Tageszusammenfassung - Montag 13-05-2013

End-of-Shift report

Timeframe: Freitag 10-05-2013 18:00 − Montag 13-05-2013 18:00 Handler: Matthias Fraidl Co-Handler: L. Aaron Kaplan

Android.TechnoReaper Downloader Found on Google Play

By Nathan Collier We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below: Once you install the app, it looks like a nice app used

http://blog.webroot.com/2013/05/10/android-technoreaper-downloader-found-on-google-play/


Google Has Aggressive Plans for Strong Authentication

Google has a long-term plan for strong authentication that ties log-ins to the operating system and hardware, and puts up barriers against man in the middle attacks and weak passwords.

http://threatpost.com/google-has-aggressive-plans-for-strong-authentication/


Samsung Officeserv Read the users/passwords

Topic: Samsung Officeserv Read the users/passwords Risk: Medium Text:# Title:samsung officeserv Read the users/passwords # Author: MaDo Mokhtar # Contact: codezeroooo[at]yahoo[dot]com # Vendo...

http://cxsecurity.com/wlb/WLB-2013050087


RSA Authentication Agent cross-site scripting

RSA Authentication Agent cross-site scripting

http://xforce.iss.net/xforce/xfdb/84155


Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin

By Dancho Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies. What's the situation on the international underground

http://blog.webroot.com/2013/05/10/cybercriminals-offer-http-based-keylogger-for-sale-accept-bitcoin/


WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability

Topic: WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Risk: Low Text:Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Vendor: Securimage PHP CAPTCHA Product web page: https:...

http://cxsecurity.com/wlb/WLB-2013050098


WordPress Search and Share plugin vulnerabilities

Topic: WordPress Search and Share plugin vulnerabilities Risk: Low Text:I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Ful...

http://cxsecurity.com/wlb/WLB-2013050103


DDoS Services Advertise Openly, Take PayPal

The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of todays so-called "booter" or "stresser" services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.Related Posts:Privacy 101: Skype Leaks Your

https://krebsonsecurity.com/2013/05/ddos-services-advertise-openly-take-paypal/


Dangerous Trojan substitutes web pages

May 7, 2013 Specialists from the Russian anti-virus company Doctor Web have studied one of the most widespread threats in April 2013, the Trojan Trojan.Mods.1, formerly known as Trojan.Redirect.140. According to statistics compiled by the curing utility Dr.Web CureIt!, the number of infections with this Trojan represent 3.07% of the total number of detected threats. A summary of the study can be found below. The Trojan has two components: the dropper and the dynamic link library which stores

http://news.drweb.com/show/?i=3511&lng=en&c=9


Newly launched E-shop for hacked PCs charges based on malware 'executions'

By Dancho Danchev On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place. A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs.

http://blog.webroot.com/2013/05/13/newly-launched-e-shop-for-hacked-pcs-charges-based-on-malware-executions/


Blog: Telecom fraud - phishing and Trojans combined

In China telecom fraud has become an increasingly common crime.

http://www.securelist.com/en/blog/877/Telecom_fraud_phishing_and_Trojans_combined


Trojaner kapert Facebook-Accounts

Eine bösartige Browsererweiterung befüllt Googles Chrome und Mozillas Firefox. Sie hat es auf Facebook-Konten abgesehen.

http://www.heise.de/security/meldung/Trojaner-kapert-Facebook-Accounts-1861008.html


Researchers uncovered new malware used by Chinese cyber criminals

Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese cyber criminal group to target South East Asian organizations from the video gaming sector.

http://thehackernews.com/2013/05/researchers-uncovered-new-malware-used.html


AWS EC2 Security Vulnerability and Pinterest Hacked

Well, almost hacked. This is rather embarassing (for Pinterest, and maybe AWS?), in that I was able to access what seemed to be their admin page. Furthermore, I discovered through this interface that it seems they do not store passwords encrypted or salted.

http://www.jontsai.com/2013/05/11/aws-ec2-security-vulnerability-and-pinterest-hacked/


Introducing Conpot

We proudly announce the first release of our Industrial Control System honeypot named Conpot. Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications.

http://www.honeynet.org/node/1047


Attackers Target Older Java Bugs

It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same [...]

http://threatpost.com/attackers-target-older-java-bugs/