[CERT-daily] Tageszusammenfassung - Montag 4-11-2013

Daily end-of-shift report team at cert.at
Mon Nov 4 18:51:06 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 31-10-2013 18:00 − Montag 04-11-2013 18:00
Handler:     Otmar Lendl
Co-Handler:  Stephan Richter




*** Top three recommendations for securing your personal data using cryptography, by EU cyber security Agency ENISA in new report ***
---------------------------------------------
ENISA, the European Union's "cyber security" Agency today launched a report that all authorities should better promote cryptographic measure to safeguard personal data.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/top-three-recommendations-for-securing-your-personal-data-using-cryptography-by-eu-cyber-security-agency-enisa-in-new-report




*** Know Your Enemy: Tracking A Rapidly Evolving APT Actor ***
---------------------------------------------
Between Oct. 24-25 FireEye detected two spear-phishing attacks attributed a threat actor we have previously dubbed admin at 338.[1] The newly discovered attacks targeted a number of organizations and were apparently focused on gathering data related to international trade, finance and economic...
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html




*** How To Avoid CryptoLocker Ransomware ***
---------------------------------------------
Over the past several weeks, a handful of frantic Microsoft Windows users have written in to ask what they might do to recover from PC infections from "CryptoLocker," the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts your files until you pay a ransom. Unfortunately, the answer for these folks is usually either to pay up or suck it up. This post offers a few pointers to help readers avoid becoming the next victim.
---------------------------------------------
http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/




*** Why Motivated Attackers Often Get What They Want ***
---------------------------------------------
Do you work for a company possessing information which could be of financial value to people outside the organization? Or, perhaps even a foreign state would find it useful to gain access to the documents youre storing on that shared network drive? Yes? Then congratulations, you may already be the target of a persistent and motivated attacker (who sometimes, but rarely, is also advanced).According to this CERT-FI presentation, even Finland has seen nearly a decade of these attacks. Nowadays,
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002632.html




*** Google-dorks based mass Web site hacking/SQL injecting tool helps facilitate malicious online activity ***
---------------------------------------------
Among the most common misconceptions regarding the exploitation (hacking) of Web sites, is that no one would exclusively target *your* Web site, given that the there are so many high profile Web sites to hack into. In reality though, thanks to the public/commercial availability of tools relying on the exploitation of remote Web application vulnerabilities, the insecurely configured Web sites/forums/blogs, as well as the millions of malware-infected hosts internationally, virtually every Web
---------------------------------------------
http://www.webroot.com/blog/2013/11/01/peek-inside-google-dorks-based-mass-sql-injecting-tool/




*** Secunias PSI Country Report - Q3 2013, (Fri, Nov 1st) ***
---------------------------------------------
On the heels of discussing Microsofts Security Intelligence Report v15 wherein the obvious takeaway is "Windows XP be gone!", Secunias just-released PSI Country Report - Q3 2013 is an interesting supplemental read. Here are the summary details:   Programs Installed: 75, from 25 different vendors  40% (30 of 75) of these programs are Microsoft programs  60% (45 of 75) of these programs are from third-party vendors  Users with unpatched Operating Systems: 14.6% (WinXP, Win7, Win8,
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16943&rss




*** July-September 2013 ***
---------------------------------------------
NOTE 1: The "ICS-CERT Monitor" newsletter offers a means of promoting preparedness, information sharing, and collaboration with the 16 critical infrastructure sectors. ICS-CERT accomplishes this on a day-to-day basis through sector briefings, meetings, conferences, and information product releases.
---------------------------------------------
http://ics-cert.us-cert.gov/monitors/ICS-MM201310




*** SOHO Router Horror Stories: German Webcast with Mike Messner ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/11/04/soho-router-horror-stories-german-webcast-with-mike-messner




*** Nordex NC2 - Cross-Site Scripting Vulnerability ***
---------------------------------------------
NCCIC/ICS-CERT is aware of a public report of a Cross-Site Scripting vulnerability affecting the Nordex Control 2 (NC2) application, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by allowing a specially crafted request that could execute arbitrary script code. This report was released without coordination with either the vendor or NCCIC/ICS-CERT. NCCIC/ICS-CERT is attempting to...
---------------------------------------------
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-304-01




*** VU#450646: Tiki Wiki CMS Groupware version 11.0 contains a cross-site scripting (XSS) vulnerability ***
---------------------------------------------
Vulnerability Note VU#450646 Tiki Wiki CMS Groupware version 11.0 contains a cross-site scripting (XSS) vulnerability Original Release date: 31 Oct 2013 | Last revised: 31 Oct 2013   Overview Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a cross-site scripting (XSS) vulnerability (CWE-79).  Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a
---------------------------------------------
http://www.kb.cert.org/vuls/id/450646




*** VMSA-2013-0009.2 ***
---------------------------------------------
VMware vSphere, ESX and ESXi updates to third party libraries
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2013-0009.html




*** TP-Link Cross Site Request Forgery Vulnerability ***
---------------------------------------------
Topic: TP-Link Cross Site Request Forgery Vulnerability Risk: Medium Text:I. Introduction Today the majority of wired Internet connections is used with an embedded NAT router, which allows using ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013100223




*** Zend Framework Proxied Request Processing IP Spoofing Weakness ***
---------------------------------------------
https://secunia.com/advisories/55529




*** Novell ZENworks Configuration Management Directory Traversal Flaw Lets Remote Users Obtain Files ***
---------------------------------------------
http://www.securitytracker.com/id/1029289




*** Security Bulletins for multiple HP Products ***
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969436
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969433
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748879
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03960916




*** Security Bulletins for multiple IBM Products ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_notes_domino_fixes_for_multiple_vulnerabilities_in_ibm_jre4?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_infosphere_guardium_data_redaction_affected_by_ssl_vulnerability_in_apache_axis2_cve_2012_57852?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_domino_designer_9_0_1_and_8_5_3_fix_pack_5_fix_for_ibm_jre_xml_parsing_vulnerability?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_puredata_system_for_operational_analytics_a1791_is_affected_by_an_ospf_vulnerability_cve_2013_0149?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_exist_in_the_ibm_java_sdk_that_is_shipped_with_tivoli_netcool_omnibus_web_gui_cve_2013_0440_cve_2013_0443?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_vulnerabilities_in_ibm_infosphere_optim_data_growth_for_oracle_e_business_suite_cve_2013_0577_cve_2013_0579_cve_2013_05801?lang=en_us
http://www.securityfocus.com/bid/62018


More information about the Daily mailing list