End-of-Shift report
Timeframe: Dienstag 01-10-2013 18:00 − Mittwoch 02-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
CSAM! Send us your logs!, (Tue, Oct 1st)
Today is the beginning of Cyber Security Awareness Month. Apparently the months official theme is "Our Shared Responsibility," We at the SANS Internet Storm Center want your logs! Send us packets, malware, all your logs, log snippets, observations, things that go bump on the net, things that make you go HMMMM, or just send us email to discuss InfoSec. What can we do as individuals to increase information security and encourage secure practices among co-workers, friends, and family?
http://isc.sans.edu/diary.html?storyid=16691&rss
Apple Spikes As Phishing Target
According to news stories, Apple is now the most valuable brand in the world. One party that would agree: cybercriminals, who are now targeting Cupertino in increasing numbers. Earlier in the year, the number of identified Apple phishing sites would only be in the hundreds per month, as seen in the chart below: Figure 1. […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroApple Spikes As Phishing Target
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/rwX5MEZpPOs/
VLC Media Player Buffer Overflow in MP4A Packetizer Lets Remote Users Execute Arbitrary Code
A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow in the mp4a packetizer and execute arbitrary code on the target system. The code will run with the privileges of the target user.
http://www.securitytracker.com/id/1029120
"microsoft support" calls - now with ransomware, (Wed, Oct 2nd)
Most of us are familiar with the "microsoft support" call. A phone call is received, the person states they are from "microsoft support" and they have been alerted that your machine is infected. The person will assist you by having you install a remote desktop tool such as teamviewer or similar (we have seen many different versions). Previously they would install software that would bug you until you paid the "subscription fee". As the father of a friend found
http://isc.sans.edu/diary.html?storyid=16703&rss
Bugtraq: Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
in <..> I showed a elaborated way for privilege elevation using IExpress (and other self-extracting) installers containing *.MSI or *.MSP which works "in certain situations".
The same IExpress installer(s) but allow a TRIVIAL to exploit privilege escalation which works in all situations too:
Proof of concept (run on a fully patched Windows 7 SP1):
http://www.securityfocus.com/archive/1/528955
Gate: LG teilt Smartphones in zwei Hälften
Auch LG versucht, dem Thema BYOD den Schrecken zu nehmen. Gate splittet das Smartphone hierzu in zwei Bereiche: einen für Berufliches, einen für Privates.
http://www.heise.de/newsticker/meldung/Gate-LG-teilt-Smartphones-in-zwei-Haelften-1971390.html
Zero-Day-Lücke im Internet Explorer im Visier von Cyberkriminellen
Integration ins Metasploit-Framework erlaubt einfache Ausnutzung
http://derstandard.at/1379292812878
Zero Days Are Not the Bugs You’re Looking For
BERLIN–The technology industry often is used by politicians, executives and others as an example of how to adapt quickly and shift gears in the face of disruptive changes. But the security community has been doing defense in basically the same way for several decades now, despite the fact that the threat landscape has changed dramatically, […]
http://threatpost.com/zero-days-are-not-the-bugs-youre-looking-for/102481
PolarSSL RSA Private Key Recovery Weakness
A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose certain sensitive information.
...
The weakness is reported in versions prior to 1.2.9 and 1.3.0.
https://secunia.com/advisories/55084
Siemens Scalance X-200 Series Switches Authentication Security Bypass Vulnerability
A vulnerability has been reported in Siemens Scalance X-200 Series Switches, which can be exploited by malicious people to bypass certain security restrictions.
...
The vulnerability is reported in the following products and versions:
* SCALANCE X-200 versions prior to 4.5.0.
https://secunia.com/advisories/55126
A History of Hard Conditions: Exploiting Linksys CVE-2013-3568
Earlier this summer Craig Young posted on Bugtraq about a root command injection vulnerability on the Linksys WRT110 router.
...
Our awesome Joe Vennix figured out the vulnerability and how to exploit it to get a session, even on a restricted Linux environment like the Linksys one. Since the experience can be useful for others exploiting embedded devices, here it is!
https://community.rapid7.com/community/metasploit/blog/2013/10/02/a-history-about-hard-conditions
Researchers Ponder When to Notify Users of Public Vulnerability Exploits
BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point. However, the question of […]
http://threatpost.com/researchers-ponder-when-to-notify-users-of-public-vulnerability-exploits/102487
ZeroAccess: The Most Profitable Botnet
In March of this year, researchers on Symantecs Security Response team began looking at ways in which they might be able to "sinkhole" (takedown) ZeroAcess — one of the worlds largest botnets. But then… in late June, the botnet started updating itself, removing the flaw that the researchers hoped to take advantage of. Faced with the choice of some or nothing, the team moved to sinkhole what they could. And that was over 500,000 bots.A very commendable effort!Ross Gibb and
http://www.f-secure.com/weblog/archives/00002614.html