[CERT-daily] Tageszusammenfassung - Donnerstag 14-11-2013

Thu Nov 14 18:06:12 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 13-11-2013 18:00 − Donnerstag 14-11-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** Stanford Metaphone Project Aims to Show Dangers of Metadata Collection ***
---------------------------------------------
When the first NSA surveillance story broke in June, about the agency´s collection of phone metadata from Verizon, most people likely had never heard the word metadata before. Even some security and privacy experts weren´t sure what the term encompassed, and now a group of security researchers at Stanford have started a new project to collect data from Android users to see exactly how much information can be drawn from the logs of phone calls and texts.
---------------------------------------------
http://threatpost.com/stanford-metaphone-project-aims-to-show-dangers-of-metadata-collection/102924


*** Thunderbird gibt falschem Absender das Echtheits-Siegel ***
---------------------------------------------
Eigentlich sollen digitale Signaturen sicherstellen, dass man sich auf den Absender einer E-Mail verlassen kann. Allerdings stellt sich Thunderbird im Umgang mit signierten E-Mails so ungeschickt an, dass man falsche Absender vortuschen kann.
---------------------------------------------
http://www.heise.de/security/meldung/Thunderbird-gibt-falschem-Absender-das-Echtheits-Siegel-2044405.html


*** Unusual BHEK-Like Spam With Attachment Found ***
---------------------------------------------
Soon after Paunch was arrested, we found that the flow of spam campaigns going to sites with the Blackhole Exploit Kit (BHEK) had slowed down considerably. Instead, we saw an increase in messages with a malicious attachment.
Recently, however, we came across rather unusual spam samples that combines characteristics of both attacks.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/unusual-bhek-like-spam-with-attachment-found/


*** Mobile Pwn2Own: Galaxy S4 und iOS gehackt ***
---------------------------------------------
Am ersten Tag des Wettbewerbs Mobile Pwn2Own in Tokio wurde auf Samsungs Galaxy S4 eine Sicherheitslücke gezeigt, die es ermöglicht, beliebige Apps zu installieren. Chinesische Hacker zeigten Schwachstellen in Safari unter iOS 6.1.4 und 7.0.3.
---------------------------------------------
http://www.heise.de/security/meldung/Mobile-Pwn2Own-Galaxy-S4-und-iOS-gehackt-2045460.html


*** Analysis: IT Threat Evolution: Q3 2013 ***
---------------------------------------------
IT Threat Evolution: Q3 2013
Targeted Attacks / APT
Malware Stories
Web security and data breaches
Mobile malware
---------------------------------------------
http://www.securelist.com/en/analysis/204792312/IT_Threat_Evolution_Q3_2013


*** A-DOH!-BE hack: Facebook warns users whose logins were spilled ***
---------------------------------------------
Facebook is using a list of hacked Adobe accounts posted by the miscreants themselves to warn its own customers about password reuse.
---------------------------------------------
http://www.theregister.co.uk/2013/11/14/facebook_adobe_password_leak_warning/


*** New OSX/Crisis or Business Cards Gone Wild ***
---------------------------------------------
In these days of computer conspiracies, the Mac is not left out. A new variant of Remote Control System, Hacking Team´s spyware, landed on VirusTotal with a detection rate of 0 out of 47 scanners. RCS, also known as OSX/Crisis, is an expensive rootkit used by governments during targeted attacks.
---------------------------------------------
http://www.intego.com/mac-security-blog/new-osx-crisis-business-cards-gone-wild/


*** Cracked.com Serving Malware in Drive-By Downloads ***
---------------------------------------------
The popular humor website, Cracked[dot]com reportedly hosted malware that infected the machines of of its visitors over the weekend and may still be doing so, according to Barracuda Labs research.
---------------------------------------------
http://threatpost.com/cracked-com-serving-malware-in-drive-by-downloads/102930


*** eGroupware HTML File Uploads Script Insertion Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54368


*** LastPass Android Container PIN / Auto-Wipe Bypass ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110101


*** IBM Multiple Storage Products Apache Struts Security Bypass Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55706


*** SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access Bypass ***
---------------------------------------------
Remote Vulnerability: Access bypassDescriptionThis module enables you to manage groups and assign content and users to groups.The module doesnt sufficiently check permissions to some of the configuration pages allowing unprivileged users to access the roles and permissions pages of the GCC module.CVE
---------------------------------------------
https://drupal.org/node/2135267


*** SA-CONTRIB-2013-090 - Revisioning - Access Bypass ***
---------------------------------------------
Remote Vulnerability: Access bypassDescriptionThis module enables you to create content publication workflows whereby one version of the content is "live" (publicly visible), while another is being edited and moderated privately until found fit for publication.The module doesnt sufficiently apply node access permissions
---------------------------------------------
https://drupal.org/node/2135257