End-of-Shift report
Timeframe: Donnerstag 28-02-2013 18:00 − Freitag 01-03-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Fake Flash Player download pages pushing malware
"As you may already heard, Adobe has pushed out an update for Flash Player that fixes vulnerabilities discovered to be currently exploited in the wild in targeted attacks. If you havent set up automatic updating for Flash, you will have to find and download the update yourself, and the best place from which to pick it up is Adobes official Flash page. Im reiterating this because there are web pages out there that spoof Adobes legitimate one, and they are pretty well crafted (click on the...
http://www.net-security.org/malware_news.php?id=2429
Browser makers open local storage hole in HTML5
Bad implementation of disk space limits A slip-up in the implementation of HTML5 on Chrome, Opera and Internet Explorer can be exploited to fill users’ hard drives, according to a 22-year-old Web developer from Stanford...
http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/html_5_implementation_bug_drive_filler/
Bank of America Spy Team leaked emails by Anonymous
"Many Bank of America spy emails available to the public. Lot of fun stuff including stuff on Sopa, Money trails, Wikileakes, Sony, Stratfor, etc... these emails have been orgnised for the public by Par:AnoIA (Potentially Alarming Research: Anonymous Intelligence Agency)..."
http://www.cyberwarzone.com/bank-america-spy-team-leaked-emails-anonymous
PHP-Fusion 7.02.05 XSS & LFI & SQL Injection
Topic: PHP-Fusion 7.02.05 XSS & LFI & SQL Injection Risk: High Text:[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05 = Author: Janek Vind "warax...
http://feedproxy.google.com/~r/securityalert_database/~3/JWjlGvtaj28/WLB-2013030001
Spearphishing in your office
"Spear Phishing is on the rise, and many of you dont even realize its happening to you. It used to be youd get a random email from a bank you dont do business with, claiming an account security issue. Its pretty easy to figure out, But what if you get an email from your companys HR department with a policy change notification, or vacation policy update...."
http://ktar.com/153/1613505/Spearphishing-in-your-office
Sinkholes reveal more Chinese-hacked biz - and piggybacking crims
Its not just state-backed spies using snoop-ware armies Researchers have identified yet more high-profile organisations attacked by spying Chinese hackers after seizing hold of the miscreants command-and-control servers...
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/01/sinkhole_research_uncovers_cyberspy_victims/
Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered
"Researchers at Symantec have identified an earlier version of the Stuxnet malware that shows that the cyberattacks on Irans Natanz nuclear plant date back as early as 2005 and targeted another piece of uranium-enrichment equipment. Symantec found what it calls Stuxnet version 0. 5 of the sophisticated cyberweapon among the samples it had collected from the version of the malware that was first discovered in the wild back in July 2010 and was created in 2009...."
http://www.darkreading.com/advanced-threats/167901091/security/news/240149525/stuxnet-the-prequel-earlier-version-of-cyberweapon-discovered.html
How Much Does A Botnet Cost?
"The cost of a botnet is contingent largely upon the physical location of the malware-infected computers inside of it. Therefore, a botnet containing only American or European machines is worth more than one with machines from less prosperous nations. Security researcher Dancho Danchev recently profiled an underground botnet service and found that the market for botnets fueled by American machines is more lucrative than botnets consisting of an international hodgepodge of IP...
http://threatpost.com/en_us/blogs/how-much-does-botnet-cost-022813
Malwares Future Looks A Lot Like Its Present
"What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday...."
http://securityledger.com/what-will-malware-look-like-in-a-few-years/
sudo authentication bypass when clock is reset
Topic: sudo authentication bypass when clock is reset Risk: High Text:Sudo 1.8.6p7 and 1.7.10p7 are now available which include a fix for the following bug: Sudo authentication bypass when clock...
http://feedproxy.google.com/~r/securityalert_database/~3/Cg957nnlc_A/WLB-2013030010
Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities
Topic: Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities Risk: Medium Text:Product: Piwigo Vendor: Piwigo project Vulnerable Version(s): 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notific...
http://feedproxy.google.com/~r/securityalert_database/~3/4-cD4XbHTA0/WLB-2013030008
[papers] - Post XSS Exploitation: Advanced Attacks and Remedies
http://www.exploit-db.com/download_pdf/24559
And the Java 0-days just keep on coming, (Fri, Mar 1st)
The bad guys certainly seem to be picking on Oracle in the last month or two. The folks over at Fireeye have posted some info about another 0-day affecting Java that is being exploited in the wild. This one hits even the latest versions of Java 6u41 and 7u15. From the writeup the it seems the exploit is currently not always successful, but when it is drops a remote access trojan on the systme and connects back to an HTTP command and control server. I havent had a chance to actually look at the...
http://isc.sans.edu/diary.html?storyid=15310&rss