[CERT-daily] Tageszusammenfassung - Montag 7-04-2014

Mon Apr 7 18:05:26 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 04-04-2014 18:00 − Montag 07-04-2014 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** BSI-Webseite mit Prüfung ob die eigene Emailadresse im aktuellen Fall betroffen ist ***
---------------------------------------------
Im Rahmen eines laufenden Ermittlungsverfahrens der Staatsanwaltschaft Verden (Aller) ist erneut ein Fall von großflächigem Identitätsdiebstahl aufgedeckt worden. 
...
Diese Webseite bietet eine Überprüfungsmöglichkeit, ob Sie von dem Identitätsdiebstahl betroffen sind. 
---------------------------------------------
https://www.sicherheitstest.bsi.de/


*** VirusShield: Nur ein Logo - sonst nichts ***
---------------------------------------------
Die App VirusShield für Android erreichte innerhalb kürzester Zeit enorme Verkaufszahlen. Jedoch: Die App tut überhaupt nichts. (Google, Virenscanner)
---------------------------------------------
http://www.golem.de/news/virusshield-nur-ein-logo-sonst-nichts-1404-105677-rss.html


*** Hash-Funktion: Entwurf für SHA-3-Standard liegt vor ***
---------------------------------------------
Die US-Behörde Nist hat einen Entwurf für die Standardisierung der Hashfunktion SHA-3 vorgelegt. Drei Monate lang besteht nun die Möglichkeit, diesen zu kommentieren. (Technologie, Verschlüsselung)
---------------------------------------------
http://www.golem.de/news/hash-funktion-entwurf-fuer-sha-3-standard-liegt-vor-1404-105641-rss.html


*** Those strange e-mails with URLs in them can lead to Android malware, (Sat, Apr 5th) ***
---------------------------------------------
Youve probably gotten a few of these e-mails over the last few months (I saw the first one of this latest kind in early Feb), we got one to the handlers list earlier this week which prompted this diary. They seem pretty innocuous, they have little or no text and a URL like the one shown below.      Note: the above link doesnt lead to the malware anymore, so I didnt obscure it.  Most seem to be sent from Yahoo! (or Yahoo!-related e-mail addresses), so they may be coming from addresses that were
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17909&rss


*** XMPP-Layer Compression Uncontrolled Resource Consumption ***
---------------------------------------------
Topic: XMPP-Layer Compression Uncontrolled Resource Consumption Risk: Medium Text:Uncontrolled Resource Consumption with XMPP-Layer Compression Original Release Date: 2014-04-04 Last Updated: 2014-04-04 ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040034


*** Fake Voting Campaign Steals Facebook Users’ Identities ***
---------------------------------------------
Contributor: Parag SawantPhishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.read more
---------------------------------------------
http://www.symantec.com/connect/blogs/fake-voting-campaign-steals-facebook-users-identity


*** Advice for Enterprises in 2014: Protect Your Core Data ***
---------------------------------------------
Some companies may think – “if it can happen to a spy agency, there’s nothing we could do. We should just give up and not protect our data anymore.” Others may say: “let’s build a bigger wall around our data.” Both approaches are incorrect. Obviously, you have to protect your data. However, neither can enterprises just try and protect everything with the same rigor. ... What an enterprise needs to focus on is what really needs to be protected.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/advice-for-enterprises-in-2014-protect-your-core-data/


*** Microsoft spells out new rules for exiling .EXEs ***
---------------------------------------------
Microsoft has updated the methodology it uses to define adware, a move designed to make it clearer just what the company considers worthy for removal by its malware tools. ... The kinds of “unwanted behaviours” that Redmond is looking for will be familiar to anyone whos been burned by mistakenly clicking on the link, with lack of user choice or control topping the list.
---------------------------------------------
http://www.theregister.co.uk/2014/04/07/microsoft_puts_adware_in_the_crosshairs_again/


*** Netgear schließt Hintertür in Modemrouter DGN1000 ***
---------------------------------------------
Die Firma hat ein Firmware-Update veröffentlicht, das die Hintertür auf Port 32764 des DSL-Modemrouters schließen soll. Über die Lücke können Angreifer die Passwörter der Geräte abgreifen.
---------------------------------------------
http://www.heise.de/security/meldung/Netgear-schliesst-Hintertuer-in-Modemrouter-DGN1000-2165017.html


*** RSA Data Loss Prevention Security Bypass Security Issue ***
---------------------------------------------
A security issue has been reported in RSA Data Loss Prevent, which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due an error within the session management and can be exploited to access otherwise restricted content.
---------------------------------------------
https://secunia.com/advisories/57464