[CERT-daily] Tageszusammenfassung - Donnerstag 11-04-2013

Thu Apr 11 19:51:41 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 10-04-2013 18:00 − Donnerstag 11-04-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Otmar Lendl


*** Security Externalities and DDOS Attacks ***
---------------------------------------------
Ed Felten has a really good blog post about the externalities that the recent Spamhaus DDOS attack exploited: The attackers goal was to flood Spamhaus or its network providers with Internet traffic, to overwhelm their capacity to handle incoming network packets. The main technical problem faced by a DoS attacker is how to amplify the attackers traffic-sending capacity, so that...
---------------------------------------------
http://www.schneier.com/blog/archives/2013/04/security_extern.html


*** Ransomware: The cybercrime money machine of 2013 ***
---------------------------------------------
"Towards the end of last year, when the major security firms were compiling their customary run-downs of the biggest threats expected to emerge in 2013, ransomware figured prominently as an ominous one to watch. This breed of malicious software owes its name to the way in which it attacks a computer, quite literally holding it ransom by paralysing the device and demanding payment for it to be unlocked. By February this year, the experts prophecies began to be realised as a sophisticated...
---------------------------------------------
http://www.itproportal.com/2013/04/10/ransomware-the-cybercrime-money-machine-of-2013/


*** Cisco ASA Multiple Bugs Let Remote Users Deny Service ***
---------------------------------------------
Cisco ASA Multiple Bugs Let Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1028415


*** Summary for April 2013 - Version: 1.1 ***
---------------------------------------------
This bulletin summary lists security bulletins released for April 2013. With the release of the security bulletins for April 2013, this bulletin summary replaces the bulletin advance notification originally issued April 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-apr


*** Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration ***
---------------------------------------------
Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration
---------------------------------------------
http://www.securitytracker.com/id/1028419


*** Adobe Security Bulletins Posted ***
---------------------------------------------
Today, we released the following Security Bulletins: APSB13-10 Security update: Security Hotfix available for ColdFusion APSB13-11 Security updates available for Adobe Flash Player APSB13-12 Security update available for Adobe Shockwave Player Customers of the affected products should...
---------------------------------------------
http://blogs.adobe.com/psirt/2013/04/adobe-security-bulletins-posted-5.html


*** Request Tracker 4.0.10 SQL Injection ***
---------------------------------------------
Request Tracker 4.0.10 SQL Injection 
Risk: Medium 
RT: Request Tracker System
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/_dNhCwOTOjA/WLB-2013040083


*** Industrial IT Security - Roadshow Frankfurt am Main | 18.06.2013 ***
---------------------------------------------
Eine Arbeitsgruppe im Bayerischen IT-Sicherheitscluster beschäftigt sich seit dem spektakulären Stuxnet-Angriff auf eine Urananreicherungsanlage im Iran im Jahr 2010 mit der Entwicklung von Produkten, Lösungen und Prozessen für die Produktionsebene. In Zusammenarbeit mit der Kompetenzgruppe Sicherheit des eco werden die Ergebnisse nun erstmal ausserhalb von Bayern vorgestellt.
---------------------------------------------
http://www.eco.de/2013/veranstaltungen/industrial-it-security.html


*** Wordpress-Widget verbreitet Spam ***
---------------------------------------------
Das Social-Media-Widget von Wordpress wurde als Spam-Schleuder genutzt. Im Januar wechselte der Entwickler, seitdem ist das Widget auffällig. Wordpress reagiert mit einem Bann. Das Plug-in sollte so schnell wie möglich deaktiviert werden.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Wordpress-Widget-verbreitet-Spam-1839368.html


*** Hijacking airplanes with an Android phone ***
---------------------------------------------
An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, about the completely realistic scenario of plane hijacking via a simple Android app has galvanized the crowd attending the Hack In The Box Conference in Amsterdam today.
---------------------------------------------
https://www.net-security.org/secworld.php?id=14733


*** Debian Security Advisory DSA-2659 libapache-mod-security ***
---------------------------------------------
XML external entity processing vulnerability
---------------------------------------------
http://www.debian.org/security/2013/dsa-2659


*** Podcast: Switch To IPV6 Demands A Security Re-Think ***
---------------------------------------------
"Youre probably not aware of it, but a major transformation is taking place on the Internet. Weve exhausted the approximately 4. 3 billion available addresses for IPV4 Internet Protocol Version 4 the Internets lingua franca...."
---------------------------------------------
http://securityledger.com/podcast-switch-to-ipv6-demands-a-security-re-think/


*** A dozen tools for removing almost any malware ***
---------------------------------------------
Here's a typical scenario for a veteran computer user. Having established best-security practices on your PC, you've been free of malware infections for a long time.
---------------------------------------------
https://windowssecrets.com/top-story/a-dozen-tools-for-removing-almost-any-malware/


*** Blog: The Winnti honeypot - luring intruders ***
---------------------------------------------
During our research on the Winnti group we discovered a considerable amount of Winnti samples targeting different gaming companies. Using this sophisticated malicious program cybercriminals gained remote access to infected workstations and then carried out further activity manually.
---------------------------------------------
http://www.securelist.com/en/blog/851/The_Winnti_honeypot_luring_intruders