[CERT-daily] Tageszusammenfassung - Montag 11-03-2013

Mon Mar 11 18:07:57 CET 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Freitag 08-03-2013 18:00 − Montag 11-03-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  L. Aaron Kaplan

*** Yahoo! webmail! hijacks! are! back!... ***
---------------------------------------------
Didnt! they! fix! that?! Yahoo! has blamed cross-site scripting security bugs, which it claims to have squashed, for a recent upsurge in webmail account takeovers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/08/yahoo_webmail_hijack_flare_on/


*** Pwn2Own ends with all attackers winning ***
---------------------------------------------
"The Pwn2Own competition at CanSecWest has come to an end with the second day being like the first day. No web browser plugin survived being attacked and Adobe Flash, Adobe Reader XI and Java were all successfully hacked. Vupen security, who had demonstrated exploits of Internet Explorer 10, Firefox and Java on day one, returned with an exploit for Adobe Flash...."
---------------------------------------------
http://www.h-online.com/open/news/item/Pwn2Own-ends-with-all-attackers-winning-1819164.html


*** DNS Hijack Leads To Bitcoin Heist ***
---------------------------------------------
First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved."
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_Jp5n8Dt8jA/story01.htm


*** Trend Micro Examines Asprox Botnet ***
---------------------------------------------
"TrendLabs recently published a research paper providing a detailed look at the Asprox botnet, which delivers malware via spam e-mails that claim to come from package delivery companies like FedEx, DHL, and the U.S. Postal Service."While Asprox has only been mentioned sporadically in the past few years, other spam campaigns with similar tactics as well as fake ticket scams using well-known airlines like Delta and American Airlines have received significant attention,"
---------------------------------------------
http://www.esecurityplanet.com/malware/trend-micro-examines-asprox-botnet.html


*** Raspberry Pi Hit by Cyber Attack (DDoS) ***
---------------------------------------------
It's sad to see the Raspberry Pi Foundation, a charity with a good cause at its heart, has been the focus of a vicious attack. This stunt goes to highlight the unfortunate fact that any organisation, of any size and nature, is vulnerable.
---------------------------------------------
http://www.esecurityplanet.com/network-security/raspberry-pi-hit-by-cyber-attack.html


*** ICS-CERT sums up 2012 cyber security response activities ***
---------------------------------------------
"The Industrial Control System Cyber Emergency Response Team (ICS-CERT) issued on March 7 a report on its activities in 2012. ICS-CERT provides Cyber security evaluations to support the reliability and resiliency of the systems that comprise and interconnect critical infrastructures. It develops and implements coordinated security measures in collaboration with partners from across public, private and international communities...."
---------------------------------------------
http://www.gsnmagazine.com/node/28699?c=cyber_security


*** Zimmerspion SmartTV ***
---------------------------------------------
Ein Sicherheitsforscher hat SmartTVs von Samsung so manipuliert, dass er ihre Webcam zur Raumüberwachung nutzen konnte während der Fernseher augenscheinlich ausgeschaltet war.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/296010ec/l/0L0Sheise0Bde0Csecurity0Cmeldung0CZimmerspion0ESmartTV0E18198230Bhtml0Cfrom0Crss0A9/story01.htm


*** Think your internet password is safe? Think again... ***
---------------------------------------------
"Are you one of those naive types who believes that choosing the name of your first pet as an internet password is going to protect you from hacking and fraud? Be very, very afraid, warns Memphis Barker, who has discovered some deeply unsettling facts about the increasing sophistication of data breaches...."
---------------------------------------------
http://www.independent.co.uk/life-style/gadgets-and-tech/features/think-your-internet-password-is-safe-think-again-8523105.html


*** Debian Security Advisory DSA-2642 sudo ***
---------------------------------------------
several issues
---------------------------------------------
http://www.debian.org/security/2013/dsa-2642


*** Apple schließt kritische Lücke in App Store ***
---------------------------------------------
Eine Sicherheitslücke, die Angriffe auf iOS-Geräte ermöglichte, wurde nun endlich geschlossen. Gemeldet worden war das Problem bereits vor mehr als einem halben Jahr von einem Google-Sicherheitsforscher. Bekannt gemacht wurde es aber erst jetzt.
---------------------------------------------
http://futurezone.at/digitallife/14564-apple-schliesst-kritische-luecke-in-app-store.php?rss=fuzo


*** WordPress plugins vulnerable to CVE-2013-1808 ***
---------------------------------------------
Topic: WordPress plugins vulnerable to CVE-2013-1808 Risk: Low Text: I tested WordPress plugins to see which are vulnerable to CVE-2013-1808, because original founder of this vulnerability did not...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/qEk7pVSgvcw/WLB-2013030077


*** Kundendaten des deutschen Avast-Distributors im Netz ***
---------------------------------------------
Wer über Avast.de eine Virenschutzsoftware gekauft hat, hat ein Problem: Im Netz kursieren offenbar die Daten von über 16.000 Kunden; darunter auch Zahlungsinformationen und Passwort-Hashes.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/29698122/l/0L0Sheise0Bde0Csecurity0Cmeldung0CKundendaten0Edes0Edeutschen0EAvast0EDistributors0Eim0ENetz0E1820A0A0A70Bhtml0Cfrom0Crss0A9/story01.htm


*** Vuln: Perl CVE-2013-1667 Input Rehashing Denial of Service Vulnerability ***
---------------------------------------------
Perl CVE-2013-1667 Input Rehashing Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/58311


*** Miniduke: web based infection vector ***
---------------------------------------------
Together with our partner CrySyS Lab, weve discovered two new, previously-unknown infection mechanisms for Miniduke. These new infection vectors rely on Java and IE vulnerabilities to infect the victims PC.
---------------------------------------------
http://www.securelist.com/en/blog/208194159/Miniduke_web_based_infection_vector


*** Help Keep Threats at Bay With 'Click-to-Play' ***
---------------------------------------------
Muzzling buggy and insecure Web browser plugins like Java and Flash goes a long way toward blocking attacks from drive-by downloads and hacked or malicious Web sites. But leaving them entirely unplugged from the browser is not always practical, particularly with Flash, which is used on a majority of sites. Fortunately, there is a relatively simple and effective alternative: Click-to-Play.Related Posts:How to Unplug Java from the BrowserWhat You Need to Know About the Java ExploitBlocking
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/fXtHr18Ampk/


*** Bugtraq: Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503 ***
---------------------------------------------
Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503
---------------------------------------------
http://www.securityfocus.com/archive/1/525958