[CERT-daily] Tageszusammenfassung - Montag 12-11-2012

Mon Nov 12 18:04:29 CET 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Freitag 09-11-2012 18:00 − Montag 12-11-2012 18:00
Handler:     Matthias Fraidl
Co-Handler:  L. Aaron Kaplan

*** Webmix - 26 Terabyte Webseiten zu Österreich gesammelt ***
---------------------------------------------
Web at rchiv Österreich umfasst mittlerweile eine Milliarde Einzeldateien
---------------------------------------------
http://text.derstandard.at/1350260844999/26-Terabyte-Webseiten-zu-Oesterreich-gesammelt


*** Windows 8 Defeats 85% of Malware Detected In the Past 6 Months ***
---------------------------------------------
An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsofts latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware thats already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender."    Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HOHG0NiFov4/windows-8-defeats-85-of-malware-detected-in-the-past-6-months


*** Stuxnet Infected Chevrons IT Network ***
---------------------------------------------
"Stuxnet, a sophisticated computer virus created by the United States and Israel, to spy on and attack Irans nuclear enrichment facilities in Natanz also infected Chevron s network in 2010, shortly after it escaped from its intended target. Chevron found Stuxnet in its systems after the malware was first reported in July 2010, said Mark Koelmel, general manager of the earth sciences department at Chevron. I dont think the U.S. government even realized how far it had spread, he told CIO
---------------------------------------------
http://www.cyberwarzone.com/stuxnet-infected-chevron%E2%80%99s-it-network


*** Hintergrund: Dropbox ist "ziemlich sicher" ***
---------------------------------------------
Die beiden Sicherheitsexperten Florian Ledoux und Nicolas Ruff aus der IT-Abteilung von EADS haben einen kritischen Blick auf Dropbox geworfen und ihre Ergebnisse kürzlich auf der Security-Koferenz hack.lu vorgestellt. 
---------------------------------------------
http://www.heise.de/security/artikel/Dropbox-ist-ziemlich-sicher-1746596.html/from/atom10


*** Weaponized Malware: Top Four Cyberattack Tools ***
---------------------------------------------
"Over the past two years, four pieces of malware have emerged as veritable weapons and have been used for destructive purposes or to assist in such attacks.1. Stuxnet is the most widely known of the four. Stuxnet was designed with a highly specialized malware payload that targeted SCADA systems that control specific industrial processes...."
---------------------------------------------
http://cyberwarzone.com/weaponized-malware-top-four-cyberattack-tools


*** Ransom malware gangs making huge profits, Symantec discovers ***
---------------------------------------------
"The problem of ransom malware has reached epidemic proportions and could be extracting fraudulent payments from as many as 3 percent of victims, a Symantec report has calculated. In a world already afflicted by botnets, banking Trojans and established problems such as keyloggers and spam, ransomware programs that lock victims computers or files until a ransom payment is made - has grown into a major problem, with surprisingly little coverage from security vendors until recently. Symantecs
---------------------------------------------
http://news.techworld.com/security/3410078/ransom-malware-gangs-making-huge-profits-symantec-discovers/?olo=rss


*** Critical Vulnerabilities In Call of Duty: Modern Warfare 3, CryEngine 3 ***
---------------------------------------------
hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-players computer." "Once you
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/itbD8UlgSco/critical-vulnerabilities-in-call-of-duty-modern-warfare-3-cryengine-3


*** Sandy turned off the lights, the phones, and the heat. A cyber attack could make it all happen again ***
---------------------------------------------
"Verizons chief technology officer surveyed a flooded major switching facility in lower Manhattan and put it bluntly: "There is nothing working here. Quite frankly, this is wider than the impacts of 9/11." Damage from Sandy is estimated to reach $20 billion, and interrupted phone service is among the least of it. Flooding in New Yorks century-old subway system is without parallel...."
---------------------------------------------
http://www.foreignpolicy.com/articles/2012/11/07/network_news?page=0,0


*** Malware Spy Network Targeted Israelis, Palestinians ***
---------------------------------------------
Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets. The discovery, by Oslo-based antivirus and security firm Norman ASA, is the latest in a series of revelations involving digital surveillance activity of unknown origin that [...]
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/k12j_R4yBAo/


*** Telekom regt Sicherheits-Allianz der Unternehmen an ***
---------------------------------------------
Die Deutsche Telekom wirbt verstärkt um ein gemeinsames Vorgehen der Wirtschaft im Kampf gegen Gefahren aus dem Internet. Der Chef der Geschäftskundentochter T-Systems, Reinhard Clemens, macht sich jetzt für eine gemeinsame IT-Sicherheitstruppe mit der Gründung eines spezialisierten Unternehmens stark, wie die Financial Times Deutschland berichtet.
---------------------------------------------
http://www.heise.de/security/meldung/Telekom-regt-Sicherheits-Allianz-der-Unternehmen-an-1748240.html/from/atom10


*** Citadel Trojan Tough for Banks to Beat ***
---------------------------------------------
"The banking Trojan known as Citadel, which debuted in underground forums in January 2012, has evolved to become one of the financial industrys greatest worries, cybersecurity experts say. Citadel, an advanced variant of Zeus, is a keylogger that steals online-banking credentials by capturing keystrokes. Fraudsters then use stolen login IDs and passwords to access online accounts, take them over and schedule fraudulent transactions...."
---------------------------------------------
http://www.bankinfosecurity.com/citadel-trojan-tough-for-banks-to-beat-a-5282/p-1