End-of-Shift report
Timeframe: Dienstag 17-12-2013 18:00 − Mittwoch 18-12-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Cybercriminals offer fellow cybercriminals training in Operational Security (OPSEC)
In need of a fresh example that malicious and fraudulent adversaries continue professionalizing, and standardizing demanded cybercrime-friendly products and services, all for the sake of monetizing their experience and expertise in the profitable world of cybercrime? Publicly launched around the middle of 2013, a product/training course targeting novice cybercriminals is offering them a manual, recommendations for open source/free software, as well as access to a private forum set up for...
http://www.webroot.com/blog/2013/12/17/cybercriminals-offer-fellow-cybercriminals-training-in-operational-security-opsec/
Apple stopft Lücken in WebKit und Safari
Mit den Safari-Versionen 6.1.1 und 7.0.1 behebt Apple einige Speicherverwaltungsfehler in WebKit, die zur Ausführung von Schadcode über das Internet missbraucht werden können.
http://www.heise.de/security/meldung/Apple-stopft-Luecken-in-WebKit-und-Safari-2068518.html
DGA Changer Malware Able to Modify Domain-Generation Seed on the Fly
Malware authors have been using domain-generation algorithms for a few years now, often in botnet-related malware that needs to stay one step ahead of takedown attempts and law enforcement agencies. Now, researchers have discovered that a strain of malware that may have been part of the attack in October on PHP.net is employing a DGA...
http://threatpost.com/dga-changer-malware-able-to-modify-domain-generation-seed-on-the-fly/103225
The Biggest Skimmers of All: Fake ATMs
This blog has spotlighted some incredibly elaborate and minaturized ATM skimmers, fraud devices that thieves attach to ATMs in a bid to steal card data and PINs. But a skimmer discovered in Brazil last month takes this sort of fraud to another level, using a completely fake ATM designed to be stacked directly on top...
http://krebsonsecurity.com/2013/12/the-biggest-skimmers-of-all-fake-atms/
A quick look at a (new?) cross-platform DDoS botnet
At the beginning of December we started to observe a new botnet spreading on both Linux and Windows machines. In case of the Linux operating systems, the bot was installed through an SSH dictionary attack. The attacker logged in to compromised server and simply downloaded and executed a bot file. The malware...
https://www.cert.pl/news/7849/langswitch_lang/en
[SECURITY] [DSA 2821-1] gnupg security update
http://lists.debian.org/debian-security-announce/2013/msg00235.html
Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability
An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller (TNC) could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6701
Security Bulletin: Multiple vulnerabilities in IBM SPSS Collaboration and Deployment Services
Multiple vulnerabilities exist in IBM SPSS Collaboration and Deployment Services. See the individual descriptions for details.
http://www-01.ibm.com/support/docview.wss?uid=swg21660191
IBM Scale Out Network Attached Storage (SONAS) Multiple Vulnerabilities
Multiple vulnerabilities have been reported in IBM Scale Out Network Attached Storage, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
https://secunia.com/advisories/56095
Security Bulletin: GSKit SSL negotiation vulnerability in Tivoli Access Manager for e-business (CVE-2013-6329)
A vulnerability has been identified in the GSKit component utilized by Tivoli Access Manager for e-business (TAM). A specially crafted SSL message can cause the TAM server component using GSKit to crash CVE(s): CVE-2013-6329 Affected product(s) and affected version(s): All supported Tivoli Access Manager for e-business versions are affected.
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_gskit_ssl_negotiation_vulnerability_in_tivoli_access_manager_for_e_business_cve_2013_6329?lang=en_us
RealOne RMP File Heap Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029511
Vuln: Juvia Ruby on Rails secret_token.rb Default Secret Key Security Bypass Vulnerability
http://www.securityfocus.com/bid/64368
Vuln: ownCloud Admin Page Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/63926
Zimbra Collaboration Server Unspecified Vulnerability
https://secunia.com/advisories/56138
Python Hash Collision Denial of Service Vulnerability
https://secunia.com/advisories/55955