Tageszusammenfassung - Freitag 27-09-2013

End-of-Shift report

Timeframe: Donnerstag 26-09-2013 18:00 − Freitag 27-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a

Time For a Change in Security Thinking, Experts Say

WASHINGTON Security, like a lot of other things, tends to go in phases. A new attack technique is developed, vendors respond with a new defensive technology and then attackers find a way to defeat it. It has always been that way. And right now, things seem to be in one of those periodic down cycles ..

http://threatpost.com/time-for-a-change-in-security-thinking-experts-say/102430


Malware Now Hiding In Graphics Cards

mask.of.sanity writes "Researchers are closing in on a means to detect previously undetectable stealthy malware that resides in peripherals like graphics and network cards. The malware was developed by the same researchers and targeted host runtime memory using direct memory access provided to hardware devices. They said the malware was a highly critical threat to system security and integrity and could not be detected by any operating system." Read more of this story at Slashdot.

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/OU6tbGV5rt4/story01.htm


qemu host crash from within guest

Topic: qemu host crash from within guest Risk: Medium Text:A dangling pointer access flaw was found in the way qemu handled hot-unplugging virtio devices. This flaw was introduced by v...

http://cxsecurity.com/issue/WLB-2013090186


Ask Slashdot: Has Gmails SSL Certificate Changed, How Would We Know?

An anonymous reader writes "Recent reports from around the net suggest that SSL certificate chain for gmail has either changed this week, or has been widely compromised. Even less-than-obvious places to look for information, such as Googles Online Security Blog, are silent. The problem isnt specific to gmail, of course, which leads me to ask: What is the canonically-accepted out-of-band means by which a new SSL certificates fingerprint may be communicated and/or verified by end

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ElNnRuzfXzs/story01.htm


iOS 7.0.2 behebt kritische Sicherheitslücke

Über einen Trick konnten Fotos und Kontakte ohne Eingabe des Codes zum Entsperren des Displays eingesehen weredn

http://derstandard.at/1379292252272


Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files

Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files

http://www.securitytracker.com/id/1029102


DIY commercial CAPTCHA-solving automatic email account registration tool available on the underground market since 2008

With low-waged employees of unethical 'data entry' companies having already set the foundations for an efficient and systematic abuse of all the major Web properties, it shouldn't be surprising that new market segments quickly emerged to capitalize on the business opportunities offered by the (commercialized) demise of CAPTCHA as an additional human/bot differentiation technique. One of these market segments is supplying automatic (email) account registration services to

http://feedproxy.google.com/~r/WebrootThreatBlog/~3/fT-TzsuZluo/


New TDL Dropper Variants Exploit CVE-2013-3660

Recently, we been seeing a new breed of TDL variants going around. These variants look to be clones of the notorious TDL4 malware reported by Bitdefender Labs.The new TDL dropper variants we saw (SHA1: abf99c02caa7bba786aecb18b314eac04373dc97) were caught on the client machine by DeepGuard, our HIPS technology (click the image below to embiggen). From the detection name, we can see that the variants are distributed by some exploit kits.Last year, ESET mentioned a TDL4 variant (some AV vendors

http://www.f-secure.com/weblog/archives/00002612.html


EMC VPLEX Lets Local Users Obtain the LDAP/AD Password

Impact: A local user can obtain the LDAP/AD bind password. Solution: The vendor has issued a fix (GeoSynchrony 5.2 SP1).

http://www.securitytracker.com/id/1029105


ARP Spoofing And Lateral Movement

In targeted attacks, during the lateral movement stage attacks try to gain access to other computers on the same local area network (LAN). One useful tool to achieve this is ARP spoofing, which can be used to carry out a variety of attacks to steal information as well as plant backdoors on other machines.

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v1ZdDzc-S68/


WordPress-Blogs für DDoS-Attacken missbraucht

Im April rüttelten Angreifer per Brute-Force-Attacke an Tausenden WordPress-Webseiten. Die Angreifer hatten wohl ein Langzeitziel im Auge. Jetzt wurden rund 550 WordPress-Blogs für eine DDoS-Attacke genutzt.

http://www.heise.de/newsticker/meldung/WordPress-Blogs-fuer-DDoS-Attacken-missbraucht-1968357.html


Zehn Internet-Fallen, die Sie kennen sollten!

Es gibt immer wieder neue Tricks, mit denen Internet-Nutzer von Cyber-Kriminellen in die Falle gelockt werden. Wir zeigen Ihnen, wovor Sie sich beim Surfen in Acht nehmen sollten.

http://web.de/magazine/digitale-welt/sicher-im-netz/17753226-internet-fallen-kennen.html


BSI Sicherheitskompass: Zehn Regeln für mehr Sicherheit im Netz

Mit zehn Faustregeln wollen das BSI und die Polizeien der Länder für mehr Sicherheit im Netz sorgen. Anlass ist der europäische Cybersicherheitsmonat im Oktober. Das Konzept des National Cyber Security Awareness Month stammt aus den USA.

http://www.heise.de/newsticker/meldung/BSI-Sicherheitskompass-Zehn-Regeln-fuer-mehr-Sicherheit-im-Netz-1968203.html


Security Bulletin: WebSphere DataPower XC10 Appliance vulnerability for administrative access to code and data (CVE-2013-5403)

A security vulnerability in the WebSphere DataPower XC10 Appliance might allow unauthenticated access to administrative operations and data. CVE(s): CVE-2013-1571 Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance version 2.0 WebSphere DataPower XC10 Appliance version 2.1 WebSphere DataPower XC10 Appliance version 2.5

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_websphere_datapower_xc10_appliance_vulnerability_for_administrative_access_to_code_and_data_cve_2013_5403?lang=en_us


Attackers can slip malicious code into many Android apps via open Wi-Fi

Connect hijacking could put users at risk of data theft, SMS abuse, and more.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/XKc0_9zgluU/story01.htm


LinkedIn Patches Multiple XSS Vulnerabilities

LinkedIn was susceptible to four reflected cross site scripting (XSS) vulnerabilities before issuing a fix for those flaws over the summer.

http://threatpost.com/linkedin-patches-multiple-xss-vulnerabilities/102443