End-of-Shift report
Timeframe: Mittwoch 13-03-2013 18:00 − Donnerstag 14-03-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
Heimtückische Hintertür in TP-Link-Routern
Quasi auf Zuruf laden einige WLAN-Router eine ausführbare Datei aus dem Netz und führen die dann auch gleich mit Root-Rechten aus.
http://rss.feedsportal.com/c/32407/f/463925/s/298834fb/l/0L0Sheise0Bde0Csecurity0Cmeldung0CHeimtueckische0EHintertuer0Ein0ETP0ELink0ERoutern0E18224340Bhtml0Cfrom0Crss0A9/story01.htm
Kaspersky fixt IPv6-Problem der Internet Security Suite
Ein einziges, etwas seltsames IPv6-Paket genügt, um einen Windows-PC mit Kasperskys Firewall zum Stillstand zu bringen. Nach der Veröffentlichung des Problems will es der Hersteller jetzt beseitigen.
http://www.heise.de/security/meldung/Kaspersky-fixt-IPv6-Problem-der-Internet-Security-Suite-1822609.html
Mobile Drive-By Malware example
"Several days ago we received a complaint about javascrpt. ru. After a bit of research, we found that it tries to mimic ajax...."
http://blog.avast.com/2013/03/11/mobile-drive-by-malware-example/
US national vulnerability database hacked
Malware infection forces government vuln catalog offline The US governments online catalog of cyber-vulnerabilities has been taken offline ironically, due to a software vulnerability.
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/14/us_malware_catalogue_hacked/
Encryption Trojan attacks Spain and France
March 13, 2013 Russian anti-virus company Doctor Web has registered an ongoing massive spread of the encryption malware Trojan.ArchiveLock across PCs outside Russia. The program, dubbed Trojan.ArchiveLock.20, is infecting increasingly more computers in France and Spain. Last August, Doctor Web issued a warning about Trojan.ArchiveLock encryption malware. This program uses the archiver WinRAR to encrypt files. To spread the malware, criminals mount a brute force attack via the RDP protocol on
http://news.drweb.com/show/?i=3379&lng=en&c=9
Drupal Node Parameter Control 6.x Access Bypass
Topic: Drupal Node Parameter Control 6.x Access Bypass Risk: High Text:View online:
http://drupal.org/node/1942330 * Advisory ID: DRUPAL-SA-CONTRIB-2013-034 * Project: Node Parameter Control...
http://feedproxy.google.com/~r/securityalert_database/~3/D5fwYJPc7EI/WLB-2013030109
Expert Finds Way to Retrieve Facebook Authentication Token and Hack Any Account
"Security researcher Nir Goldshlager has identified yet another Facebook OAuth vulnerability that can be exploited to hack any account. In the attack method he presented back in February, the expert used the app_id of the Facebook Messenger to gain full access to accounts. The social media company has addressed the issue by using regex protection, but Goldshlager has discovered another method to exploit the Facebook Messenger app_id...."
http://news.softpedia.com/news/Expert-Finds-Way-to-Retrieve-Facebook-Authentication-Token-and-Hack-Any-Account-336973.shtml
Cyber-attack in the Czech Republic - Thieves in the night
"A MYSTERIOUS wave of cyber-attacks in the Czech Republicthe most extensive in the countrys historyon March 11th briefly disabled the web site for Unicredit, a bank. Other targets have included media, banks, mobile phone operators, the stock exchange and even the Czech National Bank. All but the Unicredit attack were so-called DDoS (distributed denial of service) attacks...."
http://www.economist.com/blogs/easternapproaches/2013/03/cyber-attack-czech-republic
Check Point 2013 Security Report Released
"The Check Point company has just released its already well known Check Point 2013 Security Report series report. The Check point 2013 Security Report examines top security threats, risky web applications that compromise network security, and loss of data caused by employees unintentionally. Based on research of 900 companies and 120,000 hours of monitored traffic, Check Points research reveals startling details of real risks faced by enterprises including:64% infected with bots91% used
http://www.felipemartins.info/2013/03/check-point-2013-security-report-released/
Antiviren-Software AVG hielt Systemdatei für Trojaner
Eine fälschlicherweise als Malware identifizierte Windows-DLL bescherte einigen AVG-Nutzern einen unruhigen Vormittag.
http://rss.feedsportal.com/c/32407/f/463925/s/299137b5/l/0L0Sheise0Bde0Csecurity0Cmeldung0CAntiviren0ESoftware0EAVG0Ehielt0ESystemdatei0Efuer0ETrojaner0E1822950A0Bhtml0Cfrom0Crss0A9/story01.htm
Erneuter Krypto-Angriff auf SSL/TLS-Verschlüsselung
Der vorgestellte Angriff auf das häufig eingesetzte Verschlüsselungsverfahren RC4 ist zwar noch nicht wirklich praktikabel, erschüttert aber das Fundament für sichere Internet-Verbindungen.
http://www.heise.de/security/meldung/Erneuter-Krypto-Angriff-auf-SSL-TLS-Verschluesselung-1822963.html
Blog: Reminder: be careful opening invoices on the 21st March
On March 4th we spotted a large number of unusual emails being blocked by our Linux Mail Security product. The emails all contained the same PDF attachment but were being sent from many different source addresses.
http://www.securelist.com/en/blog/837/Reminder_be_careful_opening_invoices_on_the_21st_March
Microsoft continues to focus on security in their products
"86% of vulnerabilities discovered in the most popular 50 programs in 2012 were in non-Microsoft (or third-party) programs. The result was published today in the Secunia Vulnerability Review 2013 that analyzes the evolution of software vulnerabilities from a global, industry, enterprise, and endpoint perspective. The identified 86% represent an increase from 2011, when non-Microsoft programs represented 78% of vulnerabilities discovered in the Top 50 most popular programs...."
http://www.net-security.org/secworld.php?id=14595