End-of-Shift report
Timeframe: Montag 28-10-2013 18:00 − Dienstag 29-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
Hintergrund: iOS-Virenscanner mit zweifelhaftem Nutzen
Avira hat eine Virenschutz-App für iOS herausgegeben, die vor schadhaften Prozessen schützen soll. Welche das sind und wie diese erkannt werden, verrät das Unternehmen nicht.
http://www.heise.de/security/artikel/iOS-Virenscanner-mit-zweifelhaftem-Nutzen-2035131.html
Exploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
When ISC reader Yin reported earlier today that one of their servers had been hacked via the Apache Struts remote command execution vulnerability (CVE-2013-2251), at first this was flagged as "business as usual". Said vulnerability, after all, is known since July, and weve been seeing exploit attempts since early August (diary here).
http://isc.sans.edu/diary.html?storyid=16913
ATM malware Ploutus updated with English-language version
The Spanish-language ATM malware, which allowed attackers in Mexico to force ATMs to spit out cash, now has an updated English-language version.
http://www.scmagazine.com//atm-malware-ploutus-updated-with-english-language-version/article/318336/
Adobe Breach Impacted At Least 38 Million Users
The recent data breach at Adobe that exposed user account information and prompted a flurry of password reset emails impacted at least 38 million users, the company now says. It also appears that the already massive source code leak at Adobe is broadening to include the companys Photoshop family of graphical design products.
http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/
Analysis: Spam in September 2013
In September, the proportion of world spam in mail traffic continued to decline and reached 66%. As always the spammers focused on advertising seasonal goods and services. For example, the number of offers related to energy saving and insulating buildings increased significantly.
http://www.securelist.com/en/analysis/204792309/Spam_in_September_2013
Routerpwn
Routerpwn is a web application that helps you in the exploitation of vulnerabilities in residential routers. It is a compilation of ready to run local and remote web exploits.
http://www.routerpwn.com/
Windows XP ist und bleibt ein hochriskantes System
Im aktuellen Security Intelligence Report (SIR) warnt Microsoft erneut vor Windows XP. Sicherheits-Chef Tim Rains verteidigt die Entscheidung, den Support einzustellen.
http://futurezone.at/digital-life/windows-xp-ist-und-bleibt-ein-hochriskantes-system/33.025.977
Internet Safety - Tips for Parents
Internet basics can be as straightforward as pushing buttons or clicking a mouse. Understanding how youth use the Internet, however, can be an overwhelming task, especially for adults who don't spend much time online.
http://bc.rcmp-grc.gc.ca/ViewPage.action?siteNodeId=87&languageId=1&contentId=21690
Cyber Security Assesment Netherlands
Cybercrime and digital espionage remain the biggest threats to both governments and the business community. The threat of disruption of online services has increased. Clearly visible in the past year has been the rise of the criminal cyber services sector. Cyber-attack tools are made commercially available through `cybercrime as a service´.
https://www.ncsc.nl/english/current-topics/news/cyber-security-assesment-netherlands.html
Social media and digital identity. Prevention and incident response
The hack of a social media account is a common incident that could have a serious impact of our digital identity. How to prevent it? What to do in case of hack?
http://securityaffairs.co/wordpress/19143/cyber-crime/social-media-security.html
Angebliches Fritzbox-Fax entpuppt sich als Trojaner
Schadhafte E-Mails, die sich als Fax-Benachrichtigungen einer Fritzbox tarnen, verbreiten sich momentan rapide. In dem beigefügten Zip-Archiv befindet sich nicht etwa ein Fax, sondern ein Trojaner.
http://www.heise.de/security/meldung/Angebliches-Fritzbox-Fax-entpuppt-sich-als-Trojaner-2035618.html
Facebook Android Flaws Enable Any App to Get User's Access Tokens
A researcher has discovered serious vulnerabilities in the main Facebook and Facebook Messenger apps for Android that enable any other app on a device to access the user's Facebook access token and take over her account.
http://threatpost.com/facebook-android-flaws-enable-any-app-to-get-users-access-tokens/102724
[webapps] - Pirelli Discus DRG A125g - Password Disclosure Vulnerability.
http://www.exploit-db.com/exploits/29262
DSA-2786 icu
http://www.debian.org/security/2013/dsa-2786
vBulletin 4.1.x / 5.x.x Administrative User Injection
http://cxsecurity.com/issue/WLB-2013100192
MobileIron 4.5.4 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013100190
SAP Financial Services Statutory Reporting for Insurance (FS-SR) Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029256