Tageszusammenfassung - Montag 16-12-2013

End-of-Shift report

Timeframe: Freitag 13-12-2013 18:00 − Montag 16-12-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

Bitcoin Mining Operation Seen Across Numerous Malware Families

The talent over at Malwarebytes broke a story this week regarding Fake Flash Player phishing attempts dropping malicious content onto victim machines for the purpose of mining Bitcoins. The threat tricks users into thinking that they are downloading a new version of Flash Player. In actuality, the threat drops a few malicious executables (stored in "[username]/AppData/Roaming/Data"), called...

http://research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html


IETF To Change TLS Implementation In Applications

Trailrunner7 writes "The NSA surveillance scandal has created ripples all across the Internet, and the latest one is a new effort from the IETF to change the way that encryption is used in a variety of critical application protocols, including HTTP and SMTP. The new TLS application working group was formed to help developers and the people who deploy their applications incorporate the encryption protocol correctly. TLS is the successor to SSL and is used to encrypt information in a variety...

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5p7fpD5WwtY/story01.htm


Predictions for 2014

2014 is less than one month away, what better time to ask ourselves about the top security trends to watch for in the coming year. Malware Creation: OK, this won't sound too original but it is a safe bet to say that malware creation will hit a new record high in 2014. Actually, such was...

http://pandalabs.pandasecurity.com/predictions-for-2014/


Botnet Enlists Firefox Users to Hack Web Sites

An unusual botnet that has ensnared more than 12,500 systems disguises itself as a legitimate add-on for Mozilla Firefox and forces infected PCs to scour Web sites for vulnerabilities that can be used to install malware, an investigation by KrebsOnSecurity has discovered.

http://krebsonsecurity.com/2013/12/botnet-enlists-firefox-users-to-hack-web-sites/


Cybercriminals Using Targeted Attack Methodologies (Part 1)

One of our 2014 security predictions is that cyber criminals will more frequently leverage targeted attack methodologies. Some of these tactics include using spear phishing attacks, as well as well-known vulnerabilities that have been used successfully in targeted attacks. Let's see why cybercriminals are taking a closer look at these techniques, and how this can...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CY7n7WI2qUY/


Attacking Online Poker Players

This story is about how at least two professional online poker players had their hotel rooms broken into and their computers infected with malware. I agree with the conclusion: So, whats the moral of the story? If you have a laptop that is used to move large amounts of money, take good care of it. Lock the keyboard when you...

https://www.schneier.com/blog/archives/2013/12/attacking_onlin.html


P2P-Botnetz ZeroAccess kaum tot zu kriegen

Die gemeinsame Aktion von Microsoft, dem FBI und Europol, die zum Ziel hatte, das Klickbetrug-Botnetz ZeroAccess lahmzulegen schoss wohl größtenteils am Ziel vorbei. Das Botnetz scheint nach wie vor quicklebendig.

http://www.heise.de/security/meldung/P2P-Botnetz-ZeroAccess-kaum-tot-zu-kriegen-2066470.html


Bogus Antivirus Program Uses a Dozen Stolen Signing Certificates

A fake antivirus program in circulation uses at least a dozen stolen digital code-signing certificates, indicating cybercriminals are increasingly breaching the networks of software developers, Microsoft wrote on Sunday. The application, branded as "Antivirus Security Pro," was first detected in 2009 and has gone by a handful of other names over the years, according to a Microsoft advisory, which calls it by a single name, "Win32/Winwebsec."

http://www.cio.com/article/744689/Bogus_Antivirus_Program_Uses_a_Dozen_Stolen_Signing_Certificates?taxonomyId=3089


Old Apple Safaris leave IDs and passwords for scavengers to peck

... the problem derives from Safaris retention of browser history as applied in the "Reopen All Windows from Last Session" feature that enables users to quickly revisit the sites they opened during a previous Safari session. Sadly, however, Kaspersky has found that the document Safari creates to allow such restoration is in plaintext and contains user IDs and passwords. The file is hidden, but isnt hard to find once you know what you are looking for.

http://www.theregister.co.uk/2013/12/16/kaspersky_says_old_apple_safaris_expose_user_ids_and_passwords/


Newly launched 'HTTP-based botnet setup as a service' empowers novice cybercriminals with bulletproof hosting capabilities - part three

In a series of blog posts throughout 2013, we emphasized on the lowering of the entry barriers into the world of cybercrime, largely made possible by the rise of managed services, the re-emergence of the DIY (do-it-yourself) trend, and the development of niche market segments, like the practice of setting up and offering bulletproof hosting for a novice cybercriminal's botnet generating platform. The proliferation of these easy to use, once only found in the arsenal of tools of the

http://www.webroot.com/blog/blog/2013/12/16/newly-launched-http-based-botnet-setup-service-empowers-novice-cybercriminals-bulletproof-hosting-capabilities-part-three/


Siemens COMOS Privilege Escalation

Siemens notified NCCIC/ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. An update has been produced by Siemens and is available to resolve the vulnerability.The client application used for accessing the database system might allow authenticated Windows users to elevate their rights in regard to the database access over the COMOS graphical user interface

http://ics-cert.us-cert.gov/advisories/ICSA-13-347-01


Cisco WebEx Training Center open redirect

http://xforce.iss.net/xforce/xfdb/89686


WordPress Broken Link Checker Plugin Two Cross-Site Scripting Vulnerabilities

https://secunia.com/advisories/56053


IBM Rational Focal Point Webservice Axis Gateway information disclosure 1

http://xforce.iss.net/xforce/xfdb/87293


IBM Rational Focal Point Webservice Axis Gateway information disclosure 2

http://xforce.iss.net/xforce/xfdb/87294