Tageszusammenfassung - Freitag 18-10-2013

End-of-Shift report

Timeframe: Donnerstag 17-10-2013 18:00 − Freitag 18-10-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a

You´re infected - if you want to see your data again, pay us $300 in Bitcoins

Ransomware comes of age with unbreakable crypto, anonymous payments.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/VLDxuwIP36Q/story01.htm


DNS-Experten diskutieren Risiken neuer Angriffsszenarien

Forscher beschreiben Angriffsszenarien auf das Domain Name System, bei dem die Fragmentierung von IP-Paketen ausgenutzt wird.

http://www.heise.de/security/meldung/DNS-Experten-diskutieren-Risiken-neuer-Angriffsszenarien-1981443.html


Kankan - eine chinesische Trojaner-Geschichte

Die Analysten von Eset haben eine mysteriöse Geschichte über einen Trojaner zusammengetragen, der vor allem in China Verbreitung fand. Die Bestandteile: infizierte PCs und Smartphones, ein reumütiger Software-Hersteller und mehrere offene Rätsel.

http://www.heise.de/security/meldung/Kankan-eine-chinesische-Trojaner-Geschichte-1981463.html


Got a mobile phone? Then youve got a Trojan problem too

This time it´s personal Something wonderful has happened: phones have got smart, but the bad news is they may open the door to those you don´t want to let in.

http://www.theregister.co.uk/2013/10/18/feature_mobile_security_malware/


VMware Release Multiple Security Updates

VMware released the following security updates. The first one is VMSA-2013-0012 which address multiple vulnerabilities in vCenter Server, vSphere Update Manager, ESXi and ESX. The second is VMSA-2013-0006.1 which address multiple vulnerabilities in vCenter Server Appliances and vCenter Server running on Windows. The last is VMSA-2013-0009.1 which address multiple vulnerabilities in vCenter Server, ESX and ESXi that updates third party libraries.

http://isc.sans.edu/diary.html?storyid=16847&rss


Fiendish CryptoLocker ransomware: Whatever you do, dont PAY

Create remote backups before infection, advise infosec bods Vid A fiendishly nasty strain of Windows malware that uses advanced encryption to lock up user files before demanding a ransom is doing the rounds.

http://www.theregister.co.uk/2013/10/18/cryptolocker_ransmware/


Sybase Adaptive Server Enterprise XML injection

http://xforce.iss.net/xforce/xfdb/88105


cPanel CloudFlare Plugin Unspecified Privilege Escalation Vulnerability

https://secunia.com/advisories/55273


osCommerce Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks to Create New Admin Accounts

http://www.securitytracker.com/id/1029189


Level One Enterprise Access Points Password Disclosure

http://cxsecurity.com/issue/WLB-2013100123


Bugtraq: CSRF vulnerability in LinkedIn

http://www.securityfocus.com/archive/1/529270


Summary for October 2013 - Version: 1.1

http://technet.microsoft.com/en-za/security/bulletin/ms13-oct