=======================
= End-of-Shift report =
=======================
Timeframe: Montag 17-12-2012 18:00 − Dienstag 18-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56846
*** Vuln: Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/56847
*** Vuln: TWiki Multiple Security Vulnerabilities ***
---------------------------------------------
TWiki Multiple Security Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56950
*** Reminder: Java 6 end-of-live February 2013 , (Mon, Dec 17th) ***
---------------------------------------------
Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here: http://www.oracle.com/technetwork/java/javase/eol-135779.html ---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14719&rss
*** Bugtraq: IPv6 Neighbor Discovery security (new documents) ***
---------------------------------------------
IPv6 Neighbor Discovery security (new documents)
---------------------------------------------
http://www.securityfocus.com/archive/1/525063
*** Cyber Security Bulletin (SB12-352) - Vulnerability Summary for the Week of December 10, 2012 ***
---------------------------------------------
"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability...
---------------------------------------------
http://www.us-cert.gov/cas/bulletins/SB12-352.html
*** Carberp-in-the-Mobile found on Google Play ***
---------------------------------------------
"Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play cant be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps. Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2362
*** Lookout Predicts 18 Million Android Malware Infections by End of 2013 ***
---------------------------------------------
"Lookout Mobile Security recently published its mobile threat predictions for 2013, anticipating that 18 million Android users will encounter mobile malware between the beginning of 2012 and the end of 2013."The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0. 20 percent in Japan to 0. 40 percent in the US and as high as 34...."
---------------------------------------------
http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-…
*** Trojan Upclicker malware infecting PCs via mouse input ***
---------------------------------------------
"Windows PC owners be warned theres a new strain of malware out there that befuddles users into helping it accomplish its dirty deeds via mouse clicks. Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors. FireEye researchers Abhishek Singh and Yasir Khalid noted that Trojan Upclicker is a variant...
---------------------------------------------
http://www.itproportal.com/2012/12/17/trojan-upclicker-malware-infecting-pc…
*** EU to propose mandatory reporting of cyber incidents ***
---------------------------------------------
"The European Union may force companies operating critical infrastructure in areas such as banking, energy and stock exchanges to report major online attacks and reveal security breaches, according to draft report by the European Commission. The European Commission is due to present a proposal on cybersecurity in February once it has received feedback from the European Parliament and EU countries. The proposal was initially announced in May for the third quarter this year but has been...
---------------------------------------------
http://www.euractiv.com/infosociety/eu-propose-mandatory-reporting-c-news-5…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 14-12-2012 18:00 − Montag 17-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: MyBB DyMy User Agent Plugin SQL Injection Vulnerability ***
---------------------------------------------
MyBB DyMy User Agent Plugin SQL Injection Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56931
*** Bugtraq: Wordpress Pingback Port Scanner ***
---------------------------------------------
Wordpress Pingback Port Scanner
---------------------------------------------
http://www.securityfocus.com/archive/1/525045
*** Bugtraq: DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) ***
---------------------------------------------
DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)
---------------------------------------------
http://www.securityfocus.com/archive/1/525044
*** ENISA - Introduction to Return on Security Investment ***
---------------------------------------------
"As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention...."
---------------------------------------------
http://www.enisa.europa.eu/activities/cert/other-work/introduction-to-retur…
*** Foswiki Remote code execution and other vulnerabilities in MAKETEXT ***
---------------------------------------------
Topic: Foswiki Remote code execution and other vulnerabilities in MAKETEXT Risk: High Text: + Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/8WkKh9Nz_ZM/WLB-20…
*** Eurograbber: A Smart Trojan Attack - Hackers Methods Reveal Banking Know-How ***
---------------------------------------------
"The Eurograbber banking Trojan is an all-in-one hit, researchers say. It successfully compromises desktops and mobile devices, and has gotten around commonly used two-factor authentication practices in Europe. How can banking institutions defend themselves and their customers against this super-Trojan attack?..."
