End-of-Shift report
Timeframe: Mittwoch 10-04-2013 18:00 − Donnerstag 11-04-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
Security Externalities and DDOS Attacks
Ed Felten has a really good blog post about the externalities that the recent Spamhaus DDOS attack exploited: The attackers goal was to flood Spamhaus or its network providers with Internet traffic, to overwhelm their capacity to handle incoming network packets. The main technical problem faced by a DoS attacker is how to amplify the attackers traffic-sending capacity, so that...
http://www.schneier.com/blog/archives/2013/04/security_extern.html
Ransomware: The cybercrime money machine of 2013
"Towards the end of last year, when the major security firms were compiling their customary run-downs of the biggest threats expected to emerge in 2013, ransomware figured prominently as an ominous one to watch. This breed of malicious software owes its name to the way in which it attacks a computer, quite literally holding it ransom by paralysing the device and demanding payment for it to be unlocked. By February this year, the experts prophecies began to be realised as a sophisticated...
http://www.itproportal.com/2013/04/10/ransomware-the-cybercrime-money-machine-of-2013/
Cisco ASA Multiple Bugs Let Remote Users Deny Service
Cisco ASA Multiple Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1028415
Summary for April 2013 - Version: 1.1
This bulletin summary lists security bulletins released for April 2013. With the release of the security bulletins for April 2013, this bulletin summary replaces the bulletin advance notification originally issued April 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
http://technet.microsoft.com/en-us/security/bulletin/ms13-apr
Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration
Cisco Prime Network Control System Default Credentials Let Remote Users Modify the Configuration
http://www.securitytracker.com/id/1028419
Adobe Security Bulletins Posted
Today, we released the following Security Bulletins: APSB13-10 Security update: Security Hotfix available for ColdFusion APSB13-11 Security updates available for Adobe Flash Player APSB13-12 Security update available for Adobe Shockwave Player Customers of the affected products should...
http://blogs.adobe.com/psirt/2013/04/adobe-security-bulletins-posted-5.html
Request Tracker 4.0.10 SQL Injection
Request Tracker 4.0.10 SQL Injection
Risk: Medium
RT: Request Tracker System
http://feedproxy.google.com/~r/securityalert_database/~3/_dNhCwOTOjA/WLB-2013040083
Industrial IT Security - Roadshow Frankfurt am Main | 18.06.2013
Eine Arbeitsgruppe im Bayerischen IT-Sicherheitscluster beschäftigt sich seit dem spektakulären Stuxnet-Angriff auf eine Urananreicherungsanlage im Iran im Jahr 2010 mit der Entwicklung von Produkten, Lösungen und Prozessen für die Produktionsebene. In Zusammenarbeit mit der Kompetenzgruppe Sicherheit des eco werden die Ergebnisse nun erstmal ausserhalb von Bayern vorgestellt.
http://www.eco.de/2013/veranstaltungen/industrial-it-security.html
Wordpress-Widget verbreitet Spam
Das Social-Media-Widget von Wordpress wurde als Spam-Schleuder genutzt. Im Januar wechselte der Entwickler, seitdem ist das Widget auffällig. Wordpress reagiert mit einem Bann. Das Plug-in sollte so schnell wie möglich deaktiviert werden.
http://www.heise.de/newsticker/meldung/Wordpress-Widget-verbreitet-Spam-1839368.html
Hijacking airplanes with an Android phone
An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, about the completely realistic scenario of plane hijacking via a simple Android app has galvanized the crowd attending the Hack In The Box Conference in Amsterdam today.
https://www.net-security.org/secworld.php?id=14733
Debian Security Advisory DSA-2659 libapache-mod-security
XML external entity processing vulnerability
http://www.debian.org/security/2013/dsa-2659
Podcast: Switch To IPV6 Demands A Security Re-Think
"Youre probably not aware of it, but a major transformation is taking place on the Internet. Weve exhausted the approximately 4. 3 billion available addresses for IPV4 Internet Protocol Version 4 the Internets lingua franca...."
http://securityledger.com/podcast-switch-to-ipv6-demands-a-security-re-think/
A dozen tools for removing almost any malware
Here's a typical scenario for a veteran computer user. Having established best-security practices on your PC, you've been free of malware infections for a long time.
https://windowssecrets.com/top-story/a-dozen-tools-for-removing-almost-any-malware/
Blog: The Winnti honeypot - luring intruders
During our research on the Winnti group we discovered a considerable amount of Winnti samples targeting different gaming companies. Using this sophisticated malicious program cybercriminals gained remote access to infected workstations and then carried out further activity manually.
http://www.securelist.com/en/blog/851/The_Winnti_honeypot_luring_intruders