End-of-Shift report
Timeframe: Mittwoch 22-05-2013 18:00 − Donnerstag 23-05-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
New Trojan steals short messages
May 22, 2013 Russian anti-virus company Doctor Web is warning users about a new Trojan for Android that can intercept inbound short messages and forward them to criminals. Android.Pincer.2.origin poses a serious threat because stolen messages can contain sensitive information such as mTAN codes which are used to confirm online banking transactions. The Trojan, discovered by Doctor Webs analysts several days ago, is a second representative of the Android.Pincer malware family. Like its...
http://news.drweb.com/show/?i=3549&lng=en&c=9
CODESYS–Gateway Use After Free
This advisory provides mitigation details for a vulnerability that impacts the 3S CODESYS Gateway application
http://ics-cert.us-cert.gov/advisories/ICSA-13-142-01
IBM Tivoli Monitoring cross-site scripting
IBM Tivoli Monitoring is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using Tivoli Enterprise Portal browser client to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
http://xforce.iss.net/xforce/xfdb/83328
Antwortbegrenzung
Angesichts zunehmender DNS-Attacken denkt das Denic an eine Begrenzung Antworten auf Domainanfragen.
http://www.heise.de/newsticker/meldung/DNS-Attacken-Denic-schliesst-das-Kappen-von-DNS-Antwortraten-nicht-aus-1867772.html
Apple QuickTime Multiple Vulnerabilities
Multiple vulnerabilities have been reported in Appe QuickTime, which can be exploited by malicious people to compromise a user's system.
https://secunia.com/advisories/53520
Flagallery-Skins plugin for WordPress gallery.php SQL injection
Flagallery-Skins plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the gallery.php script using the playlist parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
http://xforce.iss.net/xforce/xfdb/84445
Oracle Java ist verbreitetste Sicherheitslücke
Laut einer aktuellen Quartalsanalyse des Virenschutzherstellers Kaspersky stieg die Zahl der Bedrohungen über das Internet gegenüber dem Vorquartal um 1,5 Prozentpunkte. Den Spitzenplatz unter den Ländern, von denen Schadprogramme ausgehen, gab Russland wieder an die USA ab. Bei den Sicherheitslücken ist Oracle Java weiter führend.
http://futurezone.at/digitallife/16038-oracle-java-ist-verbreitetste-sicherheitsluecke.php?rss=fuzo
IT security vendors seen as clueless on industrial control systems
Even the most innocuous security processes used for traditional IT systems could spell disaster in an ICS
http://www.csoonline.com/article/733873/it-security-vendors-seen-as-clueless-on-industrial-control-systems?source=rss_application_security
Mac Spyware Bait: Lebenslauf für Praktitkum
As a follow up to yesterdays Kumar in the Mac post… have you received e-mail attachments such as this?Attachments: • Christmas_Card.app.zip • Content_for_Article.app.zip • Content_of_article_for_[NAME REMOVED].app.zip • Interview_Venue_and_Questions.zip • Lebenslauf_für_Praktitkum.zipIf so, you may be the target of a spear phishing campaign designed to install a spyware on your Mac.Heres a list of binaries signed by Apple Developer "Rajinder...
http://www.f-secure.com/weblog/archives/00002559.html