---------------------------------------------
http://www.bankinfosecurity.com/eurograbber-smart-trojan-attack-a-5359?rf=2…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-12-2012 18:00 − Freitag 14-12-2012 18:00
Handler: Christian Wojner
Co-Handler: n/a
*** Internet Explorer rats out the mouse - Update ***
---------------------------------------------
"Company Spider. io warns that Internet Explorer allows a users mouse position to be determined even if the mouse cursor is located outside of the browser window or the browser window isnt being displayed at all either because it is minimised or the user has switched to view another tab or window. This is potentially dangerous because it enables web pages to intercept sensitive data that is being entered via virtual keyboards and virtual keypads, say the researchers...."
---------------------------------------------
http://www.h-online.com/security/news/item/Internet-Explorer-rats-out-the-m…
*** Bugtraq: Addressbook v8.1.24.1 Group Name XSS ***
---------------------------------------------
Addressbook v8.1.24.1 Group Name XSS
---------------------------------------------
http://www.securityfocus.com/archive/1/525027
*** New Trojan attempts SMS fraud on OS X users ***
---------------------------------------------
"The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud. The new malware is a Trojan horse, dubbed "Trojan. SMSSend...."
---------------------------------------------
http://news.cnet.com/8301-1009_3-57558780-83/new-trojan-attempts-sms-fraud-…
*** Apple updates OS X malware definitions for new fake-installer/SMS trojan ***
---------------------------------------------
"MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as TrojanSMSSend...."
---------------------------------------------
http://9to5mac.com/2012/12/13/apple-updates-os-x-malware-definitions-for-ne…
*** Backdoor Found at NDIS Level ***
---------------------------------------------
"It is one thing to have a piece of malware that can focus on targeted attacks, but it is quite another to have it also be nearly invisible. That is just what a variant of the Exforel backdoor malware, VirTool:WinNT/Exforel. A, is able to do, said researchers at Microsofts Malware Protection Center...."
---------------------------------------------
http://www.isssource.com/backdoor-found-at-ndis-level/
*** New Attacks from Gameover Gang ***
---------------------------------------------
"Millions of emails, which pose as coming from major U.S. banks, are spamming out, according to Dell SecureWorks Counter Threat Unit. The fake but convincing-looking emails appeal to a more security-minded banking customer: You have received a new encrypted message or a secure message from [XYZ] Bank, one of the email campaigns said, noting the bank has set up a secure email exchange for its customers as a way to allay privacy and security concerns. The message includes an infected
---------------------------------------------
http://www.isssource.com/new-attacks-from-gameover-gang/
*** Yet another eavesdrop vulnerability in Cisco phones ***
---------------------------------------------
Security groundhog day A university student presenting at the Amphion Forum has demonstrated turning a Cisco VoIP phone into a listening device, even when it's on the hook.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/13/cisco_voip_…
*** Dexter malware targets point of sale systems worldwide ***
---------------------------------------------
"You could be getting more than you bargained for when you swipe your credit card this holiday shopping season, thanks to new malware that can skim credit card info from compromised point-of-sale (POS) systems. First spotted by security firm Seculert, the malware dubbed "Dexter" is believed to have infected hundreds of POS systems in 40 countries worldwide in recent months. Companies targeted include retailers, hotel chains, restaurants, and private parking providers...."
---------------------------------------------
http://www.theregister.co.uk/2012/12/14/dexter_malware_targets_pos_systems/
*** Top 7 security predictions for 2013 ***
---------------------------------------------
"A seismic shift in who controls the Internet? Another Mac malware outbreak? Your smart TV being highjacked for a DDoS attack?..."
---------------------------------------------
http://www.net-security.org/secworld.php?id=14120
*** [DNB] Joomla, WordPress Sites Hit by IFrame Injection Attacks ***
---------------------------------------------
'....Users of the popular Joomla content management system are being
urged by security experts to upgrade to the latest version after
reports of exploits being used to compromise websites built on the
platform......'
