Tageszusammenfassung - Dienstag 17-12-2013

End-of-Shift report

Timeframe: Montag 16-12-2013 18:00 − Dienstag 17-12-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

Rapid7 Webcasts: A Great Week to Learn About Pentesting SAP Infrastructures

https://community.rapid7.com/community/metasploit/blog/2013/12/16/rapid7-webcasts-a-great-week-to-learn-about-pentesting-sap-infrastructures


Three Books You Too Should Read This Year (Or Early 2014)

For the holiday season, The Grumpy Reader fishes out a selecton of recent books you should read even if you think youre too busy.Im sure youve had that feeling too: There are times when theres too much coming your way when youre already busy, so some things just fall by the wayside for too long. In my case the victims of my unpredictable schedule were books that publishers sent me for review in one form or the other, and those reviews just never got written as I wanted to in between other...

http://bsdly.blogspot.com/2013/12/three-books-you-too-should-read-this.html


How hackers made minced meat of Department of Engergy networks

Hint: Some critical security patches not installed for years.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/HKg_RoYby0g/story01.htm


Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we're publishing the December 2013 Security Bulletin Webcast Questions & Answers page. We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin (MS13-096), Security Advisory 2915720 and Security Advisory 2905247. We also wanted to note a new blog on the Microsoft Security Blog site on the top cyber threat predications for 2014. Topics from ransomware to regulation are covered by seven of Trustworthy Computing's top...

http://blogs.technet.com/b/msrc/archive/2013/12/16/predictions-for-2014-and-the-december-2013-security-bulletin-webcast-q-amp-a-and-slide-deck.aspx


Dissection of Zertsecurity - Banking Trojan.

Zertsecurity is a well known banking Trojan based on phishing schemes targeting German Android users. Lets see how it works. After installing the application, it prompts the user for account and PIN numbers. The application takes the values of the account and PIN numbers via input boxes and saves them to the cfg.txt file. It then sends this file to a remote command and control (C&C)...

http://research.zscaler.com/2013/12/dissection-of-zertsecurity-banking.html


The Case for a Compulsory Bug Bounty

Security experts have long opined that one way to make software more secure is to hold software makers liable for vulnerabilities in their products. This idea is often dismissed as unrealistic and one that would stifle innovation in an industry that has been a major driver of commercial growth and productivity over the years. But a new study released this week presents perhaps the clearest economic case yet for compelling companies to pay for information about security vulnerabilities in their...

http://krebsonsecurity.com/2013/12/the-case-for-a-compulsory-bug-bounty/


Big Data in Security

Cisco's TRAC team about Big Data security challenges, tools and methodologies.

http://blogs.cisco.com/security/big-data-in-security-part-i-trac-tools/ http://blogs.cisco.com/security/big-data-in-security-part-ii-the-amplab-stack/ http://blogs.cisco.com/security/big-data-in-security-part-iii-graph-analytics/ http://blogs.cisco.com/security/big-data-in-security-part-iv-email-auto-rule-scoring-on-hadoop/ http://blogs.cisco.com/security/big-data-in-security-part-v-anti-phishing-in-the-cloud/


Hintergrund: iOS-Verschlüsselung durchleuchtet

Neben der Hardware-Verschlüsselung bietet iOS noch eine optionale Datei-Verschlüsselung. Bei iOS 7 hat Apple deren Einsatz für Apps automatisiert. Allerdings genehmigt sich Apple selbst großzügige Ausnahmen für eigene Anwendungen.

http://www.heise.de/security/artikel/iOS-Verschluesselung-durchleuchtet-2066500.html


Android anti-virus apps CANT kill nasties on sight like normal AV - and thats Googles fault

Bad news if youre not a tech-savvy fandroid Android users expecting Windows levels of performance from Android-specific anti-virus packages are likely to be disappointed because only Google can automatically delete dodgy apps on Android devices, say malware experts.

http://go.theregister.com/feed/www.theregister.co.uk/2013/12/17/android_anti_malware/


Apple security updates Mac OS X and Safari, (Tue, Dec 17th)

Apple have released the following security advisories and updates for Mac OS X and Safari. OS X Mavericks v10.9.1 and APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1. More information will be available from their web site: http://support.apple.com/kb/HT1222

http://isc.sans.edu/diary.html?storyid=17234


Blog: ChewBacca - a new episode of Tor-based Malware

We have discovered a new Tor-based malware, named "ChewBacca" and detected as "Trojan.Win32.Fsysna.fej". Adding Tor to malware is not unique to this sample, but it's still a rare feature. Lately Tor has become more attractive as a service to ensure users' anonymity. Also criminals use it for their activities, but they are only slowly adopting this to host their malicious infrastructure.

http://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware


Trojan.Skimer.18 infects ATMs

December 16, 2013 Russian anti-virus company Doctor Web is warning users about the Trojan program Trojan.Skimer.18. The criminals behind this malware are targeting ATMs of one of the worlds largest manufacturers. The Trojan can intercept and transmit bank card information processed by ATMs as well as data stored on the card and its PIN code. Trojan.Skimer.18 is by no means the first backdoor to infect ATM software, but it is the first to target devices so common throughout the world. The

http://news.drweb.com/show/?i=4167&lng=en&c=9


Cisco EPC3925 cross-site request forgery

http://xforce.iss.net/xforce/xfdb/89713


Bugtraq: [security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution

http://www.securityfocus.com/archive/1/530357


Asterisk Dialplan Functions Let Remote Authenticated Users Gain Elevated Privileges

http://www.securitytracker.com/id/1029500


Asterisk SMS Message Buffer Overflow Lets Remote Users Deny Service

http://www.securitytracker.com/id/1029499