Tageszusammenfassung - Dienstag 30-04-2013

End-of-Shift report

Timeframe: Montag 29-04-2013 18:00 − Dienstag 30-04-2013 18:00 Handler: Stephan Richter

Yahoo! Browser for Android Address Bar Spoofing Weakness

Ruggedcom ROS Hard-Coded RSA SSL Private Key Update

OverviewThis Updated Advisory is a follow-up to the original advisory titled ICSA-12-354-01 RuggedCom ROS Hard-Coded RSA SSL Private Key that was published December 18, 2012, on the ICS-CERT Web page.Independent researcher Justin W. Clarke of Cylance Inc., has identified the use of hard-coded RSA SSL private key in RuggedCom's Rugged Operating System (ROS). RuggedCom, an independent subsidiary of Siemens, has produced a new version of the ROS that mitigates this vulnerability.

http://ics-cert.us-cert.gov/advisories/ICSA-12-354-01A

Admin beware: Attack hitting Apache websites is invisible to the naked eye

Newly discovered Linux/Cdorked evades detection by running in shared memory.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/MpO11h_pn5M/

Apache attack drives traffic to malware

Blackhole redirect served by modified daemon binary A security researcher is warning that an attack on the Apache Web server is increasingly showing up in the wild, and has published a free Python tool to check their configurations.

http://go.theregister.com/feed/www.theregister.co.uk/2013/04/30/apache_dcorked_blackhole_vulnerability/