End-of-Shift report
Timeframe: Mittwoch 13-11-2013 18:00 − Donnerstag 14-11-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
Stanford Metaphone Project Aims to Show Dangers of Metadata Collection
When the first NSA surveillance story broke in June, about the agency´s collection of phone metadata from Verizon, most people likely had never heard the word metadata before. Even some security and privacy experts weren´t sure what the term encompassed, and now a group of security researchers at Stanford have started a new project to collect data from Android users to see exactly how much information can be drawn from the logs of phone calls and texts.
http://threatpost.com/stanford-metaphone-project-aims-to-show-dangers-of-metadata-collection/102924
Thunderbird gibt falschem Absender das Echtheits-Siegel
Eigentlich sollen digitale Signaturen sicherstellen, dass man sich auf den Absender einer E-Mail verlassen kann. Allerdings stellt sich Thunderbird im Umgang mit signierten E-Mails so ungeschickt an, dass man falsche Absender vortuschen kann.
http://www.heise.de/security/meldung/Thunderbird-gibt-falschem-Absender-das-Echtheits-Siegel-2044405.html
Unusual BHEK-Like Spam With Attachment Found
Soon after Paunch was arrested, we found that the flow of spam campaigns going to sites with the Blackhole Exploit Kit (BHEK) had slowed down considerably. Instead, we saw an increase in messages with a malicious attachment.
Recently, however, we came across rather unusual spam samples that combines characteristics of both attacks.
http://blog.trendmicro.com/trendlabs-security-intelligence/unusual-bhek-like-spam-with-attachment-found/
Mobile Pwn2Own: Galaxy S4 und iOS gehackt
Am ersten Tag des Wettbewerbs Mobile Pwn2Own in Tokio wurde auf Samsungs Galaxy S4 eine Sicherheitslücke gezeigt, die es ermöglicht, beliebige Apps zu installieren. Chinesische Hacker zeigten Schwachstellen in Safari unter iOS 6.1.4 und 7.0.3.
http://www.heise.de/security/meldung/Mobile-Pwn2Own-Galaxy-S4-und-iOS-gehackt-2045460.html
Analysis: IT Threat Evolution: Q3 2013
IT Threat Evolution: Q3 2013
Targeted Attacks / APT
Malware Stories
Web security and data breaches
Mobile malware
http://www.securelist.com/en/analysis/204792312/IT_Threat_Evolution_Q3_2013
A-DOH!-BE hack: Facebook warns users whose logins were spilled
Facebook is using a list of hacked Adobe accounts posted by the miscreants themselves to warn its own customers about password reuse.
http://www.theregister.co.uk/2013/11/14/facebook_adobe_password_leak_warning/
New OSX/Crisis or Business Cards Gone Wild
In these days of computer conspiracies, the Mac is not left out. A new variant of Remote Control System, Hacking Team´s spyware, landed on VirusTotal with a detection rate of 0 out of 47 scanners. RCS, also known as OSX/Crisis, is an expensive rootkit used by governments during targeted attacks.
http://www.intego.com/mac-security-blog/new-osx-crisis-business-cards-gone-wild/
Cracked.com Serving Malware in Drive-By Downloads
The popular humor website, Cracked[dot]com reportedly hosted malware that infected the machines of of its visitors over the weekend and may still be doing so, according to Barracuda Labs research.
http://threatpost.com/cracked-com-serving-malware-in-drive-by-downloads/102930
eGroupware HTML File Uploads Script Insertion Vulnerability
https://secunia.com/advisories/54368
LastPass Android Container PIN / Auto-Wipe Bypass
http://cxsecurity.com/issue/WLB-2013110101
IBM Multiple Storage Products Apache Struts Security Bypass Vulnerability
https://secunia.com/advisories/55706
SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access Bypass
Remote Vulnerability: Access bypassDescriptionThis module enables you to manage groups and assign content and users to groups.The module doesnt sufficiently check permissions to some of the configuration pages allowing unprivileged users to access the roles and permissions pages of the GCC module.CVE
https://drupal.org/node/2135267
SA-CONTRIB-2013-090 - Revisioning - Access Bypass
Remote Vulnerability: Access bypassDescriptionThis module enables you to create content publication workflows whereby one version of the content is "live" (publicly visible), while another is being edited and moderated privately until found fit for publication.The module doesnt sufficiently apply node access permissions
https://drupal.org/node/2135257