[CERT-daily] Tageszusammenfassung - Montag 19-11-2012

Mon Nov 19 18:20:48 CET 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Freitag 16-11-2012 18:00 − Montag 19-11-2012 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan

*** Bugtraq: [SE-2012-01] Security vulnerabilities in Java SE (details released) ***
---------------------------------------------
[SE-2012-01] Security vulnerabilities in Java SE (details released)
---------------------------------------------
http://www.securityfocus.com/archive/1/524746

*** Bugtraq: DC4420 - London DEFCON - November meet - Tuesday 20th November ***
---------------------------------------------
DC4420 - London DEFCON - November meet - Tuesday 20th November
---------------------------------------------
http://www.securityfocus.com/archive/1/524745

*** Stealing VM Keys from the Hardware Cache ***
---------------------------------------------
"This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the...
---------------------------------------------
http://www.schneier.com/blog/archives/2012/11/stealing_vm_key.html

*** Whats stopping your company from implementing full disk encryption? ***
---------------------------------------------
"You may have heard about the stolen NASA laptop, with its large amount of personally identifiable information of at least 10,000 NASA employees and contractors. The surprising question here, of course, has to do with the glaring absence of encryption. NASA says that that the laptop in question is scheduled to get encryption, though it would seem that not all laptops will get the same treatment...."
---------------------------------------------
http://www.fiercecio.com/techwatch/story/whats-stopping-your-company-implementing-full-disk-encryption/2012-11-16

*** perl-CGI Newline injection in Set-Cookie and P3P headers ***
---------------------------------------------
Topic: perl-CGI Newline injection in Set-Cookie and P3P headers Risk: Low Text:header() can generate Set-Cookie and P3P headers which contain invalid newlines. use CGI qw/header/; print header( -c...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/CF3xwRXWBfs/WLB-2012110115

*** NFR Agent FSFUI Record File Upload RCE ***
---------------------------------------------
Topic: NFR Agent FSFUI Record File Upload RCE Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zr0GNt7G1z0/WLB-2012110116

*** FreeBSD Project Discloses Security Breach Via Stolen SSH Key ***
---------------------------------------------
An anonymous reader writes "Following recent compromises of the Linux kernel.org and Sourceforge, the FreeBSD Project is now reporting that several machines have been broken into. After a brief outage, ftp.FreeBSD.org and other services appear to be back. The project announcement states that some deprecated services (e.g., cvsup) may be removed rather than restored. Users are advised to check for packages downloaded between certain dates and replace them, although not because known trojans...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/KpcXI-S6fFw/freebsd-project-discloses-security-breach-via-stolen-ssh-key

*** Hackers Hate MVIS Security Center - the New WordPress Security Plugin ***
---------------------------------------------
"SEC Consult launches the beta phase of MVIS Security Center, an enterprise-grade security plugin for WordPress, the worlds most widely used content management system (CMS). WordPress attracts millions of users from around the world, and these users are facing increasing attacks from hackers. Even more alarming, these attacks occur on all types of websites, big or small which makes security an indispensable part of creating websites...."
---------------------------------------------
http://news.yahoo.com/hackers-hate-mvis-security-center-wordpress-security-plugin-080327567.html

*** Trojaner benutzt Google Docs als Kommunikationskanal ***
---------------------------------------------
Ein neue entdeckter Trojaner verwendet die Viewer-Funktion von Googles Office-Anwendung, um Verbindung mit seinem Kontrollrechner aufzunehmen. Google könnte das mit einer Firewall unterbinden.
---------------------------------------------
http://www.heise.de/security/meldung/Trojaner-benutzt-Google-Docs-als-Kommunikationskanal-1752075.html/from/atom10

*** Why smart people do dumb things online ***
---------------------------------------------
"David Petraeus is probably the last person you might have expected to wreck his career with an email scandal. Petraeus is smart: He graduated in the top five percent of his class at West Point and went on to earn a Ph.D. Petraeus has self-control: His self-discipline was " legendary," according to Time Magazine...."
---------------------------------------------
http://computerworld.co.nz/news.nsf/news/why-smart-people-do-dumb-things-online?opendocument&utm_source=topnews&utm_medium=email&utm_campaign=topnews

*** Active XSS flaw discovered on eBay ***
---------------------------------------------
"According to XSSed, Indian security researcher Shubham Upadhyay has discovered an active XSS flaw affecting Ebay. com. The potential attacker would need an Ebay seller account, where he would put XSS code into the HTML...."
---------------------------------------------
http://www.zdnet.com/active-xss-flaw-discovered-on-ebay-7000007539/

*** German Police Warn Mobile Phone Users of ZeuS Malware ***
---------------------------------------------
"Germanys Berlin Police Department has issued a warning after numerous bank customers have reported fraudulent cash withdrawals. All the victims own Android smartphones and they all rely on mTAN (mobile transaction authentication numbers) when performing banking transactions. F-Secure experts reveal that the malware involved in these incidents is most likely the mobile version of ZeuS, also known as ZeuS-in-the-Mobile or Zitmo...."
---------------------------------------------
http://news.softpedia.com/news/German-Police-Warns-Mobile-Phone-Users-of-ZeuS-Malware-307503.shtml

*** How Malware survives to Malware detection mechanisms ***
---------------------------------------------
Today I'd like to share some basic techniques that Malware(s) use to
protect themselves from being detected. Some of the most used approaches
to detect Maware could be described as follows:

1. Virtualize the environment in where Malware(s) run.
2. Attach a debugger to Malware processes and
3. Sandbox the execution of the analyzed Malware.

It comes straight forward that Malware writers need new techniques to...
---------------------------------------------
http://marcoramilli.blogspot.nl/2012/11/how-malware-survives-to-malware.html

*** Vuln: IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities ***
---------------------------------------------
IBM Business Process Manager Multiple Cross Site Scripting Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56583

*** Vuln: Moodle Multiple Security Vulnerabilities ***
---------------------------------------------
Moodle Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56505