[CERT-daily] Tageszusammenfassung - Dienstag 28-05-2013

Daily end-of-shift report team at cert.at
Tue May 28 18:01:52 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 27-05-2013 18:00 − Dienstag 28-05-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Christian Wojner

*** Anatomy of a hack: How crackers ransack passwords like 'qeadzcwrsfxv1331' ***
---------------------------------------------
For Ars, three crackers have at 16,000+ hashed passcodes with 90 percent success.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/yG2GKDkgLMo/




*** Security boffins say music could trigger mobile malware ***
---------------------------------------------
Justin Bieber really evil virus theory just got more credible Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/05/28/light_sound_magnetic_malware_hidden_trigger/




*** HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users ***
---------------------------------------------
HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users
---------------------------------------------
http://www.securitytracker.com/id/1028593




*** Sicherheitslücke in Telekom-Router Speedport LTE II ***
---------------------------------------------
Der DSL-Router Speedport LTE II der Telekom soll von außen manipulierbar sein. Stellt ein Angreifer Anfragen an den Router, wird die zur Verfügung stehende Bandbreite gedrosselt. Ein Update soll die Lücke schließen.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-in-Telekom-Router-Speedport-LTE-II-1871284.html




*** How to hash windows files against known good set ***
---------------------------------------------
Required Tools: md5deep, nsrlquery 
You'll also need a server to query against. Luckily Kyrus has provided a nsrlserver (beta), known as the Kyrus NSRL Lookup Service!
---------------------------------------------
http://brakertech.com/hash-windows-files-against-known-good-set/




*** Serious Privacy Flaw In Facebook Pages Manager For Android Exposes Private Pictures For Everyone To See ***
---------------------------------------------
Facebook has a privacy hole that exposes private information to the public. And its a serious one, this time in Facebook Pages Manager for Android, which has been installed over 5 million times since January of this year.
---------------------------------------------
http://www.androidpolice.com/2013/05/26/serious-privacy-flaw-in-facebook-pages-manager-for-android-exposes-private-pictures-for-everyone-to-see/




*** BANKER Malware Hosted In Compromised Brazilian Government Sites ***
---------------------------------------------
Two Brazilian government websites have been compromised and used to serve malware since April 24. We spotted a total of 11 unique malware files being distributed from these sites, with filenames that usually include 'update', 'upgrade', 'Adobe', 'FlashPlayer' or combinations thereof. Besides the different filenames, these samples also have different domains where they can connect to
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/PCxIa2XQtdo/




*** ATM and Point-of-Sale Terminals Malware: The Bad Guys Just Never Stop! ***
---------------------------------------------
If you use your debit or credit card to buy groceries or get cash out of an ATM you might want to know that the bad guys could have a piece of it.
---------------------------------------------
http://blog.malwarebytes.org/intelligence/2013/05/atm-and-point-of-sale-terminals-malware-the-bad-guys-just-never-stop/




*** How to keep your Apple computer free from malicious programs and viruses ***
---------------------------------------------
 - Apple computers are not safe from viruses 
 - Fewer than half of Mac users run anti-virus software 
 - Mac users "will be targeted more and more easily"
---------------------------------------------
http://www.news.com.au/technology/techknow/how-to-keep-your-apple-computer-free-from-malicious-programs-and-viruses/story-fnda1lbo-1226651287698




*** The Team Cymru Malware Hash Registry (MHR) project ***
---------------------------------------------
The Malware Hash Registry (MHR) project is a look-up service similar to the Team Cymru IP address to ASN mapping project. This project differs however, in that you can query our service for a computed MD5 or SHA-1 hash of a file and, if it is malware and we know about it, we return the last time weve seen it along with an approximate anti-virus detection percentage.
---------------------------------------------
https://www.team-cymru.org/Services/MHR/




*** DoS-Lücke in ModSecurity gestopft ***
---------------------------------------------
Angreifer können die Web Application Firewall über speziell präparierte HTTP-Request aus der Ferne lahm legen.
---------------------------------------------
http://www.heise.de/security/meldung/DoS-Luecke-in-ModSecurity-gestopft-1872219.html




*** Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability ***
---------------------------------------------
Wordpress Export To Text Plugin "download" Remote File Inclusion Vulnerability
---------------------------------------------
https://secunia.com/advisories/51348




*** Nitro Pro / Reader PDF Parsing Vulnerability ***
---------------------------------------------
Nitro Pro / Reader PDF Parsing Vulnerability
---------------------------------------------
https://secunia.com/advisories/53473



*** SRWare Iron Multiple Vulnerabilities ***
---------------------------------------------
SRWare Iron Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/53586




*** Vuln: SPIP Security Bypass Vulnerability ***
---------------------------------------------
SPIP Security Bypass Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/60163


More information about the Daily mailing list