End-of-Shift report
Timeframe: Montag 16-09-2013 18:00 − Dienstag 17-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
ZeuS/ZBOT: Most Distributed Malware by Spam in August
In our 2Q Security Roundup, we noted the resurgence of online banking malware, in particular the increase of ZeuS/ZBOT variants during the quarter. While ZeuS/ZBOT has been around for some times, its prevalence shows that it is still a big threat to end users today. For the month of August, 23% of spam with malicious...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/7c3B-kxDrTA/
Dropbox Installation Hinders ASLR
The popular cloud storage service Dropbox is reportedly undercutting the efficacy of access space layout randomization (ASLR) by failing to enable that feature within the dynamic link libraries (DLLs) it injects into other applications.
http://threatpost.com/dropbox-installation-hinders-aslr/102304
Not So Fast on BEAST Attack Mitigations
The BEAST attacks, once thought mitigated, may again be viable because of weaknesses in RC4 rendering server-side mitigation moot, and Apples reluctance to enable a 1/1-n split client-side mitigation by default.
http://threatpost.com/not-so-fast-on-beast-attack-mitigations/102308
Mac OS X Security Configuration Guides
The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer. The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer.
https://ssl.apple.com/support/security/guides/
Google knows nearly every Wi-Fi password in the world
If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. ... Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldnt change it. I suspect that many Android users have never even seen the configuration option controlling this.
http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-fi-password-world
With XPs End of Life, Munich Will Distribute Ubuntu CDs
SmartAboutThings writes "Windows XP is going to officially die and stop receiving support from Microsoft in April, 2014. After that very moment, it is said to become a gold mine for hackers all over the world who will exploit zero-day vulnerabilities. The municipality of the German city of Munich wants to stop that from happening [and] has decided to distribute free CDs with Ubuntu 12.04 to users of the almost extinct XP. Munich, through its Gasteig Library, will prepare around 2000 CDs...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fH6x8koNgKU/story01.htm
A Random Diary, (Tue, Sep 17th)
The current discussion about breaking encryption algorithm has one common thread: random number generators. No matter the encryption algorithm, if your encryption keys are not random, the algorithm can be brute forced much easier then theoretically predicted based on the strength of the algorithm. All encryption algorithms depend on good random keys and generating good random numbers has long been a problem. In Unix systems for example, you will have two random devices: /dev/random and...
http://isc.sans.edu/diary.html?storyid=16592&rss
Mitsubishi MC-WorkX Suite Insecure ActiveX Control
ICS-CERT is aware of a public report of an insecure ActiveX Control vulnerability in the Mitsubishi MC-WorkX Suite - IcoLaunch.dll with proof-of-concept (PoC) exploit code affecting Mitsubishi MC-WorkX Suite, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the PoC allows crafting a Login Client button, which when clicked by the victim, can launch malicious code from a remote share...
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-259-01
Moodle external.php cross-site scripting
http://xforce.iss.net/xforce/xfdb/87148
Moodle null byte SQL injection
http://xforce.iss.net/xforce/xfdb/87149
[remote] - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
http://www.exploit-db.com/exploits/28334
[remote] - D-Link Devices UPnP SOAP Telnetd Command Execution
http://www.exploit-db.com/exploits/28333
IBM Tivoli Composite Application Manager for Transactions Java Multiple Vulnerabilities
https://secunia.com/advisories/54849