[CERT-daily] Tageszusammenfassung - Dienstag 17-12-2013

Tue Dec 17 18:23:04 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 16-12-2013 18:00 − Dienstag 17-12-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Rapid7 Webcasts: A Great Week to Learn About Pentesting SAP Infrastructures ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/12/16/rapid7-webcasts-a-great-week-to-learn-about-pentesting-sap-infrastructures


*** Three Books You Too Should Read This Year (Or Early 2014) ***
---------------------------------------------
For the holiday season, The Grumpy Reader fishes out a selecton of recent books you should read even if you think youre too busy.Im sure youve had that feeling too: There are times when theres too much coming your way when youre already busy, so some things just fall by the wayside for too long. In my case the victims of my unpredictable schedule were books that publishers sent me for review in one form or the other, and those reviews just never got written as I wanted to in between other...
---------------------------------------------
http://bsdly.blogspot.com/2013/12/three-books-you-too-should-read-this.html


*** How hackers made minced meat of Department of Engergy networks ***
---------------------------------------------
Hint: Some critical security patches not installed for years.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/HKg_RoYby0g/story01.htm


*** Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck ***
---------------------------------------------
Today we're publishing the December 2013 Security Bulletin Webcast Questions & Answers page. We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin (MS13-096), Security Advisory 2915720 and Security Advisory 2905247. We also wanted to note a new blog on the Microsoft Security Blog site on the top cyber threat predications for 2014. Topics from ransomware to regulation are covered by seven of Trustworthy Computing's top...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/12/16/predictions-for-2014-and-the-december-2013-security-bulletin-webcast-q-amp-a-and-slide-deck.aspx


*** Dissection of Zertsecurity - Banking Trojan. ***
---------------------------------------------
Zertsecurity is a well known banking Trojan based on phishing schemes targeting German Android users. Lets see how it works. After installing the application, it prompts the user for account and PIN numbers. The application takes the values of the account and PIN numbers via input boxes and saves them to the cfg.txt file. It then sends this file to a remote command and control (C&C)...
---------------------------------------------
http://research.zscaler.com/2013/12/dissection-of-zertsecurity-banking.html


*** The Case for a Compulsory Bug Bounty ***
---------------------------------------------
Security experts have long opined that one way to make software more secure is to hold software makers liable for vulnerabilities in their products. This idea is often dismissed as unrealistic and one that would stifle innovation in an industry that has been a major driver of commercial growth and productivity over the years. But a new study released this week presents perhaps the clearest economic case yet for compelling companies to pay for information about security vulnerabilities in their...
---------------------------------------------
http://krebsonsecurity.com/2013/12/the-case-for-a-compulsory-bug-bounty/


*** Big Data in Security ***
---------------------------------------------
Cisco's TRAC team about Big Data security challenges, tools and methodologies. 
---------------------------------------------
http://blogs.cisco.com/security/big-data-in-security-part-i-trac-tools/ 
http://blogs.cisco.com/security/big-data-in-security-part-ii-the-amplab-stack/ 
http://blogs.cisco.com/security/big-data-in-security-part-iii-graph-analytics/ 
http://blogs.cisco.com/security/big-data-in-security-part-iv-email-auto-rule-scoring-on-hadoop/ 
http://blogs.cisco.com/security/big-data-in-security-part-v-anti-phishing-in-the-cloud/


*** Hintergrund: iOS-Verschlüsselung durchleuchtet ***
---------------------------------------------
Neben der Hardware-Verschlüsselung bietet iOS noch eine optionale Datei-Verschlüsselung. Bei iOS 7 hat Apple deren Einsatz für Apps automatisiert. Allerdings genehmigt sich Apple selbst großzügige Ausnahmen für eigene Anwendungen.
---------------------------------------------
http://www.heise.de/security/artikel/iOS-Verschluesselung-durchleuchtet-2066500.html


*** Android anti-virus apps CANT kill nasties on sight like normal AV - and thats Googles fault ***
---------------------------------------------
Bad news if youre not a tech-savvy fandroid Android users expecting Windows levels of performance from Android-specific anti-virus packages are likely to be disappointed because only Google can automatically delete dodgy apps on Android devices, say malware experts.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/12/17/android_anti_malware/


*** Apple security updates Mac OS X and Safari, (Tue, Dec 17th) ***
---------------------------------------------
Apple have released the following security advisories and updates for Mac OS X and Safari. OS X Mavericks v10.9.1 and APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1. More information will be available from their web site: http://support.apple.com/kb/HT1222
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17234


*** Blog: ChewBacca - a new episode of Tor-based Malware ***
---------------------------------------------
We have discovered a new Tor-based malware, named "ChewBacca" and detected as "Trojan.Win32.Fsysna.fej". Adding Tor to malware is not unique to this sample, but it's still a rare feature. Lately Tor has become more attractive as a service to ensure users' anonymity. Also criminals use it for their activities, but they are only slowly adopting this to host their malicious infrastructure.
---------------------------------------------
http://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware


*** Trojan.Skimer.18 infects ATMs ***
---------------------------------------------
December 16, 2013 Russian anti-virus company Doctor Web is warning users about the Trojan program Trojan.Skimer.18. The criminals behind this malware are targeting ATMs of one of the worlds largest manufacturers. The Trojan can intercept and transmit bank card information processed by ATMs as well as data stored on the card and its PIN code. Trojan.Skimer.18 is by no means the first backdoor to infect ATM software, but it is the first to target devices so common throughout the world. The
---------------------------------------------
http://news.drweb.com/show/?i=4167&lng=en&c=9


*** Cisco EPC3925 cross-site request forgery ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/89713


*** Bugtraq: [security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/530357


*** Asterisk Dialplan Functions Let Remote Authenticated Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1029500


*** Asterisk SMS Message Buffer Overflow Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1029499