[CERT-daily] Tageszusammenfassung - Freitag 1-03-2013

Fri Mar 1 18:09:58 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 28-02-2013 18:00 − Freitag 01-03-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Fake Flash Player download pages pushing malware ***
---------------------------------------------
"As you may already heard, Adobe has pushed out an update for Flash Player that fixes vulnerabilities discovered to be currently exploited in the wild in targeted attacks. If you havent set up automatic updating for Flash, you will have to find and download the update yourself, and the best place from which to pick it up is Adobes official Flash page. Im reiterating this because there are web pages out there that spoof Adobes legitimate one, and they are pretty well crafted (click on the...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2429


*** Browser makers open local storage hole in HTML5 ***
---------------------------------------------
Bad implementation of disk space limits A slip-up in the implementation of HTML5 on Chrome, Opera and Internet Explorer can be exploited to fill users’ hard drives, according to a 22-year-old Web developer from Stanford...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/html_5_implementation_bug_drive_filler/


*** Bank of America Spy Team leaked emails by Anonymous ***
---------------------------------------------
"Many Bank of America spy emails available to the public. Lot of fun stuff including stuff on Sopa, Money trails, Wikileakes, Sony, Stratfor, etc... these emails have been orgnised for the public by Par:AnoIA (Potentially Alarming Research: Anonymous Intelligence Agency)..."
---------------------------------------------
http://www.cyberwarzone.com/bank-america-spy-team-leaked-emails-anonymous


*** PHP-Fusion 7.02.05 XSS & LFI & SQL Injection ***
---------------------------------------------
Topic: PHP-Fusion 7.02.05 XSS & LFI & SQL Injection Risk: High Text:[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05 = Author: Janek Vind "warax...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JWjlGvtaj28/WLB-2013030001


*** Spearphishing in your office ***
---------------------------------------------
"Spear Phishing is on the rise, and many of you dont even realize its happening to you. It used to be youd get a random email from a bank you dont do business with, claiming an account security issue. Its pretty easy to figure out, But what if you get an email from your companys HR department with a policy change notification, or vacation policy update...."
---------------------------------------------
http://ktar.com/153/1613505/Spearphishing-in-your-office


*** Sinkholes reveal more Chinese-hacked biz - and piggybacking crims ***
---------------------------------------------
Its not just state-backed spies using snoop-ware armies Researchers have identified yet more high-profile organisations attacked by spying Chinese hackers after seizing hold of the miscreants command-and-control servers...
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/01/sinkhole_research_uncovers_cyberspy_victims/


*** Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered ***
---------------------------------------------
"Researchers at Symantec have identified an earlier version of the Stuxnet malware that shows that the cyberattacks on Irans Natanz nuclear plant date back as early as 2005 and targeted another piece of uranium-enrichment equipment. Symantec found what it calls Stuxnet version 0. 5 of the sophisticated cyberweapon among the samples it had collected from the version of the malware that was first discovered in the wild back in July 2010 and was created in 2009...."
---------------------------------------------
http://www.darkreading.com/advanced-threats/167901091/security/news/240149525/stuxnet-the-prequel-earlier-version-of-cyberweapon-discovered.html


*** How Much Does A Botnet Cost? ***
---------------------------------------------
"The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations. Security researcher Dancho Danchev recently profiled an underground botnet service and found that the market for botnets fueled by American machines is more lucrative than botnets consisting of an international hodgepodge of IP...
---------------------------------------------
http://threatpost.com/en_us/blogs/how-much-does-botnet-cost-022813


*** Malwares Future Looks A Lot Like Its Present ***
---------------------------------------------
"What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday...."
---------------------------------------------
http://securityledger.com/what-will-malware-look-like-in-a-few-years/


*** sudo authentication bypass when clock is reset ***
---------------------------------------------
Topic: sudo authentication bypass when clock is reset Risk: High Text:Sudo 1.8.6p7 and 1.7.10p7 are now available which include a fix for the following bug: Sudo authentication bypass when clock...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Cg957nnlc_A/WLB-2013030010


*** Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities ***
---------------------------------------------
Topic: Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities Risk: Medium Text:Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notific...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/4-cD4XbHTA0/WLB-2013030008


*** [papers] - Post XSS Exploitation: Advanced Attacks and Remedies ***
---------------------------------------------
http://www.exploit-db.com/download_pdf/24559


*** And the Java 0-days just keep on coming, (Fri, Mar 1st) ***
---------------------------------------------
The bad guys certainly seem to be picking on Oracle in the last month or two. The folks over at Fireeye have posted some info about another 0-day affecting Java that is being exploited in the wild. This one hits even the latest versions of Java 6u41 and 7u15. From the writeup the it seems the exploit is currently not always successful, but when it is drops a remote access trojan on the systme and connects back to an HTTP command and control server. I havent had a chance to actually look at the...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15310&rss