---------------------------------------------
https://threatpost.com/en_us/blogs/joomla-wordpress-sites-hit-iframe-inject…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 12-12-2012 18:00 − Donnerstag 13-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stephan Richter
*** Researchers uncover Tor-powered Skynet botnet ***
---------------------------------------------
"Rapid7 researchers have recently unearthed an unusual piece of malware that turned out to be crucial to the formation of an elusive botnet - dubbed Skynet by the researchers - whose existence has been documented in a very popular Reddit "I Am A" thread. The Trojan in question has DDoS and Bitcoin-mining capabilities, but its main function is to steal banking credentials. The botnet operator spreads the malware via the Usenet discussion forum, which is also a popular platform for...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2357
*** "Dexter" malware steals credit card data from point-of-sale terminals ***
---------------------------------------------
"A researcher has uncovered new malware that steals payment card data from point-of-sale terminals used by stores, hotels, and other businesses. Dexter, as the malware is called, has infected hundreds of point-of-sale computers at big-name retailers, hotels, restaurants, and other businesses, according to a report issued by Aviv Raff, chief technology officer of Israel-based security firm Seculert. Businesses infected in the past three months are located in 40 different countries, with 30...
---------------------------------------------
http://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-d…
*** New Findings Lend Credence to Project Blitzkrieg ***
---------------------------------------------
"Project Blitzkrieg," a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2013, was met with skepticism from some in the security community after news of the scheme came to light in October. Many assumed it was a law enforcement sting, or merely the ramblings of a wannabe criminal mastermind. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/RgJgMJ51mKo/
*** Cybersecurity company using hackers own devices against them ***
---------------------------------------------
"A California cybersecurity start-up, marketing itself as a private cyber intelligence agency, works to identify foreign attackers who are attempting to steal corporate secrets; it does so by using the attackers own techniques and vulnerabilities against them; the company also collects data on hackers and tricks intruders into stealing false information Shawn Henry, the head of the FBI cyber crimes division, this year left agency after twenty-four years to become the president CrowdStrike,...
---------------------------------------------
http://www.homelandsecuritynewswire.com/dr20121213-cybersecurity-company-us…
*** Facebook Security, FBI Take Down Butterfly Botnet, Arrest 10 ***
---------------------------------------------
"Facebooks security team is being lauded by the FBI for its role the arrest of 10 individuals accused of spreading banking malware on the social networking site and collecting more than $850 million from fraudulent transactions. The arrests were carried out yesterday in the U.S., U.K., the Balkans, South America and New Zealand in connection with spreading the Yahos malware on Facebook from 2010 to this October. Yahos compromised more than 11 million computers, the FBI said...."
---------------------------------------------
http://threatpost.com/en_us/blogs/facebook-security-fbi-take-down-butterfly…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 11-12-2012 18:00 − Mittwoch 12-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** First fake-installer Trojan for Mac OS ***
---------------------------------------------
December 11, 2012 Russian anti-virus company Doctor Web informs users about a new Trojan for Mac OS X dubbed Trojan.SMSSend.3666. The malicious scheme used to spread this Trojan is notorious among many Windows users but until now it hasnt been employed to deceive owners of Macs. Trojan.SMSSend is a fake installer which can be downloaded from various sites under the guise of useful software. Trojan.SMSSend programs are found in large numbers on the Internet. These are fake installers available
---------------------------------------------
http://news.drweb.com/show/?i=3138&lng=en&c=9
*** Web-Seiten identifizieren Besucher über deren soziale Netze ***
---------------------------------------------
Der New Yorker Sumit Suman staunte nicht schlecht. Nach seinem Besuch der Web-Seiten von UberVu bekam er am nächsten Tag eine persönliche E-Mail mit Werbeangeboten der Firma.
---------------------------------------------
http://www.heise.de/security/meldung/Web-Seiten-identifizieren-Besucher-ueb…
*** Dezember-Patchday bei Microsoft und Adobe ***
---------------------------------------------
Microsoft und Adobe haben ihre Dezember-Patchdays abgehalten und dabei zahlreiche kritische Lücke geschlossen. Während Microsoft die meisten Windows-Versionen, den Internet Explorer, Word und einige Server-Produkte abgesichert hat, gab es von Adobe Patches für den Flash Player, AIR und ColdFusion.
