Tageszusammenfassung - Freitag 5-10-2012

End-of-Shift report

Timeframe: Donnerstag 04-10-2012 18:00 − Freitag 05-10-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner

Microsoft Security Bulletin Advance Notification for October 2012

"This is an advance notification of security bulletins that Microsoft is intending to release on October 9, 2012. This bulletin advance notification will be replaced with the October bulletin summary on October 9, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification...."

http://technet.microsoft.com/en-us/security/bulletin/ms12-oct


Linux 3.7 Kernel To Support Multiple ARM Platforms

hypnosec writes with news that the Linux 3.7 kernel will support multiple ARM-based System on Chip platforms (Git commit page), writing "Up until now there has been a separate Linux kernel build for each of the ARM platforms or SoCs, which is one of the several problems when it comes to ARM based Linux. The merging of ARM multi-platform support into Linux 3.7 will put an end to this problem, enabling the new kernel to not only target multiple platforms but also be more in line with its x86

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/CCv0Hi9ZkWM/linux-37-kernel-to-support-multiple-arm-platforms


No Surprise - Ransomware On the Rise

"McAfees latest Threats Report shows a 1. 5 million increase in malware since last quarter. 2012 is in fact, far and away the busiest year ever for malware with an estimated total of 100 million malware samples worldwide by Q3 2012...."

http://www.infosecisland.com/blogview/22511-No-Surprise-Ransomware-On-the-Rise.html


Sybase ASE 15.x Java Command Execution

Topic: Sybase ASE 15.x Java Command Execution Risk: High Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Java Operating System command executi...

http://feedproxy.google.com/~r/securityalert_database/~3/bHOU9UjsTIM/WLB-2012100044


Botnet Spotted Silently Scanning IPv4 Address Space For Vulnerable VoIP

"A large peer-to-peer botnet known for its resilience was spotted sniffing out potential victim voice-over-IP (VoIP) servers using an advanced stealth technique of camouflaging its efforts to recruit new bots. The Sality botnet, which was first discovered in 2003 and has been estimated to have hundreds of thousands or more infected machines in its zombie army, scanned IPv4 addresses in February 2011 via a covert scanning method that flew under the radar, according to new research from the

http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabilities/240008526/botnet-spotted-silently-scanning-ipv4-address-space-for-vulnerable-voip.html


Facebook scannt private Nachrichten

Wenn ein Link zu einer Webseite, die einen Facebook Like-Button eingebunden hat, in einer privaten Nachricht versendet wird, erhöht sich der Like-Zähler. Das bedeutet, dass die Inhalte der Nachrichten von Facebook gescannt werden müssen.

http://futurezone.at/digitallife/11724-facebook-scannt-private-nachrichten.php?rss=fuzo


VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html, (Fri, Oct 5th)

Richard Porter ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

http://isc.sans.edu/diary.html?storyid=14242&rss


Visualizing the ZeroAccess botnet in Google Earth

"The ZeroAccess botnet is a very widespread malware threat that has been infecting computers around the world for years. Its estimated that the current version of ZeroAccess has been installed over nine million times, with roughly one million PCs still infected. The folks at F-Secure have plotted nearly 140,000 infections on Google Earth, based on the IP address of the infected computer, and the result is an amazing (and rather scary) map...."

http://www.gearthblog.com/blog/archives/2012/10/visualizing_the_zeroaccess_botnet_i.html


Cyber crooks should make you very nervous

"Federal undercover agents are resorting to show and tell to combat a growing menacecriminal hackers. The Justice Department has been making headlines by publicizing prosecutions, disclosing investigative techniques and revealing findings before clinching guilty verdicts. Sure, calling attention to charges and arrests could discourage digital invaders...."

http://www.nextgov.com/cybersecurity/2012/10/cyber-crooks-should-make-you-very-nervous/58584/


Vuln: Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities

Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities

http://www.securityfocus.com/bid/54569


lost+found: Vom Versuch eine Ente wieder einzufangen

Das Magazin hakin9 ist einem Troll-Versuch aufgesessen und hat einen peinlichen Nonsens-Artikel veröffentlicht: Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning (man beachte die Abkürzung DICKS). Angesichts prominenter Autoren, deren Namen sich wie ein Who-is-Who der Security-Szene lesen, fiel offensichtlich niemandem mehr auf, dass Sätze wie "NMAP requires root access in order to allow B-trees" absolut keinen Sinn ergeben.

http://www.heise.de/security/meldung/lost-found-Vom-Versuch-eine-Ente-wieder-einzufangen-1724090.html/from/atom10


"Universal Man in the Browser": Datenklau in Echtzeit

Die amerikanische Sicherheitsfirma Trusteer hat eine neue Form der "Man in the Browser"-Attacke (MitB) ausgemacht, die niederschwelliger und effizienter als bereits bekannte MitB sein soll. Das Besondere an dem Spionageprogramm ist die eingebaute Logik, die es erlaubt, die gestohlenen Daten in Echtzeit auszuwerten und möglichst schnell einem Weiterverkauf zugänglich zu machen. Trusteer nennt diese neue Form 'Universal Man in the Browser' (uMitB).

http://www.heise.de/security/meldung/Universal-Man-in-the-Browser-Datenklau-in-Echtzeit-1724130.html/from/atom10


Blacklist RFC-Ignorant.org stellt den Betrieb ein

Postmaster und andere Netz-Administratoren sollten RFC-Ignorant.org umgehend aus ihren Server-Konfigurationen entfernen. Die Meldestelle gegen Netzmissbrauch beantwortet bereits sämtliche Anfragen mit "Eintrag nicht vorhanden".

http://www.heise.de/security/meldung/Blacklist-RFC-Ignorant-org-stellt-den-Betrieb-ein-1724429.html/from/atom10