Tageszusammenfassung - Freitag 15-11-2013

End-of-Shift report

Timeframe: Donnerstag 14-11-2013 18:00 − Freitag 15-11-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a

Blog: The rush for CVE-2013-3906 - a hot commodity

Two days ago FireEye reported that the recent CVE-2013-3906 exploit has begun to be used by new threat actors other than the original ones. The new infected documents share similarities with previously detected exploits but carry a different payload. This time these exploits are being used to deliver Taidoor and PlugX backdoors, according to FireEye.

http://www.securelist.com/en/blog/208214158/The_rush_for_CVE_2013_3906_a_hot_commodity

CVE-2012-1889 is still alive!

In Zscaler´s daily scanning, we identified an instance where CVE-2012-1889 (MSXML Uninitialized Memory Corruption Vulnerability) is still alive. Lets take a look.

http://research.zscaler.com/2013/11/cve-2012-1889-is-still-alive.html

Febipos for Internet Explorer

In a previous blog post we discussed Trojan:JS/Febipos.A, a malicious browser extension that targets the Facebook profiles of Google Chrome and Mozilla Firefox users. We recently came across a new Febipos sample that was specifically developed for Internet Explorer - we detect it as Trojan:Win32/Febipos.B!dll.

http://blogs.technet.com/b/mmpc/archive/2013/11/14/febipos-for-internet-explorer.aspx

Linux backdoor squirts code into SSH to keep its badness buried

Fokirtor! It LOOKED like legitimate traffic... Security researchers have discovered a Linux backdoor that uses a covert communication protocol to disguise its presence on compromised systems.

http://www.theregister.co.uk/2013/11/15/stealthy_linux_backdoor/

Mobile Pwn2Own: Internet Explorer 11 geknackt, Chrome schon geflickt

Die von Pinkie Pie benutzte Chrome-Lücke wurde von Google mittlerweile geschlossen. Forscher der Zero Day Initiative gelang es unterdessen, Internet Explorer 11 auf einem Surface Pro zu übernehmen.

http://www.heise.de/security/meldung/Mobile-Pwn2Own-Internet-Explorer-11-geknackt-Chrome-schon-geflickt-2047256.html

Blog: AutoCAD - new platform for start page Trojans

In China, start page Trojans have become a popular type of malware because by changing users´ browser start pages to point to some navigation site, the owner of the site can get a large amount of web traffic which can then be converted into large sums of money. In order to spread such Trojans as broadly as possible, Trojan authors have even turned their sights to AutoCAD.

http://www.securelist.com/en/blog/8141/AutoCAD_new_platform_for_start_page_Trojans

Research Into BIOS Attacks Underscores Their Danger

For three years, Dragos Ruiu has attempted to track down a digital ghost in his network, whose presence is only felt in strange anomalies and odd system behavior. The anomalies ranged from system instability, to "bricked" USB sticks and data seemingly modified on the fly, according to online posts.

http://www.darkreading.com/advanced-threats/research-into-bios-attacks-underscore-da/240163919

Eight Security Predictions for 2014

2013 was not an easy year in cybersecurity and we expect 2014 attacks will be even more complex. In a new report out today, Websense Security Labs researchers collectively outlined eight predictions and recommendations for 2014.

http://community.websense.com/blogs/securitylabs/archive/2013/11/14/eight-security-predictions-for-2014.aspx

The Security Impact of HTTP Caching Headers, (Fri, Nov 15th)

Earlier this week, an update for Media-Wiki fixed a bug in how it used caching headers. The headers allowed authenticated content to be cached, which may lead to sessions being shared between users using the same proxy server. I think this is a good reason to talk a bit about caching in web applications and why it is important for security.

http://isc.sans.edu/diary.html?storyid=17033&rss