Tageszusammenfassung - Montag 28-10-2013

End-of-Shift report

Timeframe: Freitag 25-10-2013 18:00 − Montag 28-10-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a

Email contains phishing scam, not iPhone 5S

A new phishing email circulating the globe is preying on Apple fans who cant wait to get their hands on the coming iPhone 5S and iPhone 5c devices.

http://www.scmagazine.com/email-contains-phishing-scam-not-iphone-5s/article/311080/

Blog: Cryptolocker Wants Your Money!

A new ransomware Trojan is on the loose. The attackers give you roughly three days to pay them, otherwise your data is gone forever.

http://www.securelist.com/en/blog/208214109/Cryptolocker_Wants_Your_Money

Blog-Software Wordpress 3.7 aktualisiert sich selbst

In der neuen Version 3.7 hält sich die Blog-Software Wordpress selbst aktuell: Sicherheitsupdates werden künftig im Hintergrund automatisch eingespielt, wenn die Konfiguration das zulässt. Weitere Neuerungen dienen ebenfalls vorrangig der Sicherheit.

http://www.heise.de/security/meldung/Blog-Software-Wordpress-3-7-aktualisiert-sich-selbst-1985697.html

Periodic Connections to Control Server Offer New Way to Detect Botnets

A number of recent botnets and advanced threats use HTTP as their primary communications channel with their control servers. McAfee Labs research during the last couple of years reveals that more than 60 percent of the top botnet families depend on HTTP. These numbers have increased significantly over the last few quarters.

http://blogs.mcafee.com/mcafee-labs/periodic-links-to-control-server-offer-new-way-to-detect-botnets

Improving Hadoop Security with Host Intrusion Detection (Part 2)

This is a continuation of our previous post on Hadoop security. As we mentioned in our earlier post, we can use OSSEC to monitor for the file integrity of these existing Hadoop and HBase systems. OSSEC creates logs which a system administrator can use to check for various system events. It´s worth noting that big data systems ...

http://blog.trendmicro.com/trendlabs-security-intelligence/improving-hadoop-security-with-host-intrusion-detection-part-2/

Active Perl/Shellbot Trojan

ISC received a submission from Zach of a Perl/Shellbot.B trojan served by fallencrafts[.]info/download/himad.png. The trojan has limited detection on Virustotal and the script contains a 'hostauth' of sosick[.]net[3] and the IRC server where the compromised systems are connecting to is located at 89.248.172.144. What we have so far, it appears it is exploiting older version of Plesk.

http://isc.sans.edu/diary.html?storyid=16907&rss

LinkedIn kann Mails mitlesen

Die kürzlich eingeführte Intro-Technik für iOS bringt dem Berufsnetzwerk Kritik ein: Sie sei ein Traum für Angreifer und Sicherheitsdienste. Die Firma verteidigt sich: Alles sei sicher und man respektiere die Privatsphäre der Nutzer.

http://www.heise.de/security/meldung/LinkedIn-kann-Mails-mitlesen-2034490.html

Einbruch bei Buffer

Der Social-Media-Dienst wurde gestern gehackt. Laut Unternehmensblog sollen weder Passwörter noch Kreditkarteninformationen abhanden gekommen sein.

http://www.heise.de/security/meldung/Einbruch-bei-Buffer-2034519.html

Storewize: IBM warnt vor Sicherheitslücke in Storage-Systemen

In den SAN-Controllern der Serie Storewize von IBM steckt eine Lücke, mit der ein Angreifer die Konfiguration ändern und auch Daten löschen kann. Abhilfe schafft ein Firmware-Update, das schon bereitsteht. (IBM, Netzwerk)

http://www.golem.de/news/storewize-ibm-warnt-vor-sicherheitsluecke-in-storage-systemen-1310-102388-rss.html

End User Devices Security and Configuration Guidance

UK Gov Configuration guidance for the following platforms: End User Devices Security Guidance: Windows Phone 8 End User Devices Security Guidance: Android 4.2 End User Devices Security Guidance: Windows 7 and Windows 8 End User Devices Security Guidance: Ubuntu 12.04 End User Devices Security Guidance: Windows 8 RT ...

https://www.gov.uk/government/collections/end-user-devices-security-guidance--2

Bypassing security scanners by changing the system language

Luiz Eduardo and Joaquim Espinhara´s found that the majority of pentesting tools analyze specific problems in web applications - such as SQL injection - via the return messages that are provided by the application, and not by the error code that is reported by the database management system. So, what would happen if the setup language was not English, but Chinese or Portuguese? As their research showed, if the target SQL server doesnt use English by default, the scanners wont be able to

http://www.net-security.org/secworld.php?id=15832

Cisco Identity Services Engine contains an input validation vulnerability

Vulnerability Note VU#952422 Cisco Identity Services Engine contains an input validation vulnerability Original Release date: 28 Oct 2013 | Last revised: 28 Oct 2013 Overview Cisco Identity Services Engine contains an input validation vulnerability (CWE-20). Description CWE-20: Improper Input ValidationCisco Identity Services Engine (ISE) contains an input validation vulnerability.

http://www.kb.cert.org/vuls/id/952422

I challenged hackers to investigate me and what they found out is chilling

It´s my first class of the semester at New York University. I´m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message.

http://pandodaily.com/2013/10/26/i-challenged-hackers-to-investigate-me-and-what-they-found-out-is-chilling/

Spam-Versender. Schauen Sie doch mal bitte in Ihren Junk-Ordner

Werbefilter funktionieren inzwischen ziemlich zuverlässig. Das wissen auch die Spam-Versender. Deshalb schicken sie noch eine zweite Nachricht hinterher.

http://www.heise.de/security/meldung/Spam-Versender-Schauen-Sie-doch-mal-bitte-in-Ihren-Junk-Ordner-2034941.html

Scan Shows 65% of ReadyNAS Boxes on Web Vulnerable to Critical Bug

It´s been known for some time now several months, in fact that there is a critical, remotely exploitable vulnerability in some of Netgear´s ReadyNAS storage boxes, and a patch has been available since July. However, many of the boxes exposed to the Web are still vulnerable, and a recent scan by HD Moore of Rapid7 found that ...

http://threatpost.com/scan-shows-65-of-readynas-boxes-on-web-vulnerable-to-critical-bug/102706

Vuln: Cisco Catalyst 3750 Series Switches Default Credentials Security Bypass Vulnerabilities

http://www.securityfocus.com/bid/63342