[CERT-daily] Tageszusammenfassung - Dienstag 17-09-2013
Daily end-of-shift report
team at cert.at
Tue Sep 17 18:06:35 CEST 2013
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 16-09-2013 18:00 − Dienstag 17-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** ZeuS/ZBOT: Most Distributed Malware by Spam in August ***
---------------------------------------------
In our 2Q Security Roundup, we noted the resurgence of online banking malware, in particular the increase of ZeuS/ZBOT variants during the quarter. While ZeuS/ZBOT has been around for some times, its prevalence shows that it is still a big threat to end users today. For the month of August, 23% of spam with malicious...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/7c3B-kxDrTA/
*** Dropbox Installation Hinders ASLR ***
---------------------------------------------
The popular cloud storage service Dropbox is reportedly undercutting the efficacy of access space layout randomization (ASLR) by failing to enable that feature within the dynamic link libraries (DLLs) it injects into other applications.
---------------------------------------------
http://threatpost.com/dropbox-installation-hinders-aslr/102304
*** Not So Fast on BEAST Attack Mitigations ***
---------------------------------------------
The BEAST attacks, once thought mitigated, may again be viable because of weaknesses in RC4 rendering server-side mitigation moot, and Apples reluctance to enable a 1/1-n split client-side mitigation by default.
---------------------------------------------
http://threatpost.com/not-so-fast-on-beast-attack-mitigations/102308
*** Mac OS X Security Configuration Guides ***
---------------------------------------------
The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer.
---------------------------------------------
https://ssl.apple.com/support/security/guides/
*** Google knows nearly every Wi-Fi password in the world ***
---------------------------------------------
If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. ... Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldnt change it. I suspect that many Android users have never even seen the configuration option controlling this.
---------------------------------------------
http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-fi-password-world
*** With XPs End of Life, Munich Will Distribute Ubuntu CDs ***
---------------------------------------------
SmartAboutThings writes "Windows XP is going to officially die and stop receiving support from Microsoft in April, 2014. After that very moment, it is said to become a gold mine for hackers all over the world who will exploit zero-day vulnerabilities. The municipality of the German city of Munich wants to stop that from happening [and] has decided to distribute free CDs with Ubuntu 12.04 to users of the almost extinct XP. Munich, through its Gasteig Library, will prepare around 2000 CDs...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fH6x8koNgKU/story01.htm
*** A Random Diary, (Tue, Sep 17th) ***
---------------------------------------------
The current discussion about breaking encryption algorithm has one common thread: random number generators. No matter the encryption algorithm, if your encryption keys are not random, the algorithm can be brute forced much easier then theoretically predicted based on the strength of the algorithm. All encryption algorithms depend on good random keys and generating good random numbers has long been a problem. In Unix systems for example, you will have two random devices: /dev/random and...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16592&rss
*** Mitsubishi MC-WorkX Suite Insecure ActiveX Control ***
---------------------------------------------
ICS-CERT is aware of a public report of an insecure ActiveX Control vulnerability in the Mitsubishi MC-WorkX Suite - IcoLaunch.dll with proof-of-concept (PoC) exploit code affecting Mitsubishi MC-WorkX Suite, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the PoC allows crafting a Login Client button, which when clicked by the victim, can launch malicious code from a remote share...
---------------------------------------------
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-259-01
*** Moodle external.php cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87148
*** Moodle null byte SQL injection ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/87149
*** [remote] - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution ***
---------------------------------------------
http://www.exploit-db.com/exploits/28334
*** [remote] - D-Link Devices UPnP SOAP Telnetd Command Execution ***
---------------------------------------------
http://www.exploit-db.com/exploits/28333
*** IBM Tivoli Composite Application Manager for Transactions Java Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/54849
More information about the Daily
mailing list