End-of-Shift report
Timeframe: Donnerstag 26-09-2013 18:00 − Freitag 27-09-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
Time For a Change in Security Thinking, Experts Say
WASHINGTON Security, like a lot of other things, tends to go in phases. A new attack technique is developed, vendors respond with a new defensive technology and then attackers find a way to defeat it. It has always been that way. And right now, things seem to be in one of those periodic down cycles ..
http://threatpost.com/time-for-a-change-in-security-thinking-experts-say/102430
Malware Now Hiding In Graphics Cards
mask.of.sanity writes "Researchers are closing in on a means to detect previously undetectable stealthy malware that resides in peripherals like graphics and network cards. The malware was developed by the same researchers and targeted host runtime memory using direct memory access provided to hardware devices. They said the malware was a highly critical threat to system security and integrity and could not be detected by any operating system." Read more of this story at Slashdot.
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/OU6tbGV5rt4/story01.htm
qemu host crash from within guest
Topic: qemu host crash from within guest Risk: Medium Text:A dangling pointer access flaw was found in the way qemu handled hot-unplugging virtio devices. This flaw was introduced by v...
http://cxsecurity.com/issue/WLB-2013090186
Ask Slashdot: Has Gmails SSL Certificate Changed, How Would We Know?
An anonymous reader writes "Recent reports from around the net suggest that SSL certificate chain for gmail has either changed this week, or has been widely compromised. Even less-than-obvious places to look for information, such as Googles Online Security Blog, are silent. The problem isnt specific to gmail, of course, which leads me to ask: What is the canonically-accepted out-of-band means by which a new SSL certificates fingerprint may be communicated and/or verified by end
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ElNnRuzfXzs/story01.htm
iOS 7.0.2 behebt kritische Sicherheitslücke
Über einen Trick konnten Fotos und Kontakte ohne Eingabe des Codes zum Entsperren des Displays eingesehen weredn
http://derstandard.at/1379292252272
Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files
Cisco Unified Computing System Hardcoded FTP Account Lets Remote Users View and Modify Files
http://www.securitytracker.com/id/1029102
DIY commercial CAPTCHA-solving automatic email account registration tool available on the underground market since 2008
With low-waged employees of unethical 'data entry' companies having already set the foundations for an efficient and systematic abuse of all the major Web properties, it shouldn't be surprising that new market segments quickly emerged to capitalize on the business opportunities offered by the (commercialized) demise of CAPTCHA as an additional human/bot differentiation technique. One of these market segments is supplying automatic (email) account registration services to
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/fT-TzsuZluo/
New TDL Dropper Variants Exploit CVE-2013-3660
Recently, we been seeing a new breed of TDL variants going around. These variants look to be clones of the notorious TDL4 malware reported by Bitdefender Labs.The new TDL dropper variants we saw (SHA1: abf99c02caa7bba786aecb18b314eac04373dc97) were caught on the client machine by DeepGuard, our HIPS technology (click the image below to embiggen). From the detection name, we can see that the variants are distributed by some exploit kits.Last year, ESET mentioned a TDL4 variant (some AV vendors
http://www.f-secure.com/weblog/archives/00002612.html
EMC VPLEX Lets Local Users Obtain the LDAP/AD Password
Impact: A local user can obtain the LDAP/AD bind password.
Solution: The vendor has issued a fix (GeoSynchrony 5.2 SP1).
http://www.securitytracker.com/id/1029105
ARP Spoofing And Lateral Movement
In targeted attacks, during the lateral movement stage attacks try to gain access to other computers on the same local area network (LAN). One useful tool to achieve this is ARP spoofing, which can be used to carry out a variety of attacks to steal information as well as plant backdoors on other machines.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v1ZdDzc-S68/
WordPress-Blogs für DDoS-Attacken missbraucht
Im April rüttelten Angreifer per Brute-Force-Attacke an Tausenden WordPress-Webseiten. Die Angreifer hatten wohl ein Langzeitziel im Auge. Jetzt wurden rund 550 WordPress-Blogs für eine DDoS-Attacke genutzt.
http://www.heise.de/newsticker/meldung/WordPress-Blogs-fuer-DDoS-Attacken-missbraucht-1968357.html
Zehn Internet-Fallen, die Sie kennen sollten!
Es gibt immer wieder neue Tricks, mit denen Internet-Nutzer von Cyber-Kriminellen in die Falle gelockt werden. Wir zeigen Ihnen, wovor Sie sich beim Surfen in Acht nehmen sollten.
http://web.de/magazine/digitale-welt/sicher-im-netz/17753226-internet-fallen-kennen.html
BSI Sicherheitskompass: Zehn Regeln für mehr Sicherheit im Netz
Mit zehn Faustregeln wollen das BSI und die Polizeien der Länder für mehr Sicherheit im Netz sorgen. Anlass ist der europäische Cybersicherheitsmonat im Oktober. Das Konzept des National Cyber Security Awareness Month stammt aus den USA.
http://www.heise.de/newsticker/meldung/BSI-Sicherheitskompass-Zehn-Regeln-fuer-mehr-Sicherheit-im-Netz-1968203.html
Security Bulletin: WebSphere DataPower XC10 Appliance vulnerability for administrative access to code and data (CVE-2013-5403)
A security vulnerability in the WebSphere DataPower XC10 Appliance might allow unauthenticated access to administrative operations and data.
CVE(s): CVE-2013-1571
Affected product(s) and affected version(s): WebSphere DataPower XC10 Appliance version 2.0 WebSphere DataPower XC10 Appliance version 2.1 WebSphere DataPower XC10 Appliance version 2.5
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_websphere_datapower_xc10_appliance_vulnerability_for_administrative_access_to_code_and_data_cve_2013_5403?lang=en_us
Attackers can slip malicious code into many Android apps via open Wi-Fi
Connect hijacking could put users at risk of data theft, SMS abuse, and more.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/XKc0_9zgluU/story01.htm
LinkedIn Patches Multiple XSS Vulnerabilities
LinkedIn was susceptible to four reflected cross site scripting (XSS) vulnerabilities before issuing a fix for those flaws over the summer.
http://threatpost.com/linkedin-patches-multiple-xss-vulnerabilities/102443