End-of-Shift report
Timeframe: Freitag 22-11-2013 18:00 − Montag 25-11-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
Second Look at Stuxnet Reveals Older Dangerous Variant
ICS expert Ralph Langner has thrown back the covers on Stuxnet revealing a two-pronged attack intent not only on disrupting Irans nuclear capabilities, but flexing the attackers muscle in building weaponized malware.
http://threatpost.com/second-look-at-stuxnet-reveals-older-dangerous-variant/103006
Google fixes flaw in Gmail password reset process
According to the researcher who discovered the bug, Google swiftly addressed the security issue, which could leave users passwords vulnerable to theft.
http://www.scmagazine.com/google-fixes-flaw-in-gmail-password-reset-process/article/322343/
Five Years Old And Still On The Run: DOWNAD
Five years ago, Conficker/DOWNAD was first seen and quickly became notorious due to how quickly it spread and how much damage it caused. Remarkably, after all that time, it´s still alive. It can still pose a serious problem, as it can propagate to other systems on the same network as an infected machine - a factor that may explain its high rate of infection to this day.
http://blog.trendmicro.com/trendlabs-security-intelligence/five-years-old-and-still-on-the-run-downad/
Another Fake WordPress Plugin - And Yet Another SPAM Infection!
We clean hundreds and thousands of infected websites, a lot of the cleanups can be considered to be somewhat "routine". If you follow our blog, you often hear us say we´ve seen "this" numerous times, we´ve cleaned "that" numerous times.
http://blog.sucuri.net/2013/11/another-fake-wordpress-plugin-and-yet-another-spam-infection.html
Top Security Predictions for 2014
As 2013 draws to a close, FireEye researchers are already looking ahead to 2014 and the shifting threat landscape. Expect fewer Java zero-day exploits and more browser-based ones. Watering-hole attacks may supplant spear-phishing attacks.
http://www.fireeye.com/blog/corporate/2013/11/top-security-predictions-for-2014.html
Port 0 DDOS, (Fri, Nov 22nd)
Following on the stories of amplification DDOS attacks using Chargen, and stories of "booters" via Brian Kreb's, I am watching with interest the increase in port 0 amplification DDOS attacks.
http://isc.sans.edu/diary.html?storyid=17081
Spam-Friendly Registrar 'Dynamic Dolphin' Shuttered
The organization that oversees the Internet domain name registration industry last week revoked the charter of Dynamic Dolphin, a registrar that has long been closely associated with spam and cybercrime.
http://krebsonsecurity.com/2013/11/spam-friendly-registrar-dynamic-dolphin-shuttered/
LG smart TV snooping extends to home networks, second blogger says
A second blogger has published evidence that his LG-manufactured smart television is sharing sensitive user data with the Korea-based company in a post that offers support for the theory that the snooping isnt isolated behavior that affects a small number of sets.
http://arstechnica.com/security/2013/11/lg-smart-tv-snooping-extends-to-home-networks-second-blogger-says/
CryptoLocker gang teams with botnet-builders on ransomware
The cyber-gang running the CryptoLocker extortion racket is sharing a big cut of any payments they squeeze out of their victims with criminal botnet owners working closely with them, says Symantec, which has been monitoring this underworld activity online.
http://www.pcworld.com/article/2066741/cryptolocker-gang-teams-with-botnet-builders-on-ransomware.html
DSA-2802 nginx
http://www.debian.org/security/2013/dsa-2802
DSA-2801 libhttp-body-perl
http://www.debian.org/security/2013/dsa-2801
[webapps] - TPLINK WR740N/WR740ND - Multiple CSRF Vulnerabilities
http://www.exploit-db.com/exploits/29802
ImpressPages CMS 3.8 Stored XSS Vulnerability
http://cxsecurity.com/issue/WLB-2013110168
Pirelli Discus DRG A125g Remote Change SSID Value Vulnerability
http://cxsecurity.com/issue/WLB-2013110167
Google Gmail IOS Mobile Application - Persistent / Stored XSS
http://cxsecurity.com/issue/WLB-2013110170
Ruby Heap Overflow in Floating Point Parsing Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029388
Drupal Core Bugs Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, and Open Redirect Attacks
http://www.securitytracker.com/id/1029386