Tageszusammenfassung - Donnerstag 27-06-2013

End-of-Shift report

Timeframe: Mittwoch 26-06-2013 18:00 − Donnerstag 27-06-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a

Windows 8.1: Defender mit Verhaltenserkennung

Mit dem kommenden Windows-Upgrade rüstet Microsoft zahlreiche Security-Features nach. Einige sind längst überfällig, andere innovativ. Auf der TechEd Europe ging das Unternehmen ins Detail.

http://www.heise.de/security/meldung/Windows-8-1-Defender-mit-Verhaltenserkennung-1897348.html


Styx Exploit Kit Takes Advantage of Vulnerabilities

Web-based malware has increased over the last few years due to an abrupt spike in new exploit kits. These kits target vulnerabilities in popular applications and provide an effective way for cybercriminals to distribute malware. We have already discussed Red Kit, a common exploit kit. Recently McAfee Labs has observed an increase in the prevalence Read more...

http://blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vulnerabilities


Attackers sign malware using crypto certificate stolen from Opera Software

A "few thousand" users may have automatically installed malware signed by expired cert.

http://arstechnica.com/security/2013/06/attackers-sign-malware-using-crypto-certificate-stolen-from-opera-software/


Gezielter Phishing-Angriff auf Eset-Kunden

Kunden des Antiviren-Software-Herstellers Eset erhalten momentan sehr gut gemachte Phishing-Mails, mit denen Kreditkartendaten geklaut werden sollen.

http://www.heise.de/security/meldung/Gezielter-Phishing-Angriff-auf-Eset-Kunden-1897681.html


Analysis: Redirects in Spam

We will look at the most popular spammer tricks that use redirects and the most widely used types of redirect.

http://www.securelist.com/en/analysis/204792295/Redirects_in_Spam


Top 5 Fake Security Rogues of 2013

By Tyler Moffitt We see users on the internet getting infected with Rogue Security Malware all the time. In fact, it's one of the most common and obvious type of infections we see. The Rogues lock-down your computer and prevent you from opening any applications so you're forced to read their scam.

http://blog.webroot.com/2013/06/27/top-5-fake-security-rogues-of-2013/


Magnolia CMS multiple security bypass

Magnolia CMS could allow a remote attacker to bypass security restrictions, caused by improper verification of access permissions. An attacker could exploit this vulnerability by accessing and executing multiple administrative functionalities to bypass security and gain unauthorized access to the vulnerable application.

http://xforce.iss.net/xforce/xfdb/85252


Drupal 7.x Fast Permissions Administration Access bypass

The Fast Permissions Administration module enables you to use inline filters on the permissions page, as well as loading the permissions form through a modal dialog. The module doesn't sufficiently check user access for the modal content callback, allowing unauthorized access to the permissions edit form.

http://cxsecurity.com/issue/WLB-2013060226


Bugtraq: HP-UX Running HP Secure Shell, Remote Denial of Service (DoS)

Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team

http://www.securityfocus.com/archive/1/526986


Multiple Vulnerabilities in Cisco Web Security Appliance

Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities: - Two authenticated command injection vulnerabilities - Management GUI Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa