[CERT-daily] Tageszusammenfassung - Mittwoch 17-04-2013
Daily end-of-shift report
team at cert.at
Wed Apr 17 18:02:49 CEST 2013
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 16-04-2013 18:00 − Mittwoch 17-04-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
*** NQ Mobile: Android Malware Doubled in 2012 ***
---------------------------------------------
Throw another log onto the proverbial Android malware fire: According to mobile security firm NQ Mobile, infections targeting devices running the Google-based operating system doubled in 2012. That translates to a 163 percent increase from 2011 and accounts for over 65,000 different types of malware discovered, up 30,000 from 25,000 the year before.read more
---------------------------------------------
https://threatpost.com/en_us/blogs/nq-mobile-android-malware-doubled-2012-041613
*** SAP BASIS Communication Services Command Execution ***
---------------------------------------------
Topic: SAP BASIS Communication Services Command Execution Risk: High Text: [ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services Please refer to www.esnc.de for the origin...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/uQXsNLsq7cM/WLB-2013040120
*** Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful ***
---------------------------------------------
Average amount of bandwidth used in DDoS attacks spiked eight-fold last quarter.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/QTLIjglO7vc/
*** MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data ***
---------------------------------------------
MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
---------------------------------------------
http://www.securitytracker.com/id/1028449
*** A peek inside a (cracked) commercially available RAT (Remote Access Tool) ***
---------------------------------------------
By Dancho Danchev In an attempt to add an additional layer of legitimacy to their malicious software, cybercriminals sometimes simply reposition them as Remote Access Tools, also known as R.A.Ts. What they seem to be forgetting is that, no legitimate Remote Access Tool would posses any spreading capabilities, plus, has the capacity to handle tens of [...]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/iV7a86XP2vA/
*** Apple aktualisiert Safari und Java-6-Unterstützung ***
---------------------------------------------
Apple hat in der Nacht zum Mittwoch seinen Web-Browser mit einer neuen Sicherheitsfunktion ausgestattet, mit der Java-Applets Website-spezifisch freigegeben werden können. Außerdem wurde ein neuerliches Java-6-Update veröffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/Apple-aktualisiert-Safari-und-Java-6-Unterstuetzung-1843475.html
*** 90% of game hacks and cracks contain malware ***
---------------------------------------------
Computer and online gaming is big business for companies creating the games, but a considerable drain on the finances of gamers, so it should not come as a surprise that many of the latter decide against buying games and add-ons, choosing instead to download cracked games, keygens, patches and more from torrent or file-sharing sites.
---------------------------------------------
https://www.net-security.org/malware_news.php?id=2468
*** Oracle Java Multiple Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious, local users to manipulate certain data and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53008
*** Linksys WRT54GL Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. upload a firmware image when a logged-in administrative user visits a specially crafted web page.
---------------------------------------------
https://secunia.com/advisories/53068
*** The beginners guide to breaking website security with nothing more than a Pineapple ***
---------------------------------------------
You know how security people get all uppity about SSL this and SSL that? Stuff like posting creds over HTTPS isn't enough, you have to load login forms over HTTPS as well and then you can't send auth cookies over HTTP because they'll get sniffed and sessions hijacked and so on and so forth.
---------------------------------------------
http://www.troyhunt.com/2013/04/the-beginners-guide-to-breaking-website.html
*** ACLU asks feds to probe wireless carriers over Android security updates ***
---------------------------------------------
Civil liberties advocates have asked the US Federal Trade Commission to take action against the nations four major wireless carriers for selling millions of Android smartphones that never, or only rarely, receive updates to patch dangerous security vulnerabilities.
---------------------------------------------
http://arstechnica.com/security/2013/04/wireless-carriers-deceptive-and-unfair/
*** Boston-Related Malware Campaigns Have Begun, (Wed, Apr 17th) ***
---------------------------------------------
About mid-afternoon yesterday (Central time - US), Boston related spam campaigns have begun. The general "hook" is that it sends a URL with a subject about the video from the explosions. Similar to when Osama Bin Laden was killed and fake images were used as a hook, in this case, the video is relevant to the story and being used as a hook. Right now, very roughly 10-20% of all spam is related to this (some spamtraps reporting more, some less). Similar IPs have also been sending pump
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15629&rss
More information about the Daily
mailing list