[CERT-daily] Tageszusammenfassung - Mittwoch 28-11-2012

Wed Nov 28 18:03:16 CET 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Dienstag 27-11-2012 18:00 − Mittwoch 28-11-2012 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Java Zero-Day Exploit on Sale for ‘Five Digits’ ***
---------------------------------------------
Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracles Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/P9epzhQazQ0/


*** Cooperation is key for Europes cyber security - Conclusion of ENISA Brussels event ***
---------------------------------------------
"A high-level event organised by Europes cyber security agency, ENISA, recognised closer cyber cooperation and mutual support as key factors for boosting cyber security for Europes citizens, governments and businesses. The meeting, held today (27th November) in Brussels, was led by ENISAs Executive Director, Professor Udo Helmbrecht, and brought together key figures from the European Parliament, European Commission and the computer industry. Participants included Ms Amelia Andersdotter,
---------------------------------------------
http://mb.cision.com/Main/119/9341197/71035.pdf


*** Sysadmin creates tool to scour web for hacked data ***
---------------------------------------------
"A Wellington system administrator has developed a tool to identify corporate secrets, hacked data and even stolen credit cards as they emerge on social networks and online clipboards. Users could set the OSINT OPSEC (Open Source Intelligence / Operational Security) Tool to monitor for keywords, allowing, for example, an organisation to be alerted if a hacking group dumped its sensitive data to clipboard site Pastebin. Or it could scour Stack Exchange for intellectual property code
---------------------------------------------
http://www.itnews.com.au/News/324176,sysadmin-creates-tool-to-scour-web-for-hacked-data.aspx


*** Vuln: Tor Remote Denial of Service Vulnerability ***
---------------------------------------------
Tor Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56675


*** Yahoo zero day exploit goes on sale for $700 ***
---------------------------------------------
"A hacker has begun selling what they claim is a zero-day exploit that will let criminals hijack control of Yahoo Mail users accounts. The hacker, who goes by the moniker TheHell, posted a video marketing a $700 exploit kit on the secretive Darkode cybercrime market on Monday. The video was later spotted and re-posted onto YouTube by security blogger Brian Krebs."Im selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers...."
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2227722/yahoo-zero-day-exploit-goes-on-sale-for-usd700


*** DNS servers filled with wrong Kool-Aid, big names waylaid in Romania ***
---------------------------------------------
Microsoft, Yahoo!, Google, PayPal all graffitid A hacker today redirected web surfers looking for Yahoo, Microsoft or Google to a page showing a TV test card by apparently poisoning Googles public DNS system.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/28/google_romania_dns_hack/