End-of-Shift report
Timeframe: Dienstag 26-11-2013 18:00 − Mittwoch 27-11-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
The Season For Danger: Holiday Season Spam And Phishing
For many, the holiday season is a season for shopping and spending. But cybercriminals see it in a different light-they see it as a prime opportunity to steal. Take, for example, online shopping. Malicious websites to try and trick online shoppers into giving them their money instead of the legitimate shopping websites.
http://blog.trendmicro.com/trendlabs-security-intelligence/the-season-for-danger-holiday-season-spam-and-phishing/
InMobi: Another Vulnaggressive Adware Opens Billions of JavaScript 'Sidedoors' on Android Devices
FireEye mobile security researchers identified another new mobile threat, which we call 'JavaScript Sidedoors', which we discovered in the popular InMobi ad library. InMobi exposes dangerous behaviors such as making phone calls without user consent through JavaScript interfaces, which creates a 'sidedoor' for attackers to exploit by injecting malicious JavaScript through hijacking InMobi's HTTP traffic. ...
http://www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html
Ruby on Rails CookieStore Vulnerability Plagues Prominent Websites
Websites using an older version of Ruby on Rails, including Kickstarter and UrbanSpoon, remain vulnerable to a vulnerability in the frameworks cookie storage mechanism.
http://threatpost.com/ruby-on-rails-cookiestore-vulnerability-plagues-prominent-websites/103038
An Anti-Fraud Service for Fraudsters
Many online businesses rely on automated fraud detection tools to weed out suspicious and unauthorized purchases. Oddly enough, the sorts of dodgy online businesses advertised by spam do the same thing, only they tend to use underground alternatives that are far cheaper and tuned to block not only fraudulent purchases, but also "test buys" from security researchers, law enforcement and other meddlers.
http://krebsonsecurity.com/2013/11/anti-fraud-service-for-fraudsters/
Security and policy surrounding bring your own devices (BYOD)
As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device (BYOD) revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost savings and productivity, it is also important to have robust security policies supporting BYOD.
http://blogs.technet.com/b/msrc/archive/2013/11/26/security-and-policy-surrounding-bring-your-own-devices-byod.aspx
Our protection metrics - October results
Last month we introduced our monthly protection metrics and talked about our September results. Today, we'd like to talk about our results from October. If you want a refresh on the definition of the metrics we use in our monthly results, see our prior post: Our protection metrics - September results. During October 2013, while our rate of incorrect detections remained low, and our performance metrics stayed fairly consistent, the infection rate of 0.18 percent was higher in
http://blogs.technet.com/b/mmpc/archive/2013/11/26/our-protection-metrics-october-results.aspx
White hat Wi-Fi hacking shows vulnerability of business data
White hat hackers have shown that usernames, passwords, contact lists, details of e-commerce accounts and banking details can be sniffed easily from public Wi-Fi hotspots.
http://www.computerweekly.com/news/2240209927/White-hat-Wi-Fi-hacking-shows-vulnerability-of-business-data
Volatility 2.3 and FireEyes diskless, memory-only Trojan.APT.9002
FireEyes Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method, posted 10 NOV 2013 is specific to an attack that "loaded the payload directly into memory without first writing to disk." As such, this "will further complicate network defenders ability to triage compromised systems, using traditional forensics methods."
http://holisticinfosec.blogspot.co.uk/2013/11/volatility-23-and-fireeyes-diskless.html
Malware creation hits record-high numbers In 2013, according to PandaLabs Q3 Report
Panda Security, The Cloud Security Company, has just published the results of its Quarterly Report for Q3 2013, drawn up by PandaLabs, the company's anti-malware laboratory. One of the main conclusions that can be drawn from this global study is that malware creation has hit a new record high, with nearly 10 million new strains identified so far this year.
http://press.pandasecurity.com/news/malware-creation-hits-record-high-numbers-in-2013-according-to-pandalabs-q3-report/
Security Headers on the Top 1,000,000 Websites: November 2013 Report
It has been almost exactly a year since we conducted the first top 1 million security headers report so it is a great time to re-run the analysis and see how well security header adoption is growing. As before, the latest Chrome and Firefox User-Agent strings were used to make requests to the top 1 million sites over both HTTP and HTTPS.
https://www.veracode.com/blog/2013/11/security-headers-on-the-top-1000000-websites-november-2013-report/
Finding Cryptolocker Encrypted Files using the NTFS Master File Table
For the most part, everyone seems to be familiar with the new variants of Cyptolocker making the rounds these days. To quickly summarize, this form of ransomware that encrypts documents and pictures found on local and mapped network drives in an attempt to obtain payment for the decryption keys.
http://securitybraindump.blogspot.ru/2013/11/finding-cryptolocker-encrypted-files.html
Rogue that takes webcam pictures of you
Recently we heard of a rogue fake antivirus that takes screenshots and webcam images in an attempt to further scare you into succumbing to it's scam. We gathered a sample and sure enough, given some time it will indeed use the webcam and take a picture of what's in front of the camera at that time. This variant is called "Antivirus Security Pro" and it's as nasty as you can get.
http://www.webroot.com/blog/2013/11/27/new-rogue-now-takes-screenshots/
Vuln: Drupal Core Image Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/63848
Xen Privileged Ring Access Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029396
Debian Security Advisory DSA-2804 drupal7
http://www.debian.org/security/2013/dsa-2804
Debian Security Advisory DSA-2803 quagga
http://www.debian.org/security/2013/dsa-2803