[CERT-daily] Tageszusammenfassung - Freitag 12-10-2012

Fri Oct 12 18:01:31 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Donnerstag 11-10-2012 18:00 − Freitag 12-10-2012 18:00
Handler:     Matthias Fraidl
Co-Handler:  Otmar Lendl

*** Skype malware steals more than your money: User accounts from Facebook, Twitter, PayPal, and more ***
---------------------------------------------
"Earlier this week, we warned you about a new piece of malware that is spreading via Skype using the message lol is this your new profile pic? It tries steals to steal your money using both ransomware (restricts access to your computer and demands payment for it to be removed) and click fraud (imitation of a legitimate user clicking on an ad to generate revenue). Now weve learned that the malware does more than that: it targets your user accounts on various Web services and can also do so
---------------------------------------------
http://thenextweb.com/microsoft/2012/10/12/skype-malware-steals-more-than-your-money-user-accounts-from-facebook-twitter-paypal-and-more/


*** SOPA Is Back! As a Ransomware Virus ***
---------------------------------------------
"After historic Internet protests in January the SOPA anti-piracy bill was defeated. However, this week several reports have pointed to a rather unfortunate SOPA comeback. Not in Congress, but as a nasty cryptovirus that locks up peoples computers and accuses them of distributing copyright infringing files...."
---------------------------------------------
http://torrentfreak.com/sopa-is-back-as-a-ransomware-virus-121011/


*** Conficker worm still being tracked, but evidence collection slows ***
---------------------------------------------
"The notorious malware known as the Conficker worm still infects computers, a sort of wild horse with no rider, but investigators appear no closer to finding its creator. Also known as "Downandup," Conficker was discovered in November 2008, exploiting a vulnerability in Windows XP that allowed remote file execution when file-sharing was enabled. Microsoft patched it a month later...."
---------------------------------------------
http://www.computerworld.com/s/article/9232277/Conficker_worm_still_being_tracked_but_evidence_collection_slows?taxonomyId=17


*** RSA Conference: Security industry built on a haze of fog and hype ***
---------------------------------------------
"A panel of security experts at RSA Conference criticised their industry over its tendency to sensationalise and hype, taking attention away from truly important problems. As well as the media that had a tendency to sensationalise issues, criticism was also reserved for companies that tried to focus attention on areas such as Android malware that was cool, instead of business and enterprise problems that companies were actively trying to deal with. Joshua Corman, director of security
---------------------------------------------
http://www.scmagazineuk.com/rsa-conference-security-industry-built-on-a-haze-of-fog-and-hype/article/263170/?


*** EU cloud strategy calls for standards ***
---------------------------------------------
"Cloud computing technical specification standardization, model contracts and a pooling of requirements among European Union governments would cause the gross domestic product impact of cloud computing in the EU to nearly triple to 250 billion by 2020, says the European Commission. In a commission cloud strategy (. pdf) dated Sept. 27, the commission says a hands-off approach would result in GDP impact of merely 88 billion by 2020--and as a result, says it will launch cloud-specific
---------------------------------------------
http://www.fiercegovernmentit.com/story/eu-cloud-strategy-calls-standards/2012-10-09


*** CAST diskutiert strukturelle Defizite kritischer Infrastrukturen ***
---------------------------------------------
Als "Hot Topic" hatte das CAST-Forum seine Veranstaltung zum Schutz kritischer Infrastrukturen bezeichnet. Der Trend, die industrielle Informationstechnik bis zur Feldebene einzelner Sensoren in der Fertigung oder Energieversorgung mit dem "normalen" Internet zu vernetzen, sei bedenklich. Mit Simulationen, der Neuberechnung von Toleranzgrenzen und industriellem Schwachstellenmanagement wollen die versammelten Experten den Schutz verbessern.
---------------------------------------------
http://www.heise.de/security/meldung/CAST-diskutiert-strukturelle-Defizite-kritischer-Infrastrukturen-1728627.html/from/atom10


*** Hack In The Box: researcher reveals ease of Huawei router access ***
---------------------------------------------
At Hack In The Box researcher Felix "FX" Lindner has shown how Huawei
routers are easy to access with their static passwords and how one
machine could give an attacker access to an entire network.
---------------------------------------------
http://www.zdnet.com/hack-in-the-box-researcher-reveals-ease-of-huawei-router-access-7000005600/


*** Whonix: Anonymous operating system ***
---------------------------------------------
"Whonix is an anonymous general purpose operating system based on Virtual Box, Ubuntu GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the users real IP/location...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=13757


*** Privatsphäre - Apples geheime Tracking-Funktion in iOS 6 ***
---------------------------------------------
Nach der Verbannung der UDIDs sind die neuen Tracking-Funktionen zu Werbezwecken gut versteckt
---------------------------------------------
http://text.derstandard.at/1348285823855/Apples-geheime-Tracking-Funktion-in-iOS-6


*** Bugtraq: ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities ***
---------------------------------------------
ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/524394