Tageszusammenfassung - Dienstag 18-12-2012

End-of-Shift report

Timeframe: Montag 17-12-2012 18:00 − Dienstag 18-12-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

Vuln: Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/56846


Vuln: Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability

http://www.securityfocus.com/bid/56847


Vuln: TWiki Multiple Security Vulnerabilities

TWiki Multiple Security Vulnerabilities

http://www.securityfocus.com/bid/56950


Reminder: Java 6 end-of-live February 2013 , (Mon, Dec 17th)

Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here: http://www.oracle.com/technetwork/java/javase/eol-135779.html

http://isc.sans.edu/diary.html?storyid=14719&rss


Bugtraq: IPv6 Neighbor Discovery security (new documents)

IPv6 Neighbor Discovery security (new documents)

http://www.securityfocus.com/archive/1/525063


Cyber Security Bulletin (SB12-352) - Vulnerability Summary for the Week of December 10, 2012

"The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability...

http://www.us-cert.gov/cas/bulletins/SB12-352.html


Carberp-in-the-Mobile found on Google Play

"Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play cant be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps. Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile...

http://www.net-security.org/malware_news.php?id=2362


Lookout Predicts 18 Million Android Malware Infections by End of 2013

"Lookout Mobile Security recently published its mobile threat predictions for 2013, anticipating that 18 million Android users will encounter mobile malware between the beginning of 2012 and the end of 2013."The likelihood that new Lookout users will encounter malware or spyware is heavily dependent on their geography and behavior, varying from 0. 20 percent in Japan to 0. 40 percent in the US and as high as 34...."

http://www.esecurityplanet.com/mobile-security/lookout-predicts-18-million-android-malware-infections-by-end-of-2013.html


Trojan Upclicker malware infecting PCs via mouse input

"Windows PC owners be warned theres a new strain of malware out there that befuddles users into helping it accomplish its dirty deeds via mouse clicks. Dubbed "Trojan Upclicker" by the FireEye Malware Intelligence Lab researchers who identified it, this elusive bit of malicious code is purpose-built to evade identification by the automated analysis systems used by many anti-virus vendors. FireEye researchers Abhishek Singh and Yasir Khalid noted that Trojan Upclicker is a variant...

http://www.itproportal.com/2012/12/17/trojan-upclicker-malware-infecting-pcs-via-mouse-input/#21


EU to propose mandatory reporting of cyber incidents

"The European Union may force companies operating critical infrastructure in areas such as banking, energy and stock exchanges to report major online attacks and reveal security breaches, according to draft report by the European Commission. The European Commission is due to present a proposal on cybersecurity in February once it has received feedback from the European Parliament and EU countries. The proposal was initially announced in May for the third quarter this year but has been...

http://www.euractiv.com/infosociety/eu-propose-mandatory-reporting-c-news-516723