End-of-Shift report
Timeframe: Donnerstag 24-10-2013 18:00 − Freitag 25-10-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Periodic Links to Control Server Offer New Way to Detect Botnets
A number of recent botnets and advanced threats use HTTP as their primary communications channel with their control servers. McAfee Labs research during the last couple of years reveals that more than 60 percent of the top botnet families depend on HTTP. These numbers have increased significantly over the last few quarters. The following pie […]
http://blogs.mcafee.com/mcafee-labs/periodic-links-to-control-server-offer-new-way-to-detect-botnets
DDoS mitigation firm notes dramatic increase in reflection attack style
Between Q3 2012 and Q3 2013, distributed reflection denial-of-service (DrDoS) attacks increased 265 percent, a global attack report found.
http://www.scmagazine.com/ddos-mitigation-firm-notes-dramatic-increase-in-reflection-attack-style/article/317829/
LinkedIn Intro App Equivalent to Man in the Middle Attack, Experts Say
LinkedIn’s release of its Intro app yesterday for Apple iOS mobile devices raised more than a few eyebrows for behaviors that are tantamount to a man-in-the-middle attack, experts said.
http://threatpost.com/linkedin-intro-app-equivalent-to-man-in-the-middle-attack-experts/102683
Evasive Tactics: Terminator RAT
FireEye Labs has been tracking a variety of APT threat actors that have been slightly changing their tools, techniques and procedures (TTPs) in order to evade network defenses. Earlier, we documented changes to Aumlib, the malware used in the attack...
http://www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html
Cybercriminals release new commercially available Android/BlackBerry supporting mobile malware bot
Thanks to the growing adoption of mobile banking, in combination with the utilization of mobile devices to conduct financial transactions, opportunistic cybercriminals are quickly capitalizing on this emerging market segment. Made evident by the release of Android/BlackBerry compatible mobile malware bots. This site is empowering potential cybercriminals with the necessary ‘know-how’ when it comes to ‘cashing out’ compromised accounts of E-banking victims who have...
http://www.webroot.com/blog/2013/10/25/cybercriminals-release-new-commercially-available-androidblackberry-supporting-mobile-malware-bot/
OSX/Leverage.a Analysis
A few days ago, a new OSX malware was detected in the wild. It looks like a picture and behaves like it when you click on it. Everything looks fine when the clicked picture is opened on the screen, but the malware also performs some other actions. After the first look, we saw that the malware copies itself to /Users/Shared/UserEvent.app with the ditto command, and creates a LaunchAgent to load itself when the computer starts with these shell commands: mkdir ~/Library/LaunchAgents echo
http://www.alienvault.com/open-threat-exchange/blog/osx-leveragea-analysis
PHP.net zur Verbreitung von Malware missbraucht
Entgegen früherer Aussagen der Administratoren wurde die Projektseite von PHP doch Opfer eines Hackerangriffs. Zwei Server wurden gekapert und zur Verteilung von Schadcode eingesetzt.
http://www.heise.de/security/meldung/PHP-net-zur-Verbreitung-von-Malware-missbraucht-1985687.html
ProSoft Technology RadioLinx ControlScape PRNG Vulnerability
RadioLinx ControlScape is prone to a predictable random number generator weakness. Attackers can leverage this weakness to aid in brute-force attacks. Other attacks are also possible.
http://www.securityfocus.com/bid/62238/
http://ics-cert.us-cert.gov/advisories/ICSA-13-248-01
Vuln: OpenStack Keystone Tokens Validation CVE-2013-4222 Security Bypass Vulnerability
http://www.securityfocus.com/bid/61725
Vuln: OpenStack Nova CVE-2013-4261 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62200
Vuln: OpenStack Nova CVE-2013-4278 Security Bypass Vulnerability
http://www.securityfocus.com/bid/62016
CA SiteMinder Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029237
libvirt API Access Control Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1029241
Vuln: GnuTLS CVE-2013-4466 libdane/dane.c Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/63326
Vuln: VICIDIAL manager_send.php CVE-2013-4468 Command Injection Vulnerability
http://www.securityfocus.com/bid/63288
Security Bulletin: Tivoli Netcool/OMNIbus Web GUI - IBM WebSphere Application Server PM44303 security bypass (CVE-2012-3325) and Hash denial of service (CVE-2011-4858)
CVE-2012-3325: After installing an Interim Fix for PM44303 or a Fix Pack containing PM44303, there is a potential security exposure with IBM WebSphere Application Server. CVE-2011-4858: Potential Denial of Service (DoS) security exposure when using web-based applications due to Java HashTable implementation vulnerability.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tivoli_netcool_omnibus_web_gui_ibm_websphere_application_server_pm44303_security_bypass_cve_2012_3325_and_hash_denial_of_service_cve_2011_4858?lang=en_us