---------------------------------------------
http://www.heise.de/security/meldung/Dezember-Patchday-bei-Microsoft-und-Ad…
*** Microsoft Internet Explorer 610 Mouse Tracking ***
---------------------------------------------
Topic: Microsoft Internet Explorer 610 Mouse Tracking Risk: Medium Text:Summary: Unprivileged attackers can track your system-wide mouse movements from any IE page, even when the page is unfocused o...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/GTaeIyspNpM/WLB-20…
*** Samsungs smart TVs wide open to exploits ***
---------------------------------------------
The downside to being more like a PC Samsungs Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/smart_tv_pw…
*** Russian space research org targeted by mystery malware attack ***
---------------------------------------------
Korean message forum becomes cyber-espionage hub Security researchers have discovered a targeted attack against Russian hi-tech firm that appears to originate in Korea.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/12/russian_cyb…
*** North America and Europe Most Threatened by Money-Stealing Android Trojans ***
---------------------------------------------
"If youre living in Europe or North America and if youre an Android user, the mobile malware that targets you is most likely designed to steal your money. On the other hand, if you live in Asia, youre more likely to be bombarded with aggressive adware and annoying ads. These are the results of a study performed by security firm Bitdefender with the aid of its mobile security solution, between January 1 and December 1, 2012...."
---------------------------------------------
http://news.softpedia.com/news/North-America-and-Europe-Most-Threatened-by-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 10-12-2012 18:00 − Dienstag 11-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Beware of Bitcoin miner posing as Trend Micro AV ***
---------------------------------------------
"Malware almost always comes in disguise, but some malware peddlers try to do a better job than others. Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself off as "Trend Micro AntiVirus Plus AntiSpyware" (click on the screenshot to enlarge it):Unfortunately for whose who get fooled, the software in question is a Trojan that creates the process svchost. exe and downloads additional malicious components such as a Bitcoin miner application
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2349
*** Multipurpose Necurs Trojan infects over 83,000 computers ***
---------------------------------------------
"The polivalent Necurs malware family has been wreaking havoc in November by infecting over 83,000 unique computers - and that are only the ones detected by Microsofts solutions! The Necurs Trojan is capable of:Modifying the computers registry in order to make itself start after every reboot. Dropping additional components that prevents a large number of security applications from functioning correctly, including the ones manufactured by Avira, Kaspersky Lab, Symantec and
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2350
*** 200,000 new malicious programs detected every day ***
---------------------------------------------
"Kaspersky Lab released its annual Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2012. The report revealed significant growth of Mac-specific malware and an explosive growth in the number of threats targeting the Android platform. Overall, Kaspersky Lab detected and blocked more than 1...."
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2352
*** Necurs Rootkit Infections Way Up ***
---------------------------------------------
"Infections from a nasty bit of malware, generally delivered by the Black Hole Exploit Kit, surged in November, hitting more than 83,000 machines. Microsofts Malware Protection Center rates the Necurs rootkit threat as severe. Dubbed a rootkit by Kaspersky Lab, Necurs has many dimensions to it...."
---------------------------------------------
http://threatpost.com/en_us/blogs/necurs-rootkit-infections-way-120712?
*** Joomla (and WordPress) Bulk Exploit Going on, (Mon, Dec 10th) ***
---------------------------------------------
Weve gotten some reports and discussion around many Joomla (and some WordPress) sites exploited and hosting IFRAMES pointing to bad places. Well get to the downloaded in a second, but the interesting thing to note is that it doesnt seem to be a scanner exploiting one vulnerability but some tool thats basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. Wed like PCAPs or weblogs if youre seeing something similar in your environment.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14677&rss
*** Russian ransomware strikes Queensland doctor ***
---------------------------------------------
Seven years of patients files encrypted by crooks. A medical practice in the Australian state of Queensland, the Miami Family Medical Centre, has been hit by ransomware said to originate in Russia.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/11/queensland_…
*** Unzuverlässige Trojaner-Warnungen durch Android 4.2 ***
---------------------------------------------
Nur 15 Prozent der in einer Analyse eingesetzten Schadsoftware hat der mit Googles Betriebssystem Jelly Bean (Android 4.2) kommende App Verification Service entdeckt.
