Tageszusammenfassung - Donnerstag 28-02-2013

End-of-Shift report

Timeframe: Mittwoch 27-02-2013 18:00 − Donnerstag 28-02-2013 18:00 Handler: Matthias Fraidl Co-Handler: Robert Waldner

Kelihos-Botnet ausgeknipst - Live on stage

Während einer Präsentation hat ein Sicherheitsforscher live die Kommunikationskanäle des Viagra-Spam-Botnets Kelihos vergiftet und das Zombie-Netzwerk damit de facto abgeschaltet.

http://rss.feedsportal.com/c/32407/f/463925/s/29084f8e/l/0L0Sheise0Bde0Csecurity0Cmeldung0CKelihos0EBotnet0Eausgeknipst0ELive0Eon0Estage0E18128840Bhtml0Cfrom0Crss0A9/story01.htm


Hacking Victim Bit9 Blames SQL Injection Flaw

"Bit9 said a common Web application vulnerability was responsible for allowing hackers to ironically use the security vendors systems as a launch pad for attacks on other organizations. Based in Waltham, Massachusetts, the company sells a security platform that is designed in part to stop hackers from installing their own malicious software. In an embarrassing admission, Bit9 said earlier this month that it neglected to install its own software on a part of its network, which lead to the

http://www.cio.com/article/729401/Hacking_Victim_Bit9_Blames_SQL_Injection_Flaw


cPanel: Reset your root passwords! Hackers broke into our system

"Website administration firm cPanel has told The Reg that one of its proxy servers was hacked, potentially exposing customers administrator-level passwords. cPanel discovered that one of its systems, used to handle technical support tickets, was infiltrated nearly a week ago. The biz, which provides tools for managing Unix-powered websites, has urged anyone who contacted its help-desk within the last six months to change their root passwords - a credential requested in new support

http://www.theregister.co.uk/2013/02/27/cpanel_support_server_hacked/


Joomla! 3.0.2 PHP Object Injection

Topic: Joomla! 3.0.2 PHP Object Injection Risk: Medium Text: - Joomla!

http://feedproxy.google.com/~r/securityalert_database/~3/q-jzkZbxx84/WLB-2013020211


Drupal Creative Theme 7.x Cross Site Scripting

Topic: Drupal Creative Theme 7.x Cross Site Scripting Risk: Low Text:View online: https://drupal.org/node/1929474 * Advisory ID: DRUPAL-SA-CONTRIB-2013-024 * Project: Creative Theme [1] (t...

http://feedproxy.google.com/~r/securityalert_database/~3/SebLduXdSsE/WLB-2013020206


'MiniDuke' malware takes aim at Euro governments via Adobe

A new attack is targeting European governments through flaws exploited in Adobe's Reader software, according to security researchers.

http://news.cnet.com/8301-1009_3-57571571-83/miniduke-malware-takes-aim-at-euro-governments-via-adobe/


German Customers of PayPal, ING-DiBa Asked by Scammers to Update Accounts

In a brand new phishing campaign targeting Germans, scammers set their eyes on identification data of PayPal and ING customers in Germany.

http://www.hotforsecurity.com/blog/german-customers-of-paypal-ing-diba-asked-by-scammers-to-update-accounts-5503.html


Moscows speed cameras knackered by MYSTERY malware

Infection spread from cops to traffic gear - report Malware has infected a Russian police computer network, knackering speed cameras in and around Moscow, according to reports.

http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/malware_hobbles_moscow_speed_cams/


Vuln: Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability

Todd Miller Sudo CVE-2013-1775 Local Authentication Bypass Vulnerability

http://www.securityfocus.com/bid/58203


Vuln: Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability

Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability

http://www.securityfocus.com/bid/58207