End-of-Shift report
Timeframe: Donnerstag 19-09-2013 18:00 − Freitag 20-09-2013 18:00
Handler: Robert Waldner
Co-Handler: Matthias Fraidl
Can Companies Fight Against Targeted Attacks?
There are various reasons why targeted attacks can happen to almost any company. One of the biggest reasons is theft of a company's proprietary information. There are many types of confidential data that could be valuable. Intellectual property is often the first thing that comes to mind.
http://blog.trendmicro.com/trendlabs-security-intelligence/can-companies-fight-against-targeted-attacks/
Apple's iOS 7 Update Fixes 80 Security Bugs
Yesterdays iOS 7 update brought a slew of bug fixes, 80 in total, to Apple devices.
http://threatpost.com/apples-ios-7-update-fixes-80-security-bugs/102356
Vertexnet Botnet Hides Behind AutoIt
Recently we found some new malware samples using AutoIt to hide themselves. On further analysis we found that those sample belong to the Vertexnet botnet. They use multiple layers of obfuscation; once decoded, they connect to a control server to accept commands and transfer stolen data. This sample is packed using a custom packer.
http://blogs.mcafee.com/mcafee-labs/vertexnet-botnet-hides-behind-autoit
Experts Worry About Long-Term Implications of NSA Revelations
With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA's collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what they can trust anymore.
http://threatpost.com/experts-worry-about-long-term-implications-of-nsa-revelations/102355
Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact
Sophos UTM Unspecified WebAdmin Flaw Has Unspecified Impact
http://www.securitytracker.com/id/1029039
Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service
Cisco Intrusion Prevention System Authentication Manager Process Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029057
Massive Sicherheitslücke in iOS 7 entdeckt
Trotz Bildschirmsperre kann auf iPhones und iPads mit iOS 7 auf Fotos und dadurch auch auf Kontakte oder Twitter zugegriffen werden. Ausgangspunkt dafür ist das neue Control Center.
http://futurezone.at/produkte/apple-massive-sicherheitsluecke-in-ios-7-entdeckt/27.565.975
Western Digital Arkeia Remote Code Execution
Western Digital Arkeia Remote Code Execution
http://cxsecurity.com/issue/WLB-2013090143
HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
HP ArcSight Enterprise Security Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029069
Sicherheitsunternehmen warnt vor NSA-Algorithmus
Zufallsgenerator Dual EC DRBG in BSAFE und Data Protection Manager als Standard eingerichtet
http://derstandard.at/1379291450962
FTC-Beschwerde: TrendNets IP-Kameras sind nicht sicher
Die US-Handelskommission hat TrendNets zu umfangreichen Maßnahmen verpflichtet, um die Netzwerkkameras abzusichern. Auslöser war eine 2012 aufgedeckte Schwachstelle, durch die Unbefugte auf die Live-Streams hunderter TrendNet-Kunden zugreifen konnten.
http://www.heise.de/newsticker/meldung/FTC-Beschwerde-TrendNets-IP-Kameras-sind-nicht-sicher-1961474.html
The Small Biz 5 Step Plan to Security Breach Recovery
Why do Internet criminals favor small and medium sized businesses? One reason is because many are suppliers and partners of large corporate entities offering a convenient pathway to these partners' networks. Although most SMBs will not experience a security breach, many will. So, how can your business recover following a hacking incident?
http://www.business2community.com/small-business/small-biz-5-step-plan-security-breach-recovery-0621838
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
http://www.exploit-db.com/exploits/28408
Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges
Cisco AnyConnect Secure Mobility Client Directory Access Permissions Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029063
HP IceWall Multiple Products Multiple Vulnerabilities
HP IceWall Multiple Products Multiple Vulnerabilities
https://secunia.com/advisories/54930
Now Registering for Classes at Cybercrime U #INTH3WILD
As summer comes to a close, students all over the world are heading back to the classroom even in the cyber underground. Over the last few weeks, RSA has observed a spike in the availability of cybercrime courses, lessons, counseling and tutoring that are being offered to help fraudsters achieve their career goals.
https://blogs.rsa.com/now-registering-classes-cybercrime-u/
Yet another `malware-infected hosts as anonymization stepping stones` service offering access to hundreds of compromised hosts spotted in the wild
The general availability of DIY malware generating tools continues to contribute to the growth of the `malware-infected hosts as anonymization stepping stones` Socks4/Socks5/HTTP type of services, with new market entrants entering this largely commoditized market segment on a daily basis. Thanks to the virtually non-attributable campaigns that could be launched through the use of malware-infected hosts, ...
http://www.webroot.com/blog/2013/09/20/yet-another-malware-infected-hosts-anonymization-stepping-stones-service-offering-access-hundreds-compromised-hosts-spotted-wild/
Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability
Cisco AnyConnect VPN Client Secure Mobility Client Mac OS X Privilege Escalation Vulnerability
https://secunia.com/advisories/54929