---------------------------------------------
http://www.heise.de/security/meldung/Unzuverlaessige-Trojaner-Warnungen-dur…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 07-12-2012 18:00 − Montag 10-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
*** Sophos Security Threat Report 2013, today... tomorrow ***
---------------------------------------------
"Sophos was one of the first security firms that has published a report, Sophos Security Threat Report 2013, on current status of security landscape making predictions for incoming year. The document propose an interesting overview on most common and dangerous cyber threats attempting to determine the level of penetration by different countries. The factors that have primary contributed to the diffusion of new cyber threats are the increasing in use of social networks platforms and
---------------------------------------------
http://www.infosecisland.com/blogview/22771-Sophos-Security-Threat-Report-2…
*** Onlinebanking lieber per Althandy ***
---------------------------------------------
Derzeit droht Nutzern von Internet-Banking-Diensten Gefahr durch den Trojaner Eurograbber, der Geld von mehr als 30 000 Bankkonten erbeutet haben soll. Er greift Online-Banking-Teilnehmer, die PC und Smartphone kombiniert einsetzen, gezielt an und fängt durch geschickte Fragen sowohl Kontodaten als auch Transaktionsnummern seiner Opfer ab. Internetnutzer können sich jedoch mit ein paar Tricks schützen.
---------------------------------------------
http://www.heise.de/security/meldung/Onlinebanking-lieber-per-Althandy-1764…
*** My Little Pronny: Autorun worms continue to turn ***
---------------------------------------------
"Malware activity exploiting Autorun on Windows computers has been generating quite a few calls to ESET support lines lately, reminding us that old infection techniques seldom die and USB flash drives can still be an effective means of getting malicious code onto a computer. USB drives can be used to infect computers that automatically execute files on removable media when that media is inserted. On Windows machines this is known as the Autorun feature (referred to as Autoplay in Windows
---------------------------------------------
http://blog.eset.com/2012/12/07/autorun-worm-continues-to-turn
*** 16-30 November 2012 Cyber Attacks Timeline ***
---------------------------------------------
"November has gone and its time to review this months cyber landscape. From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the
---------------------------------------------
http://hackmageddon.com/category/security/cyber-attacks-timeline/
*** That square QR barcode on the poster? Check its not a sticker ***
---------------------------------------------
Crooks slap on duff codes leading to evil sites Cybercrooks are putting up stickers featuring URLs embedded in Quick Response codes (QR codes) as a trick designed to drive traffic to dodgy sites.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/10/qr_code_sti…
*** Trojans spread from compromised Dalai Lama website ***
---------------------------------------------
December 5, 2012 Russian anti-virus company Doctor Web is informing users that several Trojans are being spread from compromised websites. In particular, malware is being downloaded from the official site of the Dalai Lama. Mac OS X systems are in danger as well as Windows PCs. Several days ago Doctor Web was informed that the official site of Tibet's spiritual leader, the Dalai Lama, had been compromised. Doctor Webs analysts discovered that when loading a page from the site in a
---------------------------------------------
http://news.drweb.com/show/?i=3124&lng=en&c=9
*** DDoS Attacks: Lessons Learned - 4 Thought Leaders Share Insights About Bank Attacks ***
---------------------------------------------
"Distributed-denial-of-service attacks waged against leading U.S. banks between mid-September and mid-October led to improved information sharing about threats. And that exchange proved effective in minimizing disruptions. Inter-bank and industry communication helped financial institutions targeted later in the DDoS campaign suffer less severe outages than those targeted earlier, says Mike Smith, a DDoS specialist at Web security vendor Akamai Technologies...."
