Tageszusammenfassung - Montag 8-10-2012

End-of-Shift report

Timeframe: Freitag 05-10-2012 18:00 − Montag 08-10-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

Reports of a Distributed Injection Scan, (Fri, Oct 5th)

We have received a report of a large distributed SQL Injection Scan from a reader. Behavior of scan is being reported as 9000+ Unique IPv4 Addresses and sends 4-10 requests to lightly fuzz the form field. Then the next IP will lightly fuzz the second form field within the same page and the next IP the next form field.Looks to be targeting MSSQL and seeking version. The reader reports that this scan has been going on for several days. Sample Payload:


Vuln: Ruby error.c Multiple Security Bypass Vulnerabilities

Ruby error.c Multiple Security Bypass Vulnerabilities


Over 82,000 Chrome Users Install Ad Injector Along with Fake Bad Piggies Game

"Barracuda Labs experts have identified a number of shady plugins hosted on Google Chromes web store, being advertised as the free online version of Bad Piggies. However, during installation, the plugins request permission to access data on all websites. This allows them to inject advertisements into several high-ranked sites, such as Yahoo!...."


Update to Security Advisory: Adobe Revokes Code Signing Certificate (APSA12-01)

Following up on our communication from September 27, 2012, we have now revoked the Adobe code signing certificate for all code signed after July 10, 2012 (00:00 GMT). We have updated the Security Advisory (APSA12-01) to reflect this action. This posting is provided “AS IS” with no warranties and confers no rights.


Windows Escalate UAC Protection Bypass

Topic: Windows Escalate UAC Protection Bypass Risk: High Text:## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial r...


Flame fallout: Microsoft encryption deadline looms Tuesday

"Starting Tuesday Microsoft platforms will block the use of encryption keys less than 1024 bits so businesses that are still using weaker keys better get busy. Changing the keys the Microsoft software uses isnt that tricky, but finding all the customer and third-party software in corporate networks that use smaller keys could require some searching. Users should download the update and test whether it breaks connections with existing applications before putting it into full production,


Govt to build global cyber security centre

"Hague announces plan for new cyber security centre to guard against cyber attack and offer nations advice on improving their cyber defences Foreign secretary William Hague has announced that the government is planning to build a new global cyber security centre of excellence aimed at helping developing nations combat cyber crime. Speaking yesterday at the Budapest Conference on Cyberspace, Hague said the government will invest 2 million per year on the Centre for Global Cyber-Security


Most of the Mass Distributed Malware in Q3 2012 Were Banking Trojans, Study Finds

"Every once in a while we like to take a look at the quarterly reports issued by security companies to see how the threat landscape evolves. This time well analyze the figures and key findings of Solutionary Security Engineering Research Teams (SERT) Q3 2012 Quarterly Research Report. The figures from the study reveal that malware developers are getting better and better at hiding their creations from antivirus software...."


Mozilla To Bug Firefox Users With Old Adobe Reader, Flash, Silverlight

An anonymous reader writes "Mozilla today announced it will soon start prompting Firefox users to upgrade select old plugins. This will only affect Windows users, and three plugins: Adobe Reader, Adobe Flash, and Microsoft Silverlight. Mozilla says Firefox users will soon see a notification urging them to update when they visit a web page that uses the plugins." Read more of this story at Slashdot.


Fake Panda Cloud Antivirus Hides Data-Stealing Dark Angel Trojan

"The fake Panda Cloud Antivirus has been found to hide a nasty Trojan called DarkAngle which is designed to steal sensitive details such as passwords and online banking details. Once its executed, the malicious element logs all the commands entered by the victim and sends them back to a command and control server. To make sure that it can harvest as much information as possible, the threat is loaded each time the computer is rebooted...."


Tablet security study finds BlackBerry still good for something

iPad,Galaxy Tab and PlayBook face off in BYOD probe A technology audit has identified security failings in three of the most popular tablets, raising concerns about the security implications of allowing workers to use their personal technology at work.…


Bank Hacks: 7 Misunderstood Facts

"Whos behind the recent online attacks against multiple financial institutions including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo? In recent weeks, all have bit hit by large-scale distributed denial-of-service (DDoS) attacks. Cue website outages and customer outrage...."


‘Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks

Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSAs advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. Im weighting in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about


Botnetz kartographiert das gesamte Internet