[CERT-daily] Tageszusammenfassung - Donnerstag 24-01-2013

Daily end-of-shift report team at cert.at
Thu Jan 24 18:08:09 CET 2013


=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 23-01-2013 18:00 − Donnerstag 24-01-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Christian Wojner




*** Cisco Prime LAN Management Solution Command Execution Vulnerability ***
---------------------------------------------
Please give us your feedback on Cisco Security Intelligence Operations. Thanks! Cisco Prime LAN Management Solution (LMS) Virtual Appliancecontains a vulnerability that could allow an unauthenticated, remoteattacker to execute arbitrary commands with the privileges of the root user. Thevulnerability is due to improper validation of authentication andauthorization commands sent to certain TCP ports. An attackercould exploit this vulnerability by connecting to the affected systemand sending
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms?vs_f=Cisco Security Advisory&vs_cat=Security Intelligence&vs_type=RSS&vs_p=Cisco Prime LAN Management Solution Command Execution Vulnerability&vs_k=1




*** Phisher missbrauchen URL-Weiterleitung der Arbeitsagentur ***
---------------------------------------------
PayPal-Phishing ist ein alter Hut. Neu ist, dass die Phishing-Links auf Arbeitsagentur.de zeigen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27d32215/l/0L0Sheise0Bde0Cmeldung0CPhisher0Emissbrauchen0EURL0EWeiterleitung0Eder0EArbeitsagentur0E17897860Bhtml0Cfrom0Crss0A9/story01.htm




*** Megas erster Krypto-Fauxpas ***
---------------------------------------------
Ein eigentlich cleveres Konzept zum Nachladen von Code entpuppt sich als potentielle Hintertür, weil dabei ungeeignete Krypto-Funktionen zum Einsatz kommen. So könnten Dritte Teile des Mega-Codes manipulieren.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27d24431/l/0L0Sheise0Bde0Cmeldung0CMegas0Eerster0EKrypto0EFauxpas0E1790A1370Bhtml0Cfrom0Crss0A9/story01.htm




*** DNS attacks increase by 170% ***
---------------------------------------------
"Radware identified a number of new attack methods representative of todays increasingly sophisticated and severe DDoS threat. Their latest report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. While security organizations have focused their efforts and attention on the pre and post-phases of defense, attackers now launch prolonged attacks that last days or weeks...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14285




*** Most exploit kits originated in Russia, say researchers ***
---------------------------------------------
"58 percent of the vulnerabilities targeted by the most popular exploit kits in Q4 were more than two years old and 70 percent of exploit kits reviewed were released or developed in Russia, reveals Solutionary SERTs Q4 2012 Quarterly Research Report. In reviewing 26 commonly used exploit kits, SERT identified exploit code dating as far back as 2004, serving as evidence that old vulnerabilities continue to prove fruitful for cyber criminals. The fact that 58 percent of the vulnerabilities
---------------------------------------------
http://www.net-security.org/secworld.php?id=14286




*** Most US banks were DDoSed last year - survey ***
---------------------------------------------
One in 10 banking IT bods say budget constraints an issue Nearly two-thirds of retail banks experienced at least one distributed denial of service (DDoS) attack in the past year, according to a new survey.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/01/24/ddos_survey_banks/




*** Malware - USA sind Botnet-Standort Nummer Eins ***
---------------------------------------------
Mehr Zombie-Rechner-Netzwerke als in China und Russland zusammen.
---------------------------------------------
http://derstandard.at/1358304537265/USA-sind-Botnet-Standort-Nummer-Eins




*** Spammer entdecken WhatsApp ***
---------------------------------------------
Spammer missbrauchen den beliebten Messaging-Dienst WhatsApp derzeit offenbar verstärkt als Transportmittel für ihre dubiosen Werbebotschaften.
---------------------------------------------
http://www.heise.de/meldung/Spammer-entdecken-WhatsApp-1790526.html/from/atom10




*** New Trojan fakes search results ***
---------------------------------------------
January 15, 2013 Russian anti-virus company Doctor Web is warning users about a malicious program dubbed BackDoor.Finder which fakes search result pages and redirects browsers to bogus websites. When launched in an infected system, BackDoor.Finder creates a copy of itself in the current users % APPDATA% folder and makes corresponding changes in the branch of the Windows registry responsible for application startup. After that this malware injects its code into all running processes. If it
---------------------------------------------
http://news.drweb.com/show/?i=3218&lng=en&c=9




*** Backdoors Found in Barracuda Networks Gear ***
---------------------------------------------
A broad variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.Related Posts:Amnesty International Site Serving Java ExploitNew
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/OyYLL3kGjlo/




*** Update-Probleme mit Microsofts Gratis-Virenscanner ***
---------------------------------------------
Auf einigen Systemen aktualisieren die Microsoft Security Essentials seit einigen Tagen ihre Signatur nicht mehr selbstständig. Abhilfe schafft das manuelle Einspielen eines Signaturpakets.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/27dc0058/l/0L0Sheise0Bde0Cmeldung0CUpdate0EProbleme0Emit0EMicrosofts0EGratis0EVirenscanner0E1790A9260Bhtml0Cfrom0Crss0A9/story01.htm


More information about the Daily mailing list