---------------------------------------------
http://www.bankinfosecurity.com/ddos-attacks-lessons-learned-a-5343?rf=2012…
*** The "hidden" backdoor - VirTool:WinNT/Exforel.A ***
---------------------------------------------
Recently we discovered an advanced backdoor sample -
VirTool:WinNT/Exforel.A. Unlike traditional backdoor samples, this
backdoor is implemented at the NDIS (Network Driver Interface
Specification) level.
https://blogs.technet.com/b/mmpc/archive/2012/12/09/the-quot-hidden-quot-ba…
*** Vuln: TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities ***
---------------------------------------------
TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/56602
*** VLC Media Player 2.0.4 Buffer Overflow ***
---------------------------------------------
Topic: VLC Media Player 2.0.4 Buffer Overflow Risk: High Text:Title : VLC media player 2.0.4 buffer overflow POC Version : 2.0.4 Twoflower Date : 2012-12-06 Vendor : http:/...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JsOQvc6gSeY/WLB-20…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-12-2012 18:00 − Freitag 07-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
*** Sieben Microsoft-Patches auf einen Streich am Patchday ***
---------------------------------------------
Microsoft kündigte an, anlässlich seines Dezember-Patchdays am kommenden Dienstag sieben Patch-Pakete (Bulletins) herauszugeben, die insgesamt elf Sicherheitslücken schließen. Fünf der Patch-Pakete stuft das Unternehmen als kritisch ein; sie schließen Lücken, die das Einschleusen von Schadcode aus der Ferne erlauben.
---------------------------------------------
http://www.heise.de/security/meldung/Sieben-Microsoft-Patches-auf-einen-Str…
*** Viele beliebte Windows-Programme unzureichend gesichert ***
---------------------------------------------
Der Autor der Software SlopFinder beschreibt, dass viele beliebte Windows-Programme selbst grundlegende Schutzmechanismen nicht verwenden. So soll bei DEP (Data Execution Prevention) der Prozessor über ein Flag (NX-Bit) die Ausführung von eingeschleustem Schadcode im Datenbereich verhindern.
---------------------------------------------
http://www.heise.de/security/meldung/Viele-beliebte-Windows-Programme-unzur…
*** RSA boss predicts "catastrophic" cyber attack ***
---------------------------------------------
"A large-scale attack on critical infrastructure will soon become a reality, according to RSA chief executive Art Coviello. The security boss said that poor government security protections combined with increasingly sophisticated attack techniques has left critical infrastructure at risk for attacks which could cause widespread damage."I abhor the phrase Cyber Pearl Harbor because I think it is a poor metaphor to describe the state I believe we are in," Coviello
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2229201/rsa-boss-art-coviello-predicts-catas…
*** Skynet, a Tor-powered botnet straight from Reddit ***
---------------------------------------------
FROM: Matthias Fraidl <fraidl(a)cert.at>
Following is an overview of this malware labelled by the creator as
Skynet: a Tor-powered trojan with DDoS, Bitcoin mining and Banking
capabilities, that we observed spreading through the veins of Usenet.
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor…
---------------------------------------------
/taranis/mod_assess/show_mail.pl?id=1826
*** BlackHole Exploit Kit Has Difficulties in Infecting Chrome Users, Experts Say ***
---------------------------------------------
"The notorious BlackHole exploit kit has been around for quite some time now, with new iterations being released periodically. While it can be considered one of the most efficient cybercriminal tools, BlackHole doesnt like it when its victims utilize Googles Chrome web browser. According to experts from Blue Coat, when potential victims are tricked into clicking on links that point to BlackHole-infested websites, theyre presented with a loading or a please wait message, while in the
---------------------------------------------
http://news.softpedia.com/news/BlackHole-Exploit-Kit-Has-Difficulties-in-In…
*** New Trojan Exploits Mobile Channel - Eurograbber Defeats Two-Factor Authentication ***
---------------------------------------------
"Eurograbber is more than just another banking Trojan. Its an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Points Darrell Burkey. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks...."
