Tageszusammenfassung - Freitag 7-12-2012

End-of-Shift report

Timeframe: Donnerstag 06-12-2012 18:00 − Freitag 07-12-2012 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner

Sieben Microsoft-Patches auf einen Streich am Patchday

Microsoft kündigte an, anlässlich seines Dezember-Patchdays am kommenden Dienstag sieben Patch-Pakete (Bulletins) herauszugeben, die insgesamt elf Sicherheitslücken schließen. Fünf der Patch-Pakete stuft das Unternehmen als kritisch ein; sie schließen Lücken, die das Einschleusen von Schadcode aus der Ferne erlauben.

http://www.heise.de/security/meldung/Sieben-Microsoft-Patches-auf-einen-Streich-am-Patchday-1764228.html/from/atom10


Viele beliebte Windows-Programme unzureichend gesichert

Der Autor der Software SlopFinder beschreibt, dass viele beliebte Windows-Programme selbst grundlegende Schutzmechanismen nicht verwenden. So soll bei DEP (Data Execution Prevention) der Prozessor über ein Flag (NX-Bit) die Ausführung von eingeschleustem Schadcode im Datenbereich verhindern.

http://www.heise.de/security/meldung/Viele-beliebte-Windows-Programme-unzureichend-gesichert-1763634.html/from/atom10


RSA boss predicts "catastrophic" cyber attack

"A large-scale attack on critical infrastructure will soon become a reality, according to RSA chief executive Art Coviello. The security boss said that poor government security protections combined with increasingly sophisticated attack techniques has left critical infrastructure at risk for attacks which could cause widespread damage."I abhor the phrase Cyber Pearl Harbor because I think it is a poor metaphor to describe the state I believe we are in," Coviello

http://www.v3.co.uk/v3-uk/news/2229201/rsa-boss-art-coviello-predicts-catastrophic-cyber-attack


Skynet, a Tor-powered botnet straight from Reddit

FROM: Matthias Fraidl <fraidl at cert.at> Following is an overview of this malware labelled by the creator as Skynet: a Tor-powered trojan with DDoS, Bitcoin mining and Banking capabilities, that we observed spreading through the veins of Usenet. https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit /taranis/mod_assess/show_mail.pl?id=1826

BlackHole Exploit Kit Has Difficulties in Infecting Chrome Users, Experts Say

"The notorious BlackHole exploit kit has been around for quite some time now, with new iterations being released periodically. While it can be considered one of the most efficient cybercriminal tools, BlackHole doesnt like it when its victims utilize Googles Chrome web browser. According to experts from Blue Coat, when potential victims are tricked into clicking on links that point to BlackHole-infested websites, theyre presented with a loading or a please wait message, while in the

http://news.softpedia.com/news/BlackHole-Exploit-Kit-Has-Difficulties-in-Infecting-Chrome-Users-Experts-Say-312810.shtml


New Trojan Exploits Mobile Channel - Eurograbber Defeats Two-Factor Authentication

"Eurograbber is more than just another banking Trojan. Its an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Points Darrell Burkey. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks...."

http://www.bankinfosecurity.com/interviews/new-trojan-exploits-mobile-channel-i-1730?rf=2012-12-07-eb&elq=97c4107542e14b648bd95bdb2a52d39c&elqCampaignId=5278


WhatsApp schließt Lücke erneut, aber nicht überall

Das Katz-und-Maus-Spiel um die Sicherheit von WhatsApp geht in die nächste Runde: Nachdem heise Security vor rund einer Woche demonstriert hatte, dass die Android-Version nach wie vor anfällig für Account-Hijacking ist, bietet der Betreiber nun WhatsApp-Version 2.8.8968 über Google Play an, die eine verbesserte Rufnummern-Verifikation verspricht.

http://www.heise.de/security/meldung/WhatsApp-schliesst-Luecke-erneut-aber-nicht-ueberall-1764548.html/from/atom10