[CERT-daily] Tageszusammenfassung - Freitag 16-11-2012

Fri Nov 16 18:01:09 CET 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Donnerstag 15-11-2012 18:00 − Freitag 16-11-2012 18:00
Handler:     Matthias Fraidl
Co-Handler:  L. Aaron Kaplan

*** Google Chrome mit Sandbox für OS X ***
---------------------------------------------
Google Chrome sperrt das Flash-Plug-in mit dem aktuellen Stable-Release 23 auch unter OS X in eine Sandbox, wie die Entwickler in ihrem Blog berichten.
---------------------------------------------
http://www.heise.de/security/meldung/Google-Chrome-mit-Sandbox-fuer-OS-X-1750675.html/from/atom10


*** Antivirus startup linked to infamous Chinese hacker ***
---------------------------------------------
"Anvisoft, a Chinese antivirus startup, has been linked to an infamous hacker suspected of developing sophisticated malware used to siphon sensitive information from Defense Department contractors in 2006. Through some high-tech sleuthing on the Web, Brian Krebs, author of the KrebsonSecurity blog, found Anvisoft-connected IP addresses connected Anvisoft to registered to "tandailin" in Gaoxingu, China. Tan Dailin, a.k.a. Withered Rose, was the subject of Verisigns 2007 iDefense
---------------------------------------------
http://www.csoonline.com/article/721678/antivirus-startup-linked-to-infamous-chinese-hacker


*** Proof-of-concept malware can share USB smart card readers with attackers over Internet ***
---------------------------------------------
"A team of researchers have created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer over the Internet. The malware installs a special driver on the infected computer which allows for the USB devices connected to it to be shared over the Internet with the attackers computer. In the case of USB smart card readers, the attacker can use the middleware software provided by the smart card manufacturer to
---------------------------------------------
http://www.cio.com.au/article/442216/proof-of-concept_malware_can_share_usb_smart_card_readers_attackers_over_internet/?fp=4&fpid=51238


*** Password Reset Zero-Day Reported to Skype Since October (Updated) ***
---------------------------------------------
"The details of a zero-day vulnerability that allows attackers to change the password of any Skype user have been posted on a Russian hacking forum. A similar security hole was identified by Vulnerability Lab researchers and it was reported to Skype at the beginning of October. The Next Web, which was the first to publicly reveal the existence of the flaw, reports that its details have been posted on the forum some two months ago...."
---------------------------------------------
http://news.softpedia.com/news/Skype-Password-Reset-Zero-Day-Reported-to-Skype-in-October-306835.shtml


*** Trojan.Gapz.1 infecting Windows in a new manner ***
---------------------------------------------
November 12, 2012 The anti-virus lab of Doctor Web - the Russian IT security vendor - has been informed of another piece of bootkit malware that is capable of concealing itself in an infected system. This application, added into virus databases under the name Trojan.Gapz.1, employs fairly interesting mechanisms to infect user computers. One of the rootkit´s purposes in an infected PC is to create an environment for loading its core modules which feature various functions.
---------------------------------------------
http://news.drweb.com/show/?i=2979&lng=en&c=9


*** How to report a computer crime: SQL injection website attack ***
---------------------------------------------
"Do you know how to report a computer crime? Or even who you would report it to? So far, weve looked at unauthorised email account access and malware in our series of articles on how to report a computer crime...."
---------------------------------------------
http://nakedsecurity.sophos.com/2012/11/15/computer-crime-sql-injection/


*** [papers] - Guidelines for Pentesting a Joomla Based Site ***
---------------------------------------------
Guidelines for Pentesting a Joomla Based Site
---------------------------------------------
http://www.exploit-db.com/download_pdf/22763


*** VMware security updates for vSphere API and ESX Service Console ***
---------------------------------------------
VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2012-0016.html