End-of-Shift report
Timeframe: Dienstag 29-10-2013 18:00 − Mittwoch 30-10-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
Nuclear Exploit Pack Getting More Aggresive
Churning through our logs, we recently observed a significant rise in the number of transactions involving the Nuclear Exploit Pack, which has been in the news for quite some time now. In the past week, we stumbled upon thousands of transactions involving the Nuclear Exploit Pack infestation.
http://research.zscaler.com/2013/10/nuclear-exploit-pack-getting-more.html
A Tour Through The Chinese Underground
The Chinese underground has played host to many cybercriminals over the years. In the research brief titled Beyond Online Gaming Cybercrime: Revisiting the Chinese Underground Market, we provide some details of the current state of the Chinese underground economy. Last year, we looked into this underground sector, and this brief is a continuation of those efforts.
http://blog.trendmicro.com/trendlabs-security-intelligence/a-tour-through-the-chinese-underground/
Major Corporations Fail to Defend Against Social Engineering
Companies such as Apple and General Motors gave up crucial company information to social engineers during the annual Capture the Flag contest at Def Con.
http://threatpost.com/major-corporations-fail-to-defend-against-social-engineering/102733
iOS apps can be hijacked to show fraudulent content and intercept data
A large number of apps for iPhones and iPads are susceptible to hacks that cause them to surreptitiously send and receive data to and from malicious servers instead of the legitimate ones they were designed to connect to, security researchers said on Tuesday.
http://arstechnica.com/security/2013/10/ios-apps-can-be-hijacked-to-show-fraudulent-content-and-intercept-data/
New Injection Campaign Peddling Rogue Software Downloads
A mass injection campaign surfaced over the last two weeks that´s already compromised at least 40,000 web pages worldwide and is tricking victims into downloading rogue, unwanted software to their computer.
http://threatpost.com/new-injection-campaign-peddling-rogue-software-downloads/102737
Defending Against CryptoLocker
CryptoLocker infections were found across different regions, including North America, Europe Middle East and the Asia Pacific. Almost two-thirds of the affected victims - 64% - were from the US. Other affected countries include the UK and Canada, with 11% and 6% of global victims, respectively.
http://blog.trendmicro.com/trendlabs-security-intelligence/defending-against-cryptolocker/
Analysis: Kaspersky Lab Report: Java under attack - the evolution of exploits in 2012-2013
One of the biggest problems facing the IT security industry is the use of vulnerabilities in legitimate software to launch malware attacks. Malicious programs can use these vulnerabilities to infect a computer without attracting the attention of the user and, in some cases, without triggering an alert from security software.
http://www.securelist.com/en/analysis/204792310/Kaspersky_Lab_Report_Java_under_attack_the_evolution_of_exploits_in_2012_2013
Microsoft sieht Rückgang der Virengefahr, aber steigende Infektionen
In fast allen großen Ländern habe die Zahl der 'Begegnungen mit Schad-Software' deutlich abgenommen, konstatiert der aktuelle Microsoft Security Intelligence Report. Für Entwarnung ist es jedoch zu früh - denn die Zahl der Infektionen nimmt trotzdem zu.
http://www.heise.de/security/meldung/Microsoft-sieht-Rueckgang-der-Virengefahr-aber-steigende-Infektionen-2036307.html
Joomla! Media Manager allows arbitrary file upload and execution
A vulnerability has been discovered in older versions of the Joomla! content management software that allow an authenticated attacker to upload active content through the media manager form ('administrator/components/com_media/helpers/media.php'). Joomla! allows files with a trailing '.' to pass the upload checks.
http://www.kb.cert.org/vuls/id/639620
Apples Siri is helping users bypass iOS security
Siri was designed to be an effective personal assistant, but since the release of iOS 7, the artificial intelligence is bringing the bad with the good.
http://www.scmagazine.com/apples-siri-is-helping-users-bypass-ios-security/article/314370/
[remote] - Apache / PHP 5.x Remote Code Execution Exploit
+++ Betrifft veraltete Versionen +++
Unaffected versions are patched by CVE-2012-1823.
http://www.exploit-db.com/exploits/29290
Vuln: Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-5599 Remote Memory Corruption Vulnerability
+++ Betrifft veraltete Versionen +++
http://www.securityfocus.com/bid/63423
ASUS RT-N13U Backdoor Account
http://cxsecurity.com/issue/WLB-2013100206
Vuln: XAMPP for Windows Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53979
Citrix XenDesktop Upgrade Feature Bug Lets Remote Authenticated Users Bypass Policy Controls
http://www.securitytracker.com/id/1029263
WordPress MoneyTheme Cross Site Scripting / Shell Upload
http://cxsecurity.com/issue/WLB-2013100199
WordPress Curvo Shell Upload
http://cxsecurity.com/issue/WLB-2013100197
Google Play Billing Bypass
http://cxsecurity.com/issue/WLB-2013100203
sup Remote Command Execution
http://cxsecurity.com/issue/WLB-2013100202