[CERT-daily] Tageszusammenfassung - Montag 29-04-2013
Daily end-of-shift report
team at cert.at
Mon Apr 29 18:00:54 CEST 2013
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 26-04-2013 18:00 − Montag 29-04-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Dutchman Arrested in Spamhaus DDoS ***
---------------------------------------------
A 35-year-old Dutchman thought to be responsible for launching whats been called "the largest publicly announced online attack in the history of the Internet" was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as "SK," was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization ...
---------------------------------------------
http://krebsonsecurity.com/2013/04/dutchman-arrested-in-spamhaus-ddos/
*** McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files ***
---------------------------------------------
McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Inject SQL Commands, Execute Arbitrary Code, and Upload Files
---------------------------------------------
http://www.securitytracker.com/id/1028479
*** Tracking PDF Usage Poses a Security Problem ***
---------------------------------------------
Looking back this year's RSA Conference, you might have the feeling that the current threat landscape is primarily a series of advanced attacks. This concept includes well-known advanced persistent threats (APTs) and zero-day vulnerability exploits. To respond to this trend in threats, McAfee Labs has launched several innovative projects, one of which we call the advanced exploit detection system (AEDS).
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/tracking-pdf-usage-poses-a-security-problem
*** VMware security updates for vCenter Server VMSA-2013-0006 ***
---------------------------------------------
VMware security updates for vCenter Server
---------------------------------------------
https://www.vmware.com/support/support-resources/advisories/VMSA-2013-0006.html
*** Hacker klauen Daten von 50 Millionen LivingSocial-Kunden ***
---------------------------------------------
Aller Voraussicht nach sind Hacker in Besitz der auf den LivingSocial-Servern hinterlegten persönlichen Kundendaten gelangt.
---------------------------------------------
http://www.heise.de/security/meldung/Hacker-klauen-Daten-von-50-Millionen-LivingSocial-Kunden-1851131.html
*** The Importance of Strong Passwords on Social Media ***
---------------------------------------------
Last Tuesday, April 23, the Twitter account of the Associated Press news agency was hacked and sent out a hoax tweet reporting that President Barack Obama had been injured by an explosion in the White House. Within seconds, Wall Street was in panic mode and US stock plunged. Situations like this illustrate once again the ...
---------------------------------------------
http://pandalabs.pandasecurity.com/the-importance-of-strong-passwords-on-social-media/
*** Manipulierte Apache-Binaries laden Schadcode ***
---------------------------------------------
Sicherheitsunternehmen haben nach eigenen Angaben Hunderte von manipulierten Apache-Servern gefunden, die sich von Angreifern steuern lassen. Sie leiten Requests auf Malware- und Porno-Seiten um.
---------------------------------------------
http://www.heise.de/security/meldung/Manipulierte-Apache-Binaries-laden-Schadcode-1851245.html
*** BOINC Multiple vulnerabilities ***
---------------------------------------------
Topic: BOINC Multiple vulnerabilities Risk: Medium Text:There have been various recent(-ish) vulnerabilities found in the BOINC software for desktop grid computing. The major project...
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013040196
*** D-Link DIR-635 change password security bypass ***
---------------------------------------------
D-Link DIR-635 change password security bypass
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83832
*** Gegen selbst-aktualisierende Apps: Googles Play Store schafft eine "Lex Facebook" ***
---------------------------------------------
Im März brachte Facebook erste Updates für seine Android-App heraus, die am Play Store vorbei geschleust wurden. Jetzt hat der Play Store seine Entwickler-Richtlinien geändert. Updates sind nur über den Play Store legitim.
---------------------------------------------
http://www.heise.de/security/meldung/Gegen-selbst-aktualisierende-Apps-Googles-Play-Store-schafft-eine-Lex-Facebook-1851332.html
*** Library of Malware Traffic Patterns ***
---------------------------------------------
Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize malware traffic patterns and see the trends when they change has been always an important skill for anyone tasked with network defense.
---------------------------------------------
http://www.deependresearch.org/2013/04/library-of-malware-traffic-patterns.html
*** C&C Servers Reconfigured to Make Them More Advanced ***
---------------------------------------------
FireEye, which recently released a report The Advanced Cyber Attack Landscape describes cyber-criminals as doing better in bypassing identification by constantly changing the configurations of their central C&C structures so foremost malware is able to establish communication with localized C&C infrastructures, meaning the identical nation-based infrastructures where the newly-contaminated computers are situated, ...
---------------------------------------------
http://www.spamfighter.com/News-18322-CC-Servers-Reconfigured-to-Make-Them-More-Advanced-Warns-FireEye.htm
*** The Security Risks of Unlocking Your Android Phone's Bootloader ***
---------------------------------------------
ndroid geeks often unlock their bootloaders to root their devices and install custom ROMs. But there's a reason devices come with locked bootloaders unlocking your bootloader creates security risks.
---------------------------------------------
http://www.howtogeek.com/142502/htg-explains-the-security-risks-of-unlocking-your-android-phones-bootloader/
*** The Latest Java Exploit with Security Prompt/Warning Bypass (CVE-2013-2423) ***
---------------------------------------------
>From Java SE 7 update 11 oracle has introduced a new security features called security warning that prompts a window every time an applet request for execution.
---------------------------------------------
http://security-obscurity.blogspot.co.at/2013/04/the-latest-java-exploit-with-security.html
More information about the Daily
mailing list