---------------------------------------------
http://www.bankinfosecurity.com/interviews/new-trojan-exploits-mobile-chann…
*** WhatsApp schließt Lücke erneut, aber nicht überall ***
---------------------------------------------
Das Katz-und-Maus-Spiel um die Sicherheit von WhatsApp geht in die nächste Runde: Nachdem heise Security vor rund einer Woche demonstriert hatte, dass die Android-Version nach wie vor anfällig für Account-Hijacking ist, bietet der Betreiber nun WhatsApp-Version 2.8.8968 über Google Play an, die eine verbesserte Rufnummern-Verifikation verspricht.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-schliesst-Luecke-erneut-aber-…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 04-12-2012 18:00 − Mittwoch 05-12-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** SHA1-Schwäche begünstigt Passwortknacker ***
---------------------------------------------
Jens Steube, einer der Autoren des populären Passwortknackers Hashcat, hat eine "Schwäche im kryptografischen Hash-Verfahren SHA1" (PDF-Datei) ausgemacht, die es ihm erlaubt, das Knacken von Passwörtern um etwa 20 Prozent zu beschleunigen.
---------------------------------------------
http://www.heise.de/security/meldung/SHA1-Schwaeche-beguenstigt-Passwortkna…
*** ATM Thieves Swap Security Camera for Keyboard ***
---------------------------------------------
This blog has featured stories about a vast array of impressive, high-tech devices used to steal money from automated teller machines (ATMs). But every so often thieves think up an innovation that makes all of the current ATM skimmers look like childs play. Case in point: Authorities in Brazil have arrested a man who allegedly stole more than USD $41,000 from an ATM after swapping its security camera with a portable keyboard that let him hack the cash machine.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/kPS5w9ExcfQ/
*** Twitter’s deathless spoofing bug gets the heart-stake again ***
---------------------------------------------
Facebook, Venmo also plug SMS vuln Twitter says it has plugged its years-old SMS spoofing vulnerability after yet-another disclosure, this time by security consultant Jonathan Rudenberg. Facebook and social payments outfit Venmo have also blocked the vulnerability.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/12/05/twitter_dum…
*** Security Patch released for BIND 9.9.2, (Wed, Dec 5th) ***
---------------------------------------------
A security patch was released for BIND 9.9.2. The patch addresses 26 different bugs and/or security issues. Update your bind DNS server to version 9.9.2-P1. Updates can be downloaded here: http://www.isc.org/downloads/all More information is available here: https://kb.isc.org/article/AA-0082 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14641&rss
*** Apache Tomcat CSRF Prevention Filter Bypass ***
---------------------------------------------
Topic: Apache Tomcat CSRF Prevention Filter Bypass Risk: Low Text:CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/llUlhAAXXjo/WLB-20…
*** Apache Tomcat Security Bypass ***
---------------------------------------------
Topic: Apache Tomcat Security Bypass Risk: Medium Text:CVE-2012-3546 Apache Tomcat Bypass of security constraints Severity: Important Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bHs7rEreGXQ/WLB-20…
*** HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03464042
*** HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS) ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03556108
*** HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code ***
---------------------------------------------
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
*** Sophos Security Threat Report 2013: Norway Is the Safest Country ***
---------------------------------------------
"Sophos has just released its Security Threat Report 2013. The study focuses on topics such as Mac malware, targeted attacks, polymorphic attacks, ransomware, Android threats, Java attacks, and the BlackHole exploit kit. An interesting part of the report is the one which details the 10 riskiest and the 10 safest countries in the world...."
---------------------------------------------
http://news.softpedia.com/news/Sophos-Security-Threat-Report-2013-Norway-Is…
*** New 25-GPU Monster Devours Strong Passwords In Minutes ***
---------------------------------------------
chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cC50oUE-O1A/story01.htm
*** The Citadel crimeware kit - under the microscope ***
---------------------------------------------
Ever since the source code of the Zeus crimeware kit, also known as
Zbot, was leaked onto the internet in May 2011, many new variants have
appeared. These have typically added new features and improved on the
old code. One particularly prevalent example is Citadel.
---------------------------------------------
http://nakedsecurity.sophos.com/2012/12/05/the-citadel-crimeware-kit-under-…