[CERT-daily] Tageszusammenfassung - Dienstag 12-11-2013

Daily end-of-shift report team at cert.at
Tue Nov 12 18:16:28 CET 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 11-11-2013 18:00 − Dienstag 12-11-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** ActiveX Control issue being addressed in Update Tuesday ***
---------------------------------------------
Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in 'Bulletin 3', which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS).
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx




*** Samsung, Nokia say they don´t know how to track a powered-down phone ***
---------------------------------------------
Back in July 2013, The Washington Post reported that nearly a decade ago, the National Security Agency developed a new technique that allowed spooks to find cellphones even when they were turned off.
---------------------------------------------
http://arstechnica.com/security/2013/11/samsung-nokia-say-they-dont-know-how-to-track-a-powered-down-phone/




*** Chinese Bitcoin exchange shutters, taking £2.5 MEEELION ***
---------------------------------------------
Another one Bits the dust... Chinese Bitcoin exchange GBL has shut down, taking with it over 25 million yuan ($US4.1m) of investors´ money, in another warning to those who don't look before they leap with the digital currency.
---------------------------------------------
http://www.theregister.co.uk/2013/11/12/bitcoin_gbl_hong_kong_collapse/




MSRT November 2013 - Napolar
---------------------------------------------
We first noticed the new family we named Win32/Napolar being distributed in the wild in early August this year. It quickly became a big problem on our customers´ machines. Napolar is one of two families targeted by the Malicious Software Removal Tool (MSRT) this month. The other is the bitcoin mining family Win32/Deminnix.
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2013/11/12/msrt-november-2013-napolar.aspx




*** GCHQ Used Fake LinkedIn Pages to Target Engineers ***
---------------------------------------------
The Belgacom employees probably thought nothing was amiss when they pulled up their profiles on LinkedIn, the professional networking site. The pages looked the way they always did, and they didnt take any longer than usual to load.
---------------------------------------------
http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-linkedin-pages-a-932821-druck.html




*** Smartphone PIN revealed by camera and microphone ***
---------------------------------------------
The PIN for a smartphone can be revealed by its camera and microphone, researchers have warned. Using a programme called PIN Skimmer a team from the University of Cambridge found that codes entered on a number-only soft keypad could be identified.
---------------------------------------------
http://www.bbc.co.uk/news/technology-24897581




*** A Peek Inside a Customer-ized API-enabled DIY Online Lab for Generating Multi-OS Mobile Malware ***
---------------------------------------------
The exponential growth of mobile malware over the last couple of years, can be attributed to a variety of growth factors, the majority of which continue playing an inseparable role in the overall success and growth of the cybercrime ecosystem in general.
---------------------------------------------
http://ddanchev.blogspot.co.uk/2013/11/a-peek-inside-customer-ized-api-enabled.html




*** Cyber Attack on Finland is a Warning for the EU ***
---------------------------------------------
A highly sophisticated multi-year cyber attack targeting Finland´s diplomatic communications is likely to have been replicated against other EU and Western countries.
---------------------------------------------
http://www.chathamhouse.org/media/comment/view/195392?




*** Selfish Miners Could Exploit P2P Nature of Bitcoin Network ***
---------------------------------------------
While researchers and academics are just at the beginning of the process of trying to judge the value of a recent paper on a vulnerability in the Bitcoin protocol, some are arguing that there is a smaller point that´s being missed in all of the back and forth: There is a problem with the peer-to-peer set-up of the Bitcoin network that could be exploited for profit.
---------------------------------------------
http://threatpost.com/selfish-miners-could-exploit-p2p-nature-of-bitcoin-network/102899




*** Vuln: strongSwan CVE-2013-6075 Authorization Security Bypass and Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63489




*** FOSCAM IP-Cameras SSID cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/88629




*** Belkin NetCam Wifi Camera Hardcoded Credentials ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110079




*** WordPress Curvo Themes - Arbitrary code execution ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110081


More information about the Daily mailing list