End-of-Shift report
Timeframe: Donnerstag 11-04-2013 18:00 − Freitag 12-04-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
Data-Stealing Spyware Redpill Back, Targeting India
A form of spyware first seen in 2008 and known for siphoning away users bank account credentials, emails, screenshots and various other bits of information has surfaced again this time targeting computer users in India.read more
https://threatpost.com/en_us/blogs/data-stealing-spyware-redpill-back-targeting-india-041113
Bugtraq: MacOSX 10.8.3 ftpd Remote Resource Exhaustion
MacOSX 10.8.3 ftpd Remote Resource Exhaustion
http://www.securityfocus.com/archive/1/526343
Study Shows Google Better than Bing at Filtering Malicious Web Sites
A German security company spent 18 months analyzing malware among millions of Web sites ranked by the worlds most popular search engines and concluded Google was safer than Bing.read more
https://threatpost.com/en_us/blogs/study-shows-google-better-bing-filtering-malicious-web-sites-041113
Check Point bakes anti-malware tech into firewall bricks
Software blades whisper from scabbards. En garde Check Point is baking in cyber-espionage defences to its enterprise firewall and gateway security products with the incorporation of sandbox-style technology.
http://go.theregister.com/feed/www.theregister.co.uk/2013/04/12/check_point_threat_emulation/
Spider Video Player plugin for WordPress settings.php SQL injection
Spider Video Player plugin for WordPress is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the settings.php script using the theme parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
http://xforce.iss.net/xforce/xfdb/83374
American Airlines 'You can download your ticket' themed emails lead to malware
By Dancho Danchev Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they've received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign. More details: [...]
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/Upf44191rw4/
Microsoft zieht Sicherheitsspatch für Windows und Windows Server zurück
Ein am vergangenen Dienstag veröffentlichtes Windows-Update kann dazu führen, das der Rechner nicht mehr hochfährt. Dann hilft nur noch die Wiederherstellungskonsole. Wer das Update bereits installiert hat, soll es wieder entfernen.
http://www.heise.de/security/meldung/Microsoft-zieht-Sicherheitsspatch-fuer-Windows-und-Windows-Server-zurueck-1840771.html
Bitcoin Botnet Ranked as Top Threat for Q1 2013
Looking at the threats that targeted the Web in the first quarter of the year, Fortinet says that ZeroAccess, a botnet that mines the popular electronic currency Bitcoins, was the top problem. It wasn't alone however, as attacks on South Korea and Adware on Android made the list.
https://www.securityweek.com/bitcoin-botnet-ranked-top-threat-q1-2013
jPlayer "jQuery" Cross-Site Scripting Vulnerability
Input passed via the "jQuery" parameter to Jplayer.swf is not properly sanitised before being passed to the "ExternalInterface.call()" method. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
https://secunia.com/advisories/52978
Social Engineering Skype Support team to hack any account instantly
You can install the industry's strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room, but how do you protect a company from the threat of social engineering attacks?
http://thehackernews.com/2013/04/social-engineering-skype-support-team.html
Angriffswelle auf 1&1-Server
Cyber-Kriminelle haben anscheinend verstärkt versucht, 1&1-Server mit Schadsoftware zu infizieren. Dadurch sind einige Dienste unter Umständen nur eingeschränkt zu erreichen.
http://www.heise.de/security/meldung/Angriffswelle-auf-1-1-Server-1841085.html
Mehrere DoS-Lücken in Ciscos ASA
Im Betriebssystem für einige Netzwerkgeräte hat Cisco Lücken gefunden, die zu Denial-of-Service-Angriffen ausgenutzt werden könnten. Auch die Firewalls mancher Switches und Router sind betroffen.
http://www.heise.de/security/meldung/Mehrere-DoS-Luecken-in-Ciscos-ASA-1841115.html
Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities
Cisco AnyConnect VPN Client Multiple Privilege Escalation Vulnerabilities
https://secunia.com/advisories/53015