End-of-Shift report
Timeframe: Dienstag 30-04-2013 18:00 − Donnerstag 02-05-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Robert Waldner
Shamoon/DistTrack Malware (Update A)
OverviewW32.DistTrack, also known as "Shamoon," is an information-stealing malware that also includes a destructive module. Shamoon renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable. Based on initial reporting and analysis of the malware, no evidence exists that Shamoon specifically targets industrial control systems (ICSs) components or U.S.
http://ics-cert.us-cert.gov/jsar/JSAR-12-241-01A
More Malware Showing Up on Fake SourceForge Web Sites
Malware developers continue to clone SourceForge Web sites that appear to offer the source code for popular gaming software but are actually peddling malicious code tied to the ZeroAccess Trojan. Julien Sobrier, a security researcher for San Jose-based cloud security provider Zscaler, on Tuesday outlined several more malicious versions of the popular file-sharing sites, some [...]
http://threatpost.com/more-malware-showing-up-on-fake-sourceforge-web-sites/
[webapps] - D-Link IP Cameras Multiple Vulnerabilities
D-Link IP Cameras Multiple Vulnerabilities
http://www.exploit-db.com/exploits/25138
DSA-2665 strongswan
authentication bypass
http://www.debian.org/security/2013/dsa-2665
MediaWiki 1.20.5 and 1.19.6 Multiple Vulns
Topic: MediaWiki 1.20.5 and 1.19.6 Multiple Vulns Risk: Medium Text:I would like to announce the release of MediaWiki 1.20.5 and 1.19.6. These releases fix 2 security related issues that could a...
http://feedproxy.google.com/~r/securityalert_database/~3/-pvFzkoA-H4/WLB-2013050008
FortiClient VPN Client Discloses Password to Remote Users in Certain Cases
FortiClient VPN Client Discloses Password to Remote Users in Certain Cases
http://www.securitytracker.com/id/1028501
Java applets run wild inside Notes
Full compromise possible Attackers with a desire to rummage around inside the PCs of Notes users can do so merely by sending HTML emails containing a Java applet or JavaScript, IBM has admitted in a security advisory.…
http://go.theregister.com/feed/www.theregister.co.uk/2013/05/02/java_runs_in_note_email/
Kritische Schwachstelle in hunderten Industrieanlagen
heise Security hat etliche deutsche Industrieanlagen entdeckt, die leichtsinnig mit dem Internet verbunden sind. Doch damit nicht genug: Durch eine Schwachstelle kann quasi jeder die Kontrolle über Heizkraftwerke, Rechenzentren oder Brauereien übernehmen.
http://www.heise.de/security/meldung/Kritische-Schwachstelle-in-hunderten-Industrieanlagen-1854385.html
Niederlande: Gesetzentwurf über Entschlüsselungsbefehl
Verdächtige sollen gezwungen werden können, das Passwort für verschlüsselte Datenträger herauszugeben. Begründung: Die Festplattenverschlüsselung Truecrypt werde regelmäßig zur Verschleierung von Kinderporno-Besitz genutzt.
http://www.heise.de/security/meldung/Niederlande-Gesetzentwurf-ueber-Entschluesselungsbefehl-1854652.html
Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform
Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform
https://secunia.com/advisories/53208
Malicious PDFs On The Rise
Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability. While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for Adobe Reader (CVE-2013-0640) that was made infamous by the “MiniDuke” campaign. The malware dropped by these malicious PDFs is not associated with MiniDuke, but it is
http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-pdfs-on-the-rise/