Tageszusammenfassung - Mittwoch 10-07-2013

End-of-Shift report

Timeframe: Dienstag 09-07-2013 18:00 − Mittwoch 10-07-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a

Google patches critical Android threat as working exploit is unleashed

Bug allows hackers to surreptitiously turn some legit apps into malicious ones.

http://arstechnica.com/security/2013/07/google-patches-critical-android-threat-as-working-exploit-is-unleashed/


Summary for July 2013 - Version: 1.1

This bulletin summary lists security bulletins released for July 2013. With the release of the security bulletins for July 2013, this bulletin summary replaces the bulletin advance notification originally issued July 4, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

http://technet.microsoft.com/en-us/security/bulletin/ms13-jul


Adobe Security Bulletins Posted

APSB13-17 Security updates available for Adobe Flash Player APSB13-18 Security update available for Adobe Shockwave APSB13-19 Security update: Security Hotfixes available for ColdFusion

http://blogs.adobe.com/psirt/2013/07/adobe-security-bulletins-posted-8.html


Who's Behind The Styx-Crypt Exploit Pack?

Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, Ill be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service.

https://krebsonsecurity.com/2013/07/whos-behind-the-styx-crypt-exploit-pack


Joomla Attachments Shell Upload

Topic: Joomla Attachments Shell Upload Risk: High Text: # Exploit Title: Joomla Com_Attachments Component Arbitrary File Upload Vulnerability # Google Dork: inurl:...

http://cxsecurity.com/issue/WLB-2013070068


Cybercriminals spamvertise tens of thousands of fake 'Your Booking Reservation at Westminster Hotel' themed emails, serve malware

By Dancho Danchev Cybercriminals are currently mass mailing tens of thousands of fake emails impersonating the Westminster Hotel, in an attempt to trick users into thinking that they've received a legitimate booking confirmation. In reality through, once the socially engineered users execute the malicious attachments, their PCs automatically join the botnet operated by the cybercriminals behind the ..

http://blog.webroot.com/2013/07/10/cybercriminals-spamvertise-tens-of-thousands-of-fake-your-booking-reservation-at-westminster-hotel-themed-emails-serve-malware


Priyanka yanks your WhatsApp contact chain on Android mobes

If that really is your name, nobody wants to know you right now A worm spreading through the popular WhatsApp messenging platform across Android devices is likely to cause plenty of confusion, even though it doesnt cause much harm.

http://go.theregister.com/feed/www.theregister.co.uk/2013/07/10/priyanka_whatsapp_worm/


Study: Bug bounty programs provide strong value for vendors

A study of Googles and Mozillas browser bug programs shows it is money well spent

http://www.csoonline.com/article/736127/study-bug-bounty-programs-provide-strong-value-for-vendors?source=rss_application_security


Datenklau am Automaten: Millionenschaden trotz Milliardeninvestition

Im Kampf gegen Datendiebe investieren Banken in bessere Technik. Ganz abhalten lassen sich Kriminelle dadurch nicht: Noch immer k�nnen sie in vielen Staaten mit Daten deutscher Bankkunden an Geld kommen.

http://www.heise.de/security/meldung/Datenklau-am-Automaten-Millionenschaden-trotz-Milliardeninvestition-1914796.html


Scanner warnt vor Android-Lücke

Eine kostenlose App soll zeigen, ob ein Android-Gerät von der kürzlich entdeckten Lücke in der Code-Signierungstechnik des Betriebssystems betroffen ist. Die Software stammt von der Firma, die auch den Fehler entdeckt hat.

http://www.heise.de/security/meldung/Scanner-warnt-vor-Android-Luecke-1914686.html


Blog: Security policies: misuse of resources

According to surveys conducted in Europe and the United States, company employees spend up to 30% of their working hours on private affairs. By multiplying the hours spent on non-business-related things by the average cost of the working hour, the analysts estimate the costs to companies amounting to millions of dollars a year.

http://www.securelist.com/en/blog/8109/Security_policies_misuse_of_resources


Vuln: VLC Media Player CVE-2013-3245 Remote Integer Overflow Vulnerability

VLC Media Player CVE-2013-3245 Remote Integer Overflow Vulnerability

http://www.securityfocus.com/bid/61032


Advanced User Tagging vBulletin Stored XSS Vulnerability

Topic: Advanced User Tagging vBulletin Stored XSS Vulnerability Risk: Low Text: # # Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability # Google Dork: ...

http://cxsecurity.com/issue/WLB-2013070077


Preparing For Possible Future Crypto Attacks

Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure Security researchers and hackers have always been good at borrowing ideas, refining them, and applying them to create practical attacks out of theoretical results.

http://www.darkreading.com/vulnerability/preparing-for-possible-crypto-attacks-of/240158000