Tageszusammenfassung - Montag 9-12-2013

End-of-Shift report

Timeframe: Freitag 06-12-2013 18:00 − Montag 09-12-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a

RuggedCom ROS Multiple Vulnerabilities

Siemens has reported to NCCIC/ICS-CERT multiple vulnerabilities in the RuggedCom Rugged OS (ROS). Siemens has produced a firmware update that mitigates these vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to hijack an active Web session and access administrative functions on the devices without proper authorization. These vulnerabilities could be exploited remotely.

http://ics-cert.us-cert.gov/advisories/ICSA-13-340-01

The Biggest Security Stories of 2013

As 2013 comes to a close, security experts are looking back at the major stories and developments of the year, including the Edward Snowden NSA leaks and major malware attacks. In this video, Vitaly Kamluk of Kaspersky Lab examines the biggest security news of 2013 and talks about the lasting effects they may have.

http://threatpost.com/the-biggest-security-stories-of-2013/103125

Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt

Just dont bork our crim-busting honeypots again Microsoft has teamed up with the FBI to launch a renewed attempt to disrupt the operations of the infamous ZeroAccess botnet.

http://www.theregister.co.uk/2013/12/06/zeroaccess_zombienet_takedown/

FAQ: Pony Malware Payload Discovery

Our team´s discovery of the spoils of yet another instance of Pony 1.9 has kept us busy the past couple of days. We´ve enjoyed explaining our discovery to journalists and trying our best to answer the questions that arise over social networks and email with each publication of a story. A lot of those questions tend to be similar.

http://blog.spiderlabs.com/2013/12/faq-pony-malware-payload-discovery.html

2014 Predictions: Blurring Boundaries

The past year has been an interesting one in the world of cyber security. Mobile malware has become a large-scale threat, government surveillance has users asking "does privacy still exist?", cybercrime continues to steal money from individuals and businesses, and new targets for hackers like AIS and SCADA have been identified. 2013 was many things, but boring was not one of them.

http://blog.trendmicro.com/trendlabs-security-intelligence/2014-predictions-blurring-boundaries/

The state of targeted attacks

Trusteer announced the results of a recent study on the State of Targeted Attacks, which took into consideration the feedback from over 750 IT and IT security practitioners who have involvement in defensive efforts against APTs launched at their organisations.

http://www.net-security.org/secworld.php?id=16059

Android-Apps: Sicherheitslücke durch fehlerhafte SSL-Prüfung

Das Fraunhofer-Institut für Sichere Informationstechnologie hat mehrere Android-Apps ausfindig gemacht, bei denen die fehlerhafte Prüfung des SSL-Zertifikats den Zugriff auf Zugangsdaten möglich macht. Nur etwa die Hälfte aller kontaktierten Hersteller hat die Sicherheitslücke bisher geschlossen.

http://www.golem.de/news/android-apps-sicherheitsluecke-durch-fehlerhafte-ssl-pruefung-1312-103250-rss.html

The world´s most dangerous mobile phone spying app just moved into the tablet and iPad market

The evolution of GPS and the smart-phone market has spawned a macabre industry of surveillance apps designed to be covertly installed onto the cellphones of vulnerable employees, business associates, partners and children.

http://www.privacysurgeon.org/blog/incision/the-worlds-most-dangerous-mobile-phone-spying-app-just-moved-into-the-tablet-and-ipad-market/

Bypassing Windows AppLocker using a Time of Check Time of Use vulnerability

Windows AppLocker is Microsoft´s replacement to Software Restriction Policies in Windows 7, Windows 8, Server 2008 and Server 2012. Windows AppLocker has been promoted by several government agencies such as the National Security Agency and the New Zealand National Cyber Security Center as an effective mechanism to combat the execution of unauthorized code on modern Microsoft Windows based systems.

http://www.nccgroup.com/media/495634/2013-12-04_-_ncc_-_technical_paper_-_bypassing_windows_applocker__2_.pdf

Automater - IP URL and MD5 OSINT Analysis

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

http://www.tekdefense.com/automater/

Drei GIMP-Lücken auf einen Streich

Das Sicherheits-Team von Red Hat hat drei Speicherverwaltungsprobleme in der Bildverarbeitungssoftware GIMP gefunden und beseitigt, die dazu ausgenutzt werden könnten, dem Benutzer Schadcode unterzuschieben.

http://www.heise.de/security/meldung/Drei-GIMP-Luecken-auf-einen-Streich-2062907.html

Malicious multi-hop iframe campaign affects thousands of Web sites, leads to a cocktail of client-side exploits - part two

Ever since we exposed and profiled the evasive, multi-hop, mass iframe campaign that affected thousands of Web sites in November, we continued to monitor it, believing that the cybercriminal(s) behind it, would continue operating it, basically switching to new infrastructure once the one exposed in the post got logically blacklisted, thereby undermining the impact of the campaign internationally.

http://www.webroot.com/blog/2013/12/09/malicious-multi-hop-iframe-campaign-affects-thousands-web-sites-leads-cocktail-client-side-exploits-part-two/

Putting malware in the picture

Spammers actively spread malware using fake notifications on behalf of various financial and banking institutions, booking and delivery services and other companies. The arsenal of tricks used by cybercriminals is constantly being updated. In particular, in recent years we have registered a number of English- and German-language mass mailings in which the attackers try to hide malware under photos and pictures.

https://www.securelist.com/en/blog/8159/Putting_malware_in_the_picture

Security Bulletin: Multiple Security vulnerability fix for IBM Tivoli Storage Manager Administration Center (CVE-2012-5081, CVE-2013-0169, CVE-2013-0443).

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerability_fix_for_ibm_tivoli_storage_manager_administration_center_cve_2012_5081_cve_2013_0169_cve_2013_0443?lang=en_us

Steinberg MyMp3PRO SEH buffer overflow

http://xforce.iss.net/xforce/xfdb/89468