End-of-Shift report
Timeframe: Donnerstag 31-10-2013 18:00 − Montag 04-11-2013 18:00
Handler: Otmar Lendl
Co-Handler: Stephan Richter
Top three recommendations for securing your personal data using cryptography, by EU cyber security Agency ENISA in new report
ENISA, the European Union's "cyber security" Agency today launched a report that all authorities should better promote cryptographic measure to safeguard personal data.
http://www.enisa.europa.eu/media/press-releases/top-three-recommendations-for-securing-your-personal-data-using-cryptography-by-eu-cyber-security-agency-enisa-in-new-report
Know Your Enemy: Tracking A Rapidly Evolving APT Actor
Between Oct. 24-25 FireEye detected two spear-phishing attacks attributed a threat actor we have previously dubbed
admin at 338.[1] The newly discovered attacks targeted a number of organizations and were apparently focused on gathering data related to international trade, finance and economic...
http://www.fireeye.com/blog/technical/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html
How To Avoid CryptoLocker Ransomware
Over the past several weeks, a handful of frantic Microsoft Windows users have written in to ask what they might do to recover from PC infections from "CryptoLocker," the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts your files until you pay a ransom. Unfortunately, the answer for these folks is usually either to pay up or suck it up. This post offers a few pointers to help readers avoid becoming the next victim.
http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/
Why Motivated Attackers Often Get What They Want
Do you work for a company possessing information which could be of financial value to people outside the organization? Or, perhaps even a foreign state would find it useful to gain access to the documents youre storing on that shared network drive? Yes? Then congratulations, you may already be the target of a persistent and motivated attacker (who sometimes, but rarely, is also advanced).According to this CERT-FI presentation, even Finland has seen nearly a decade of these attacks. Nowadays,
http://www.f-secure.com/weblog/archives/00002632.html
Google-dorks based mass Web site hacking/SQL injecting tool helps facilitate malicious online activity
Among the most common misconceptions regarding the exploitation (hacking) of Web sites, is that no one would exclusively target *your* Web site, given that the there are so many high profile Web sites to hack into. In reality though, thanks to the public/commercial availability of tools relying on the exploitation of remote Web application vulnerabilities, the insecurely configured Web sites/forums/blogs, as well as the millions of malware-infected hosts internationally, virtually every Web
http://www.webroot.com/blog/2013/11/01/peek-inside-google-dorks-based-mass-sql-injecting-tool/
Secunias PSI Country Report - Q3 2013, (Fri, Nov 1st)
On the heels of discussing Microsofts Security Intelligence Report v15 wherein the obvious takeaway is "Windows XP be gone!", Secunias just-released PSI Country Report - Q3 2013 is an interesting supplemental read. Here are the summary details: Programs Installed: 75, from 25 different vendors 40% (30 of 75) of these programs are Microsoft programs 60% (45 of 75) of these programs are from third-party vendors Users with unpatched Operating Systems: 14.6% (WinXP, Win7, Win8,
http://isc.sans.edu/diary.html?storyid=16943&rss
July-September 2013
NOTE 1: The "ICS-CERT Monitor" newsletter offers a means of promoting preparedness, information sharing, and collaboration with the 16 critical infrastructure sectors. ICS-CERT accomplishes this on a day-to-day basis through sector briefings, meetings, conferences, and information product releases.
http://ics-cert.us-cert.gov/monitors/ICS-MM201310
SOHO Router Horror Stories: German Webcast with Mike Messner
https://community.rapid7.com/community/metasploit/blog/2013/11/04/soho-router-horror-stories-german-webcast-with-mike-messner
Nordex NC2 - Cross-Site Scripting Vulnerability
NCCIC/ICS-CERT is aware of a public report of a Cross-Site Scripting vulnerability affecting the Nordex Control 2 (NC2) application, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by allowing a specially crafted request that could execute arbitrary script code. This report was released without coordination with either the vendor or NCCIC/ICS-CERT. NCCIC/ICS-CERT is attempting to...
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-304-01
VU#450646: Tiki Wiki CMS Groupware version 11.0 contains a cross-site scripting (XSS) vulnerability
Vulnerability Note VU#450646 Tiki Wiki CMS Groupware version 11.0 contains a cross-site scripting (XSS) vulnerability Original Release date: 31 Oct 2013 | Last revised: 31 Oct 2013 Overview Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a cross-site scripting (XSS) vulnerability (CWE-79). Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)Tiki Wiki CMS Groupware version 11.0 and possibly earlier versions contain a
http://www.kb.cert.org/vuls/id/450646
VMSA-2013-0009.2
VMware vSphere, ESX and ESXi updates to third party libraries
http://www.vmware.com/security/advisories/VMSA-2013-0009.html
TP-Link Cross Site Request Forgery Vulnerability
Topic: TP-Link Cross Site Request Forgery Vulnerability Risk: Medium Text:I. Introduction Today the majority of wired Internet connections is used with an embedded NAT router, which allows using ...
http://cxsecurity.com/issue/WLB-2013100223
Zend Framework Proxied Request Processing IP Spoofing Weakness
https://secunia.com/advisories/55529
Novell ZENworks Configuration Management Directory Traversal Flaw Lets Remote Users Obtain Files
http://www.securitytracker.com/id/1029289
Security Bulletins for multiple HP Products
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969436
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969433
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748879
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03960916
Security Bulletins for multiple IBM Products
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_notes_domino_fixes_for_multiple_vulnerabilities_in_ibm_jre4?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_infosphere_guardium_data_redaction_affected_by_ssl_vulnerability_in_apache_axis2_cve_2012_57852?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_domino_designer_9_0_1_and_8_5_3_fix_pack_5_fix_for_ibm_jre_xml_parsing_vulnerability?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_puredata_system_for_operational_analytics_a1791_is_affected_by_an_ospf_vulnerability_cve_2013_0149?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_exist_in_the_ibm_java_sdk_that_is_shipped_with_tivoli_netcool_omnibus_web_gui_cve_2013_0440_cve_2013_0443?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_vulnerabilities_in_ibm_infosphere_optim_data_growth_for_oracle_e_business_suite_cve_2013_0577_cve_2013_0579_cve_2013_05801?lang=en_us
http://www.securityfocus.com/bid/62018