End-of-Shift report
Timeframe: Freitag 12-10-2012 18:00 − Montag 15-10-2012 18:00
Handler: Stephan Richter
Co-Handler: L. Aaron Kaplan
SCADA Hacking : Exploit released to Hack Solar Energy Plants
"ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities. They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product. The US Department of Homeland Security is warning about vulnerabilities in a common...
http://thehackernews.com/2012/10/scada-hacking-exploit-released-to-hack.html#sthash.BH98TJd3.dpbs
Remote Admin Tools May Not Be Clever Enough For Their Own Good
ancientribe writes "A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing, and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ehO8DsJFuJk/remote-admin-tools-may-not-be-clever-enough-for-their-own-good
Your Real-Time Cyber-Attack Map
"I have no idea how reliable the info shown here is, but it certainly is interesting. Especially to me, as I climb onto a plane bound for southern China via Japan. Its an animated real-time visualization of (it says) attempted cyber-attacks...."
http://www.theatlantic.com/technology/archive/2012/10/your-real-time-cyber-attack-map/263586/
Mac OS X Hackers Can Steal Apple IDs in Just 10 Seconds
"The guys over at shootitlive came across what seems to be a major security flaw that could be exploited by a hacker connected to the same WiFi network as the victim. The method is called Session Fixation Attack and basically comes down to using a previous browser session to extract private data and get access to an Apple ID. This means that iTunes and App Store accounts can be compromised, as the hacker can change both the password and the email address...."
http://news.softpedia.com/news/Mac-OS-X-Hackers-Can-Steal-Apple-IDs-in-Just-10-Seconds-299247.shtml
Cyberthings for Managers - Latest Issue 14 October 2012
"Cyberthings for Managers is a summary of signicant news or literature about the domain of Cyberwarfare and directly related areas. The summary is aimed at manager level and higher, thus there will be no listings of technical hacks, aws or incidents. Only major developments especially from governmental level down, are listed...."
http://www.opensourceintelligence.eu/website/cyberthings/latest.pdf
The Scrap Value of a Hacked PC, Revisited
"A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who cant begin to fathom why miscreants would want to hack into his PC. I dont bank online, I dont store sensitive information on my machine!..."
http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
The Deep Web Part 1: Introduction to the Deep Web and how to wear clothes online!
"According to Cisco, by the end of this year, there will be more Internet-connected mobile devices than people on Earth! Not surprisingly there is a lot of interesting content being generatedAccording to Netcraft, there are over 190 million active websites, and according to the WorldWideWebSize daily estimate, the Indexed Web contains at least 8. 42 billion pages...."
http://securityaffairs.co/wordpress/9409/security/the-deep-web-part-1-introduction-to-the-deep-web-and-how-to-wear-clothes-online.html
"Das muss menschliches Versagen sein" - Sicherheitskonferenz in Luxembourg
Das Computer Incident Response Center Luxembourg (CIRCL) veranstaltet vom 23. bis 25. Oktober erneut die Sicherheitskonferenz hack.lu. Der Veranstalter ist das offizielle Computer Security Incident Response Team des "Großherzogtums Luxembourg", das auch als Sponsor der Veranstaltung auftritt. Das Konferenz-Motto ist das berühmte Zitat des Computers HAL 9000 aus "2001: Odysee im Weltraum", der sich selbst für unfehlbar hielt und deshalb klar stellte: "It can only be attributable to human error".
http://www.heise.de/security/meldung/Das-muss-menschliches-Versagen-sein-Sicherheitskonferenz-in-Luxembourg-1729682.html/from/atom10
Bank Attacks: What Have We Learned? - How to Prepare for Next Wave of DDoS Strikes
"In the wake of eight sophisticated distributed denial of service attacks aimed at leading U.S. banks in recent weeks, financial institutions are bracing for more. The hacktivist group Izz ad-Din al-Qassam, which took credit for the online outages, said it planned to spend the weekend of Oct. 13-14 planning its next wave of attacks. And if the trend continues, those attacks could come as soon as Oct. 16, because the previous waves both started on Tuesdays...."
http://www.bankinfosecurity.com/bank-attacks-what-have-we-learned-a-5197?rf=2012-10-15-eb
State-Sponsored Malware Flame Has Smaller, More Devious Cousin
"Researchers have uncovered new nation-state espionage malware that has ties to two previous espionage tools known as Flame and Gauss, and that appears to be a high-precision, surgical attack tool targeting victims in Lebanon, Iran and elsewhere. Researchers at Kaspersky Lab, who discovered the malware, are calling the new malware miniFlame, although the attackers who designed it called it by two other names SPE and John. MiniFlame seems to be used to gain control of and obtain increased...
http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired27b+%28Wired%3A+Blog+-+Threat+Level%29
SilverStripe 2.4.7 and lower Persistent Cross Site Scripting
SilverStripe 2.4.7 and lower Open URL Redirection
http://feedproxy.google.com/~r/securityalert_database/~3/JmS3heO-psM/WLB-2012100125
http://feedproxy.google.com/~r/securityalert_database/~3/jFOmtCUzv_E/WLB-2012100124
Vuln: FileBound On-Site Password Reset Security Bypass Vulnerability
http://www.securityfocus.com/bid/55880