End-of-Shift report
Timeframe: Dienstag 08-10-2013 18:00 − Mittwoch 09-10-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
WhatsApp-Verschlüsselung ruft Zweifel hervor
Dem Chefentwickler des IM-Clients Adium zufolge müssen WhatsApp-Nutzer alle bisher versandten Nachrichten als entschlüsselbar betrachten.
http://www.heise.de/security/meldung/WhatsApp-Verschluesselung-ruft-Zweifel-hervor-1974767.html
The October 2013 security updates
This month we release eight bulletins - four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083. Our Bulletin Deployment Priority graph provides an overview of this month's priority releases...
http://blogs.technet.com/b/msrc/archive/2013/10/08/the-october-2013-security-updates.aspx
Other Patch Tuesday Updates (Adobe, Apple), (Wed, Oct 9th)
Adobe released two bulletins today: APSB13-24: Security update for RoboHelp
http://www.adobe.com/support/security/bulletins/apsb13-24.html I dont remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window. APSB13-25: Security update for Adobe Acrobat and Adobe Reader
http://www.adobe.com/support/security/bulletins/apsb13-25.html This update fixes a problem that was introduced in a recent
http://isc.sans.edu/diary.html?storyid=16763&rss
September 2013 Virus Activity Overview
October 1, 2013 The first autumn month in 2013 was marked by a number of important events that could have a profound impact on IT security in the future. In particular, in early September a dangerous backdoor that can execute commands from a remote server was discovered, and a bit later Doctor Webs analysts identified the largest known botnet comprised of more than 200,000 infected devices running Android. Overall, numerous malignant programs for this platform were found in September. Viruses
http://news.drweb.com/show/?i=3962&lng=en&c=9
ENISA - Can we learn from SCADA security incidents - White Paper
Security experts across the world continue to sound the alarm bells about the security of Industrial Control Systems (ICS). Industrial Control Systems look more and more like consumer PCs. They are used everywhere and involve a considerable amount of software, often outdated and unpatched. Recent security incidents in the context of SCADA and Industrial Control Systems emphasise greatly the importance of good governance and control of SCADA infrastructures.
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/scada-industrial-control-systems/can-we-learn-from-scada-security-incidents
Staying Stealthy: Passive Network Discovery with Metasploit
One of the first steps in your penetration test is to map out the network, which is usually done with an active scan. In situations where you need to be stealthy or where active scanning may cause instability in the target network, such as in SCADA environments, you can run a passive network scan to avoid detection and reduce disruptions. A passive network scan stealthily...
https://community.rapid7.com/community/metasploit/blog/2013/10/09/passive-network-discovery-sniffing-for-network-discovery-with-metasploits-metamodules
Twitter Malware
NCC Group has observed a sharp rise in threats using Twitter direct messages (often abbreviated to DMs) as a method of delivery over the last few months. These threats originate from compromised Twitter accounts. These accounts, once compromised, send direct messages to their followers. If received by email,...
http://www.nccgroup.com/en/blog/2013/10/twitter-malware/
Alstom e-Terracontrol DNP3 Master Improper Input Validation
OVERVIEW: Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the Alstom e-terracontrol software. Alstom has produced a patch that mitigates this vulnerability. Adam Crain and Chris Sistrunk have tested the patch to validate that it resolves the vulnerability. This vulnerability could be exploited remotely.
http://ics-cert.us-cert.gov/advisories/ICSA-13-282-01