End-of-Shift report
Timeframe: Donnerstag 06-12-2012 18:00 − Freitag 07-12-2012 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
Sieben Microsoft-Patches auf einen Streich am Patchday
Microsoft kündigte an, anlässlich seines Dezember-Patchdays am kommenden Dienstag sieben Patch-Pakete (Bulletins) herauszugeben, die insgesamt elf Sicherheitslücken schließen. Fünf der Patch-Pakete stuft das Unternehmen als kritisch ein; sie schließen Lücken, die das Einschleusen von Schadcode aus der Ferne erlauben.
http://www.heise.de/security/meldung/Sieben-Microsoft-Patches-auf-einen-Streich-am-Patchday-1764228.html/from/atom10
Viele beliebte Windows-Programme unzureichend gesichert
Der Autor der Software SlopFinder beschreibt, dass viele beliebte Windows-Programme selbst grundlegende Schutzmechanismen nicht verwenden. So soll bei DEP (Data Execution Prevention) der Prozessor über ein Flag (NX-Bit) die Ausführung von eingeschleustem Schadcode im Datenbereich verhindern.
http://www.heise.de/security/meldung/Viele-beliebte-Windows-Programme-unzureichend-gesichert-1763634.html/from/atom10
RSA boss predicts "catastrophic" cyber attack
"A large-scale attack on critical infrastructure will soon become a reality, according to RSA chief executive Art Coviello. The security boss said that poor government security protections combined with increasingly sophisticated attack techniques has left critical infrastructure at risk for attacks which could cause widespread damage."I abhor the phrase Cyber Pearl Harbor because I think it is a poor metaphor to describe the state I believe we are in," Coviello
http://www.v3.co.uk/v3-uk/news/2229201/rsa-boss-art-coviello-predicts-catastrophic-cyber-attack
Skynet, a Tor-powered botnet straight from Reddit
FROM: Matthias Fraidl <
fraidl at cert.at>
Following is an overview of this malware labelled by the creator as
Skynet: a Tor-powered trojan with DDoS, Bitcoin mining and Banking
capabilities, that we observed spreading through the veins of Usenet.
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit
/taranis/mod_assess/show_mail.pl?id=1826
BlackHole Exploit Kit Has Difficulties in Infecting Chrome Users, Experts Say
"The notorious BlackHole exploit kit has been around for quite some time now, with new iterations being released periodically. While it can be considered one of the most efficient cybercriminal tools, BlackHole doesnt like it when its victims utilize Googles Chrome web browser. According to experts from Blue Coat, when potential victims are tricked into clicking on links that point to BlackHole-infested websites, theyre presented with a loading or a please wait message, while in the
http://news.softpedia.com/news/BlackHole-Exploit-Kit-Has-Difficulties-in-Infecting-Chrome-Users-Experts-Say-312810.shtml
New Trojan Exploits Mobile Channel - Eurograbber Defeats Two-Factor Authentication
"Eurograbber is more than just another banking Trojan. Its an exploitation of fundamental online banking authentication practices that could strike any institution, says Check Points Darrell Burkey. This Zeus variant Trojan is blamed for attacks that stole more than 36 million Euros ($47 million U.S. dollars) from an estimated 30,000 consumer and corporate accounts at European banks...."
http://www.bankinfosecurity.com/interviews/new-trojan-exploits-mobile-channel-i-1730?rf=2012-12-07-eb&elq=97c4107542e14b648bd95bdb2a52d39c&elqCampaignId=5278
WhatsApp schließt Lücke erneut, aber nicht überall
Das Katz-und-Maus-Spiel um die Sicherheit von WhatsApp geht in die nächste Runde: Nachdem heise Security vor rund einer Woche demonstriert hatte, dass die Android-Version nach wie vor anfällig für Account-Hijacking ist, bietet der Betreiber nun WhatsApp-Version 2.8.8968 über Google Play an, die eine verbesserte Rufnummern-Verifikation verspricht.
http://www.heise.de/security/meldung/WhatsApp-schliesst-Luecke-erneut-aber-nicht-ueberall-1764548.html/from/atom10