[CERT-daily] Tageszusammenfassung - Donnerstag 13-06-2013

Thu Jun 13 18:05:51 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 12-06-2013 18:00 − Donnerstag 13-06-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Robert Waldner

*** BlackBerry Issues Z10, PlayBook Security Advisories ***
---------------------------------------------
BlackBerry has issued security advisories warning of vulnerabilities in the Z10 smartphone and PlayBook tablet.
---------------------------------------------
http://threatpost.com/blackberry-issues-z10-playbook-security-advisories/


*** NanoBB 0.7 - Multiple Vulnerabilities ***
---------------------------------------------
An attacker might execute arbitrary SQL commands on the database server with this vulnerability. User tainted data is used when creating the database query that will be executed on the database management system (DBMS).
---------------------------------------------
http://www.exploit-db.com/exploits/26126


*** Vuln: WordPress crypt_private() Method Remote Denial of Service Vulnerability ***
---------------------------------------------
WordPress is prone to a remote denial-of-service vulnerability. 
Attackers can exploit this issue to consume CPU and memory resources, denying service to legitimate users. 
WordPress 3.5.1 is vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/60477


*** Rogue ads lead to SafeMonitorApp Potentially Unwanted Application (PUA) ***
---------------------------------------------
By Dancho Danchev Our sensors just picked up yet another rogue ad enticing users into installing the SafeMonitorApp, a potentially unwanted application (PUA) that socially engineers users into giving away their privacy through deceptive advertising of the rogue application's 'features'.
---------------------------------------------
http://blog.webroot.com/2013/06/13/rogue-ads-lead-to-safemonitorapp-potentially-unwanted-application-pua


*** Swedens data protection Authority bans Google cloud services over privacy concerns ***
---------------------------------------------
In a landmark ruling, Swedens data protection authority (the Swedish Data Inspection Board) this week issued a decision that prohibits the nations public sector bodies from using the cloud service Google Apps......
---------------------------------------------
http://www.privacysurgeon.org/blog/incision/swedens-data-protection-authority-bans-google-apps/


*** Enterprises spend too much time on attack prevention, not enough on mitigating a breach ***
---------------------------------------------
The biggest security mistake enterprises make is focusing too much time and too many resources on preventing cyberattacks and not enough time and money on mitigation once a breach occurs, said Dave Monnier, security evangelist and fellow at non-profit Internet security research firm Team Cymru."
---------------------------------------------
http://www.fierceenterprisecommunications.com/story/enterprises-spend-too-much-time-attack-prevention-not-enough-mitigating-bre/2013-06-12


*** Blog: AutoRun. Reloaded ***
---------------------------------------------
Recent months have produced little of interest among worms written in Java and script languages such as JavaScript and VBScript. The main reason behind this was the limited proficiency of the virus writers, whose creations were anything but remarkable. However, a couple of malware samples grabbed our attention; their complexity is testimony to the fact that professionals sometimes get involved as well.
---------------------------------------------
http://www.securelist.com/en/blog/8107/AutoRun_Reloaded


*** Microsoft botnet smackdown caused collateral damage, failed to kill target ***
---------------------------------------------
Zombies just wont stay underground Microsoft is attracting fresh criticism for its handling of the Citadel botnet takedown, with some security researchers pointing to signs that the zombie network is already rising from the grave again.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/13/ms_citadel_takedown_analysis/


*** Medical Devices Hard-Coded Passwords ***
---------------------------------------------
ALERTSUMMARYResearchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting a wide variety of medical devices. According to the report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware. ICS-CERT has been working closely with the Food and Drug Administration (FDA) on these issues. ICS-CERT and the FDA have notified the affected vendors of the report and have asked the vendors to confirm the
---------------------------------------------
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01


*** Researchers Claim Wi-Fi Threat Is A Serious Danger To iPhone Users ***
---------------------------------------------
The way certain iOS devices, like iPhones or iPads, automatically connect to Wi-Fi networks could place users at serious risk. Security firm SkyCure said it had discovered a feature in iPhone devices running on certain networks, including Vodafone, that would connect automatically to a Wi-Fi network with a specified SSID, such as 'BTWiFi'.
---------------------------------------------
http://www.techweekeurope.co.uk/news/researchers-claim-wi-fi-threat-is-a-serious-danger-to-iphone-users-118967