[CERT-daily] Tageszusammenfassung - Mittwoch 19-02-2014

Daily end-of-shift report team at cert.at
Wed Feb 19 18:11:40 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 18-02-2014 18:00 − Mittwoch 19-02-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Christian Wojner

*** Time to Harden Your Hardware? ***
---------------------------------------------
Most Internet users are familiar with the concept of updating software that resides on their computers. But this past week has seen alerts about an unusual number of vulnerabilities and attacks against some important and ubiquitous hardware devices, from consumer-grade Internet routers, data storage and home automation products to enterprise-class security solutions.
---------------------------------------------
http://krebsonsecurity.com/2014/02/time-to-harden-your-hardware/



*** 2013 DataBreach Report By Risk Based Security ***
---------------------------------------------
Today Riskbasedsecurity.com has announced a report that covers the 2013 period for databreaches of all kinds.
---------------------------------------------
http://www.cyberwarnews.info/2014/02/19/2013-databreach-report-by-risk-based-security/




*** Lets Talk About Your Security Breach with Metasploit. Literally. In Real Time. ***
---------------------------------------------
During a recent business trip in Boston, Tod and I sat down in a bar with the rest of the Metasploit team, and shared our own random alcohol-driven ideas on Metasploit hacking. At one point we started talking about hacking webcams. At that time Metasploit could only list webcams, take a snapshot, stream (without sound), or record audio using a meterpreter...
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/02/18/lets-talk-about-your-security-breach-with-metasploit-literally




*** 300,000 Usernames, Passwords Posted to Pastebin ***
---------------------------------------------
More than 300,000 credentials were posted on the clipboard website Pastebin.com in the year 2013 alone according to a recent analysis by a Swiss security firm.
---------------------------------------------
http://threatpost.com/300000-usernames-passwords-posted-to-pastebin/104333




*** Smartphones und Tablets: Exploit-Code für 14 Monate altes Android-Sicherheitsloch ***
---------------------------------------------
Für eine seit 14 Monaten bekannte Sicherheitslücke in Android ist Exploit-Code für das Framework Metasploit veröffentlicht worden. Ein Sicherheitsforscher kritisiert, dass die meisten im Umlauf befindlichen Android-Geräte die Sicherheitslücke aufweisen.
---------------------------------------------
http://www.golem.de/news/smartphones-und-tablets-exploit-code-fuer-14-monate-altes-android-sicherheitsloch-1402-104652-rss.html




*** Detected new Zeus variant which makes use of steganography ***
---------------------------------------------
Security experts at Malwarebytes detected a new of the popular Zeus banking trojan variant which makes use of steganography to hide the configuration file.
---------------------------------------------
http://securityaffairs.co/wordpress/22334/malware/zeus-banking-malware-nestles-crucial-file-photo.html




*** Hack gegen AVM-Router: AVM veröffentlicht Liste betroffener Fritzboxen ***
---------------------------------------------
Nach langem Hin und Her hat AVM jetzt eine Liste aller Fritzboxen veröffentlicht, die deren genauen Sicherheitsstatus dokumentiert. Für zwei der betroffenen Geräte steht noch kein Update bereit und einige Fragen bleiben weiterhin offen.
---------------------------------------------
http://www.heise.de/security/meldung/Hack-gegen-AVM-Router-AVM-veroeffentlicht-Liste-betroffener-Fritzboxen-2118070.html




*** Admin rights key to mitigating vulnerabilities, study shows ***
---------------------------------------------
Its been best-practice for a very long time: all users and processes should run with the fewest privileges necessary. This limits the damage that can be done by an attacker if the user or process is compromised.
---------------------------------------------
http://www.zdnet.com/admin-rights-key-to-mitigating-vulnerabilities-study-shows-7000026428/




*** Second Group Seen Using IE 10 Zero Day ***
---------------------------------------------
There are at least two different groups running attacks exploiting the recently published zero day vulnerability in Internet Explorer 10, and researchers say one of the groups used the bug to impersonate a French aerospace manufacturer and compromise victims visiting the spoofed Web page. The attackers also used a special feature of ..
---------------------------------------------
http://threatpost.com/second-group-seen-using-ie-10-zero-day/104344




*** Security Bulletins: SSL Certificate Validation Vulnerability in the Citrix ShareFile Mobile Application for Android and the Citrix ShareFile Mobile for Tablets Application for Android ***
---------------------------------------------

---------------------------------------------
http://support.citrix.com/article/CTX140303




*** MediaWiki Thumb.php Remote Command Execution ***
---------------------------------------------
Topic: MediaWiki Thumb.php Remote Command Execution
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020153




*** Ruby on Rails Multiple Vulnerabilities ***
---------------------------------------------
Ruby on Rails Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/56964


More information about the Daily mailing list