.com/news/Facebook-Chat-Can-Be-Used-to-Launch-DOS-Attacks-Expert-Finds-305853.shtml