End-of-Shift report
Timeframe: Donnerstag 17-10-2013 18:00 − Freitag 18-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
You´re infected - if you want to see your data again, pay us $300 in Bitcoins
Ransomware comes of age with unbreakable crypto, anonymous payments.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/VLDxuwIP36Q/story01.htm
DNS-Experten diskutieren Risiken neuer Angriffsszenarien
Forscher beschreiben Angriffsszenarien auf das Domain Name System, bei dem die Fragmentierung von IP-Paketen ausgenutzt wird.
http://www.heise.de/security/meldung/DNS-Experten-diskutieren-Risiken-neuer-Angriffsszenarien-1981443.html
Kankan - eine chinesische Trojaner-Geschichte
Die Analysten von Eset haben eine mysteriöse Geschichte über einen Trojaner zusammengetragen, der vor allem in China Verbreitung fand. Die Bestandteile: infizierte PCs und Smartphones, ein reumütiger Software-Hersteller und mehrere offene Rätsel.
http://www.heise.de/security/meldung/Kankan-eine-chinesische-Trojaner-Geschichte-1981463.html
Got a mobile phone? Then youve got a Trojan problem too
This time it´s personal Something wonderful has happened: phones have got smart, but the bad news is they may open the door to those you don´t want to let in.
http://www.theregister.co.uk/2013/10/18/feature_mobile_security_malware/
VMware Release Multiple Security Updates
VMware released the following security updates. The first one is VMSA-2013-0012 which address multiple vulnerabilities in vCenter Server, vSphere Update Manager, ESXi and ESX. The second is VMSA-2013-0006.1 which address multiple vulnerabilities in vCenter Server Appliances and vCenter Server running on Windows. The last is VMSA-2013-0009.1 which address multiple vulnerabilities in vCenter Server, ESX and ESXi that updates third party libraries.
http://isc.sans.edu/diary.html?storyid=16847&rss
Fiendish CryptoLocker ransomware: Whatever you do, dont PAY
Create remote backups before infection, advise infosec bods Vid A fiendishly nasty strain of Windows malware that uses advanced encryption to lock up user files before demanding a ransom is doing the rounds.
http://www.theregister.co.uk/2013/10/18/cryptolocker_ransmware/
Sybase Adaptive Server Enterprise XML injection
http://xforce.iss.net/xforce/xfdb/88105
cPanel CloudFlare Plugin Unspecified Privilege Escalation Vulnerability
https://secunia.com/advisories/55273
osCommerce Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks to Create New Admin Accounts
http://www.securitytracker.com/id/1029189
Level One Enterprise Access Points Password Disclosure
http://cxsecurity.com/issue/WLB-2013100123
Bugtraq: CSRF vulnerability in LinkedIn
http://www.securityfocus.com/archive/1/529270
Summary for October 2013 - Version: 1.1
http://technet.microsoft.com/en-za/security/bulletin/ms13-oct