End-of-Shift report
Timeframe: Montag 12-11-2012 18:00 − Dienstag 13-11-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Stefan Lenzhofer
Ruby-Update behebt DoS-Lücke
Die Entwickler der Programmiersprache Ruby schließen mit Version 1.9.3-p327 eine Schwachstelle, die es Angreifern erlaubt, ein System durch hohe CPU-Last lahm zu legen (Denial of Service, DoS). Der Fehler tritt beim Verarbeiten speziell präparierter Zeichenketten durch die Hash-Funktion MurmurHash auf.
http://www.heise.de/security/meldung/Ruby-Update-behebt-DoS-Luecke-1748451.html/from/atom10
Cybercriminals start spamvertising Xmas themed scams and malware campaigns
"Security researchers from Symantec are warning about a recently intercepted flood of Xmas themed malicious and fraudulent campaigns. Isn't it too early for such type of campaigns to be launched, or are the spammers behind these campaigns relying on a different set of marketing tactics? The campaign is a great example of a flawed event-based social engineering attempt...."
http://www.zdnet.com/cybercriminals-start-spamvertising-xmas-themed-scams-and-malware-campaigns-7000007178/
Firefox users slowest to update browser, Kaspersky Lab finds out
"Nearly one in four PC users run out-of-date or obsolete versions of the most popular browsers for a month or longer with Mozilla Firefox users the slowest to update their software, Kaspersky Lab has found. The company looked at the browsers installed on a random 10-million sample of its antivirus user base, finding that Internet Explorer was marginally the most common default browser on 37,8 percent of users...."
http://news.techworld.com/security/3410386/firefox-users-slowest-update-browser-kaspersky-lab-finds/
First Windows 8 and Windows RT Security Updates Due Next Week
"Plenty is happening on the Microsoft patch management front. First, Adobe agreed to sync up its patch release cycles with Microsofts on the second Tuesday of every month, moving away from quarterly releases. And now on Tuesday, Microsoft will release its first security updates since the release of Windows 8...."
http://threatpost.com/en_us/blogs/first-windows-8-and-windows-rt-security-updates-due-next-week-110812?utm_source=Newsletter_111212&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=
New report warns of SCADA CYBERGEDDON*
In the worst case. The industrial control system fright machine is getting another kick along today, via a survey by Russian vendor Positive Technologies.
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/12/scada_vulnerability_study/
Samsung Galaxy S3 sichert Passwörter im Klartext
Beim beliebten Samsung Galaxy S3 ist eine Sicherheitslücke gefunden worden. Die interne App S-Memo speichert Passwörter im Klartext. Damit wird es möglich, dass jeder, der sich Zugriff beschaffen kann und weiß, wo das entsprechende File liegt, dieses auch tatsächlich lesen kann.
http://futurezone.at/digitallife/12422-galaxy-s3-sichert-passwoerter-im-klartext.php?rss=fuzo
Even a CHILD can make a Trojan to pillage Windows Phone 8
Whippersnapper will reveal all in the Malcon tent A teenager has crafted prototype malware for Windows Phone 8 just weeks after the official unveiling of the smartphone platform.
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/13/windows_phone_8_malware/
BSI-Test: Verwundbarkeit von Windows-Rechnern im Netz
Windows-Systeme soll man stets auf dem aktuellen Stand halten, beim Browser greift man am besten zu Google Chrome, auf Java verzichtet man möglichst ganz - das predigen sowohl c't als auch das Bundesamt für Sicherheit in der Informationstechnik (BSI).
http://www.heise.de/security/meldung/BSI-Test-Verwundbarkeit-von-Windows-Rechnern-im-Netz-1748721.html/from/atom10
Top 5 Security Predictions for 2013 from Symantec
"With this year quickly coming to an end, its time for us at Symantec to publish our predictions on what we expect will happen in the world of cybersecurity for the coming year. Most of us at Symantec tend to be fact-based, data-driven individuals. However, predicting the future always involves a bit of speculation...."
http://www.symantec.com/connect/blogs/top-5-security-predictions-2013-symantec
Vuln: libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability
libproxy CVE-2012-4504 Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55909