End-of-Shift report
Timeframe: Montag 21-10-2013 18:00 − Dienstag 22-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Fake Dropbox Password Reset Spam Leads to Malware
A new spam campaign has been circulating over the last few weeks in hopes of duping users of the popular cloud storage service Dropbox. The e-mails purport to come from the service but instead lead those who click through to a malware landing page.
http://threatpost.com/fake-dropbox-password-reset-spam-leads-to-malware/102635
New DIY compromised hosts/proxies syndicating tool spotted in the wild
Compromised, hacked hosts and PCs are a commodity in underground markets today. More cybercriminals are populating the market segment with services tailored to fellow cybercriminals looking for access to freshly compromised PCs to be later abused in a variety of fraudulent/malicious ways, all the while taking advantage of their clean IP reputation. Naturally, once the commoditization took place, cybercriminals quickly realized that the supply of such hosts also shaped several different market...
http://www.webroot.com/blog/2013/10/21/new-diy-compromised-hostsproxies-syndicating-tool-spotted-wild/
Cryptolocker Update, Request for Info, (Tue, Oct 22nd)
It was briefly mentioned in a previous posting, but the Cryptolocker ransomware is still going strong. In essence, post infection is encrypts all of your "document" files based on file extension and then gives the user 72 hours to pay the ransom ($300 USD or 2 BTC). It is one f the few pieces of ransomware that does encryption right so at present, short of paying the ransom, there is no other means to decrypt. Bleeping Computer has a good write up, but below are the TL;DR highlights.
http://isc.sans.edu/diary.html?storyid=16871&rss
Touch ID: Biometrics Dont Make For Good Passwords
Theres an Apple event scheduled for tomorrow which will showcase this years iPad lineup. Among the more credible rumors is that at least one version of the iPad will include Apples Touch ID, its fingerprint identity sensor.And so it seems somewhat inevitable that all of our "smart" devices will soon include fingerprint readers.That being the case, we strongly recommend the following by @dustinkirkland: • Fingerprints are Usernames, not PasswordsWe welcome intelligent use of
http://www.f-secure.com/weblog/archives/00002624.html
Defending Against Crypto Backdoors
We already know the NSA wants to eavesdrop on the Internet. It has secret agreements with telcos to get direct access to bulk Internet traffic. It has massive systems like TUMULT, TURMOIL, and TURBULENCE to sift through it all. And it can identify ciphertext -- encrypted information -- and figure out which programs could have created it. But what the...
https://www.schneier.com/blog/archives/2013/10/defending_again_1.html
Security Bulletins: Citrix XenServer Multiple Security Updates
A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.2.
http://support.citrix.com/article/CTX139295
Vuln: 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/46936
WordPress Portable phpMyAdmin Plugin Security Bypass Security Issue
https://secunia.com/advisories/55270
WatchGuard Extensible Threat Management and System Manager Multiple Vulnerabilities
https://secunia.com/advisories/55388
Vuln: D-Link DIR-605L CAPTCHA Data Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56330
Bugtraq: [CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root
http://www.securityfocus.com/archive/1/529364
Cisco ASA VPN Denial of Service Vulnerability
A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5544
Security Bulletin: IBM SONAS fix available for Cross Frame Scripting vulnerability via Graphical User Interface (CVE-2013-5376)
An issue in IBM SONAS allows remote attackers to access the system as an authorized administrative user.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_sonas_fix_available_for_cross_frame_scripting_vulnerability_via_graphical_user_interface_cve_2013_5376?lang=en_us
Security Bulletin: IBM SONAS Fix Available for SONAS Cross Protocol Vulnerability (CVE-2013-0500)
IBM SONAS includes a flaw in the handling of special files created by an NFS client resulting in a vulnerability reported against IBM SONAS.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_sonas_fix_available_for_sonas_cross_protocol_vulnerability_cve_2013_0500?lang=en_us
IBM WebSphere Message Broker and IBM Integration Bus Security Vulnerability: XML4J denial of service attack (CVE-2013-5372)
XML4J is vulnerable to a denial of service attack triggered by a specially crafted XML document
http://www-01.ibm.com/support/docview.wss?uid=swg21653087
IBM Domino / iNotes Multiple Vulnerabilities
https://secunia.com/advisories/55405
https://secunia.com/advisories/55409
IBM WebSphere DataPower XC10 Two Vulnerabilities
https://secunia.com/advisories/55402
F5 BIG-IP Traffic Management Microkernel Component Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029220