[CERT-daily] Tageszusammenfassung - Freitag 26-07-2013

Fri Jul 26 18:01:31 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 25-07-2013 18:00 − Freitag 26-07-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** WordPress Duplicator 0.4.4 Cross Site Scripting ***
---------------------------------------------
Topic: WordPress Duplicator 0.4.4 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23162 Product: Duplicator WordPress Plugin Vendor: LifeInTheGrid Vulnerable Version(s): 0.4.4 and probably ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070201


*** Haunted by the Ghosts of ZeuS & DNSChanger ***
---------------------------------------------
One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit
---------------------------------------------
https://krebsonsecurity.com/2013/07/haunted-by-the-ghosts-of-zeus-dnschanger/


*** Versteckte Rechteverwaltung in Android 4.3 ***
---------------------------------------------
Android 4.3 bringt eine Funktion mit, um Apps nachträglich ihre Rechte zu entziehen. Freigeschaltet ist sie noch nicht, doch das geht mit einem kleinen Trick. Die Apps sind darauf allerdings nicht vorbereitet und reagieren unterschiedlich.
---------------------------------------------
http://www.heise.de/security/meldung/Versteckte-Rechteverwaltung-in-Android-4-3-1923964.html


*** Blog: Malicious news - birth, death, spy scandal ***
---------------------------------------------
Anna Volodina and Ram Herkanaidu
---------------------------------------------
http://www.securelist.com/en/blog/8110/Malicious_news_birth_death_spy_scandal


*** Poker player who won $1.5 million charged with running Android malware ring ***
---------------------------------------------
Contact-stealing Android malware allegedly used to fuel $3.9M spam operation.
---------------------------------------------
http://arstechnica.com/information-technology/2013/07/poker-player-who-won-1-5-million-charged-with-running-android-malware-ring/


*** The Dangers of a Royal Baby: Scams Abound ***
---------------------------------------------
Big news stories are always an opportunity for scammers and spammers, who attempt to redirect users to malicious exploit kits or other unwanted services. Britain's royal baby is the latest news to offer cover for malware. We have already found a lot of spam messages regarding the birth and baby that lead users to the Read more...
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/the-dangers-of-a-royal-baby-scams-abound


*** Hintergrund: Zukunftssicher Verschlüsseln mit Perfect Forward Secrecy ***
---------------------------------------------
Mit einem exotischen Feature bestimmter Verschlüsselungseinstellungen, könnten Server-Betreiber der NSA in die Suppe spucken. Leider macht das bisher nur ein einziger der großen Diensteanbieter.
---------------------------------------------
http://www.heise.de/security/artikel/Zukunftssicher-Verschluesseln-mit-Perfect-Forward-Secrecy-1923800.html


*** Short-URL Services May Hide Threats ***
---------------------------------------------
In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts. Read more...
---------------------------------------------
http://blogs.mcafee.com/mcafee-labs/short-url-services-may-hide-threats


*** Microsoft: 88 Percent of Citadel Botnets Down ***
---------------------------------------------
Nearly two months after the company was part of an operation to disrupt a large number of Citadel botnets, Microsoft said that 88 percent of the botnets spawned by that malware have been taken down. Citadel is a Trojan designed specifically to steal financial information from a variety of sources using a number of techniques.
---------------------------------------------
http://threatpost.com/microsoft-88-percent-of-citadel-botnets-down/101503


*** Powershell Payload Web Delivery ***
---------------------------------------------
Topic: Powershell Payload Web Delivery Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070202


*** FileChucker filechucker.cgi file upload ***
---------------------------------------------
FileChucker filechucker.cgi file upload
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/85965


*** [2013-07-26] Critical vulnerabilities in Symantec Web Gateway ***
---------------------------------------------
The identified vulnerabilities enable state-sponsored or criminal hackers to take full control of the Symantec Web Gateway Appliance. The surveillance of all internet web activities, which are supposed to be protected by the Symantec solution, can be performed by the attacker easily.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt


*** Bugtraq: Xymon Systems and Network Monitor - remote file deletion vulnerability ***
---------------------------------------------
Xymon Systems and Network Monitor - remote file deletion vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/527534


*** BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities ***
---------------------------------------------
BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54145


*** Aktueller Phishing-Angriff auf Apple-Nutzer ***
---------------------------------------------
Einige Online-Ganoven scheinen den aktuellen Ausfall von Apples Entwicklerbereich zu nutzen, um an Apple-IDs zu gelangen.
---------------------------------------------
http://www.heise.de/security/meldung/Aktueller-Phishing-Angriff-auf-Apple-Nutzer-1924324.html


*** Malware Evasion Techniques Dissected at Black Hat ***
---------------------------------------------
Researchers use file-level sandboxes to analyze the behavior of malware samples as well as techniques malicious code uses to detect and evade analysis.
---------------------------------------------
http://threatpost.com/malware-evasion-techniques-dissected-at-black-hat/101504


*** So funktioniert der SIM-Karten-Hack ***
---------------------------------------------
Vor rund einer Woche deckte der deutsche Kryptographieexperte Karsten Nohl auf, dass sich Millionen SIM-Kartendaten durch das Hacken der DES-Schlüssel ausnutzen lassen. Wie das genau geht, zeigt unser Video.
---------------------------------------------
http://www.heise.de/security/meldung/So-funktioniert-der-SIM-Karten-Hack-1924346.html