End-of-Shift report
Timeframe: Mittwoch 11-12-2013 18:00 − Donnerstag 12-12-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
How cybercriminals efficiently violate YouTube, Facebook, Twitter, Instagram, SoundCloud and Google+'s ToS
With social media, now an inseparable part of the marketing expenditures for every modern organization, cybercriminals quickly adapted to the ongoing buzz, and over the last couple of years, have been persistently supplying the market segment with social media metrics performance boosts, in the the form of bogus likes, dislikes, comments, favorites, subscribers, and video/music plays.
http://www.webroot.com/blog/2013/12/11/cybercriminals-efficiently-violate-monetize-youtube-facebook-twitter-instagram-soundcloud-googles-tos/
Inside the TextSecure, CyanogenMod Integration
Moxie Marlinspike explains how Open WhisperSystems plans to bring end-to-end encrypted secure communications to major platforms such as Android, iOS and popular Web browsers.
http://threatpost.com/inside-the-textsecure-cyanogenmod-integration/103164
The Kernel is calling a zero(day) pointer - CVE-2013-5065 - Ring Ring
SpiderLabs investigates a number of suspicious binary files on a daily basis. A week ago we came across a PDF file which had two different vulnerabilities, a remote-code-execution vulnerability in Adobe Reader and a new escalation-of-privileges vulnerability in Windows Kernel.
http://blog.spiderlabs.com/2013/12/the-kernel-is-calling-a-zeroday-pointer-cve-2013-5065-ring-ring.html
Software defense: mitigating common exploitation techniques
In our previous posts in this series, we described various mitigation improvements that attempt to prevent the exploitation of specific classes of memory safety vulnerabilities such as those that involve stack corruption, heap corruption, and unsafe list management and reference count mismanagement. These mitigations are typically associated with a specific developer mistake such as writing beyond the bounds of a stack or heap buffer, failing to correctly track reference counts, and so on.
http://blogs.technet.com/b/srd/archive/2013/12/11/software-defense-mitigating-common-exploitation-techniques.aspx
Operation Ke3chang: Targeted Attacks Against Ministries of Foreign Affairs
This week, FireEye released a report detailing how Chinese-speaking advanced persistent threat (APT) actors systematically attacked European ministries of foreign affairs (MFAs). Within 24 hours, the Chinese government officially responded.
http://www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html
Blog: Forecasts for 2014 - expert opinion
In 2014 we expect significant growth in the number of threats related to economic and domestic cyber-espionage, with cyber-mercenaries/cyber-detectives playing an active role in such attacks.
http://www.securelist.com/en/blog/8167/Forecasts_for_2014_expert_opinion
Tausende Online-Shops auf Basis von xt:Commerce akut bedroht
Die Shop-Software xt:Commerce 3 und deren Ableger wie Gambio und Modified enthalten zwei Fehler, die es in Kombination erlauben, Shops komplett zu übernehmen. Ersten groben Schätzungen zufolge wird die Software ungefähr 50.000 Shops eingesetzt. Zum Glück gibt es Workarounds und Patches, um sich zu schützen.
http://www.heise.de/security/meldung/Tausende-Online-Shops-auf-Basis-von-xt-Commerce-akut-bedroht-2065104.html
D-Link DSL-6740U Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/55999
InstantCMS "orderby" SQL Injection Vulnerability
https://secunia.com/advisories/56041
PHP OpenSSL Extension X.509 Certificate Parsing Memory Corruption Vulnerability
https://secunia.com/advisories/56055
Adobe ColdFusion 9/10 Administrative Login Bypass
http://cxsecurity.com/issue/WLB-2013120084
Vtiger 5.4.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013120088
Plone Multiple Vulnerabilities
https://secunia.com/advisories/56015