[CERT-daily] Tageszusammenfassung - Montag 25-11-2013

Mon Nov 25 18:11:29 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 22-11-2013 18:00 − Montag 25-11-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  n/a

*** Second Look at Stuxnet Reveals Older Dangerous Variant ***
---------------------------------------------
ICS expert Ralph Langner has thrown back the covers on Stuxnet revealing a two-pronged attack intent not only on disrupting Irans nuclear capabilities, but flexing the attackers muscle in building weaponized malware.
---------------------------------------------
http://threatpost.com/second-look-at-stuxnet-reveals-older-dangerous-variant/103006


*** Google fixes flaw in Gmail password reset process ***
---------------------------------------------
According to the researcher who discovered the bug, Google swiftly addressed the security issue, which could leave users passwords vulnerable to theft.
---------------------------------------------
http://www.scmagazine.com/google-fixes-flaw-in-gmail-password-reset-process/article/322343/


*** Five Years Old And Still On The Run: DOWNAD ***
---------------------------------------------
Five years ago, Conficker/DOWNAD was first seen and quickly became notorious due to how quickly it spread and how much damage it caused. Remarkably, after all that time, it´s still alive. It can still pose a serious problem, as it can propagate to other systems on the same network as an infected machine - a factor that may explain its high rate of infection to this day.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/five-years-old-and-still-on-the-run-downad/


*** Another Fake WordPress Plugin - And Yet Another SPAM Infection! ***
---------------------------------------------
We clean hundreds and thousands of infected websites, a lot of the cleanups can be considered to be somewhat "routine". If you follow our blog, you often hear us say we´ve seen "this" numerous times, we´ve cleaned "that" numerous times.
---------------------------------------------
http://blog.sucuri.net/2013/11/another-fake-wordpress-plugin-and-yet-another-spam-infection.html


*** Top Security Predictions for 2014 ***
---------------------------------------------
As 2013 draws to a close, FireEye researchers are already looking ahead to 2014 and the shifting threat landscape. Expect fewer Java zero-day exploits and more browser-based ones. Watering-hole attacks may supplant spear-phishing attacks.
---------------------------------------------
http://www.fireeye.com/blog/corporate/2013/11/top-security-predictions-for-2014.html


*** Port 0 DDOS, (Fri, Nov 22nd) ***
---------------------------------------------
Following on the stories of amplification DDOS attacks using Chargen, and stories of "booters" via Brian Kreb's,  I am watching with interest the increase in port 0 amplification DDOS attacks.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17081


*** Spam-Friendly Registrar 'Dynamic Dolphin' Shuttered ***
---------------------------------------------
The organization that oversees the Internet domain name registration industry last week revoked the charter of Dynamic Dolphin, a registrar that has long been closely associated with spam and cybercrime.
---------------------------------------------
http://krebsonsecurity.com/2013/11/spam-friendly-registrar-dynamic-dolphin-shuttered/


*** LG smart TV snooping extends to home networks, second blogger says ***
---------------------------------------------
A second blogger has published evidence that his LG-manufactured smart television is sharing sensitive user data with the Korea-based company in a post that offers support for the theory that the snooping isnt isolated behavior that affects a small number of sets.
---------------------------------------------
http://arstechnica.com/security/2013/11/lg-smart-tv-snooping-extends-to-home-networks-second-blogger-says/


*** CryptoLocker gang teams with botnet-builders on ransomware ***
---------------------------------------------
The cyber-gang running the CryptoLocker extortion racket is sharing a big cut of any payments they squeeze out of their victims with criminal botnet owners working closely with them, says Symantec, which has been monitoring this underworld activity online.
---------------------------------------------
http://www.pcworld.com/article/2066741/cryptolocker-gang-teams-with-botnet-builders-on-ransomware.html


*** DSA-2802 nginx ***
---------------------------------------------
http://www.debian.org/security/2013/dsa-2802


*** DSA-2801 libhttp-body-perl ***
---------------------------------------------
http://www.debian.org/security/2013/dsa-2801


*** [webapps] - TPLINK WR740N/WR740ND - Multiple CSRF Vulnerabilities ***
---------------------------------------------
http://www.exploit-db.com/exploits/29802


*** ImpressPages CMS 3.8 Stored XSS Vulnerability ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110168


*** Pirelli Discus DRG A125g Remote Change SSID Value Vulnerability ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110167


*** Google Gmail IOS Mobile Application - Persistent / Stored XSS ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110170


*** Ruby Heap Overflow in Floating Point Parsing Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1029388


*** Drupal Core Bugs Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, and Open Redirect Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1029386