End-of-Shift report
Timeframe: Freitag 10-05-2013 18:00 − Montag 13-05-2013 18:00
Handler: Matthias Fraidl
Co-Handler: L. Aaron Kaplan
Android.TechnoReaper Downloader Found on Google Play
By Nathan Collier We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below: Once you install the app, it looks like a nice app used
http://blog.webroot.com/2013/05/10/android-technoreaper-downloader-found-on-google-play/
Google Has Aggressive Plans for Strong Authentication
Google has a long-term plan for strong authentication that ties log-ins to the operating system and hardware, and puts up barriers against man in the middle attacks and weak passwords.
http://threatpost.com/google-has-aggressive-plans-for-strong-authentication/
Samsung Officeserv Read the users/passwords
Topic: Samsung Officeserv Read the users/passwords Risk: Medium
Text:# Title:samsung officeserv Read the users/passwords
# Author: MaDo Mokhtar
# Contact: codezeroooo[at]yahoo[dot]com # Vendo...
http://cxsecurity.com/wlb/WLB-2013050087
RSA Authentication Agent cross-site scripting
RSA Authentication Agent cross-site scripting
http://xforce.iss.net/xforce/xfdb/84155
Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin
By Dancho Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies. What's the situation on the international underground
http://blog.webroot.com/2013/05/10/cybercriminals-offer-http-based-keylogger-for-sale-accept-bitcoin/
WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability
Topic: WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Risk: Low Text:Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Vendor: Securimage PHP CAPTCHA Product web page: https:...
http://cxsecurity.com/wlb/WLB-2013050098
WordPress Search and Share plugin vulnerabilities
Topic: WordPress Search and Share plugin vulnerabilities Risk: Low Text:I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Ful...
http://cxsecurity.com/wlb/WLB-2013050103
DDoS Services Advertise Openly, Take PayPal
The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of todays so-called "booter" or "stresser" services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.Related Posts:Privacy 101: Skype Leaks Your
https://krebsonsecurity.com/2013/05/ddos-services-advertise-openly-take-paypal/
Dangerous Trojan substitutes web pages
May 7, 2013 Specialists from the Russian anti-virus company Doctor Web have studied one of the most widespread threats in April 2013, the Trojan Trojan.Mods.1, formerly known as Trojan.Redirect.140. According to statistics compiled by the curing utility Dr.Web CureIt!, the number of infections with this Trojan represent 3.07% of the total number of detected threats. A summary of the study can be found below. The Trojan has two components: the dropper and the dynamic link library which stores
http://news.drweb.com/show/?i=3511&lng=en&c=9
Newly launched E-shop for hacked PCs charges based on malware 'executions'
By Dancho Danchev On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place. A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs.
http://blog.webroot.com/2013/05/13/newly-launched-e-shop-for-hacked-pcs-charges-based-on-malware-executions/
Blog: Telecom fraud - phishing and Trojans combined
In China telecom fraud has become an increasingly common crime.
http://www.securelist.com/en/blog/877/Telecom_fraud_phishing_and_Trojans_combined
Trojaner kapert Facebook-Accounts
Eine bösartige Browsererweiterung befüllt Googles Chrome und Mozillas Firefox. Sie hat es auf Facebook-Konten abgesehen.
http://www.heise.de/security/meldung/Trojaner-kapert-Facebook-Accounts-1861008.html
Researchers uncovered new malware used by Chinese cyber criminals
Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese cyber criminal group to target South East Asian organizations from the video gaming sector.
http://thehackernews.com/2013/05/researchers-uncovered-new-malware-used.html
AWS EC2 Security Vulnerability and Pinterest Hacked
Well, almost hacked. This is rather embarassing (for Pinterest, and maybe AWS?), in that I was able to access what seemed to be their admin page. Furthermore, I discovered through this interface that it seems they do not store passwords encrypted or salted.
http://www.jontsai.com/2013/05/11/aws-ec2-security-vulnerability-and-pinterest-hacked/
Introducing Conpot
We proudly announce the first release of our Industrial Control System honeypot named Conpot. Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications.
http://www.honeynet.org/node/1047
Attackers Target Older Java Bugs
It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same [...]
http://threatpost.com/attackers-target-older-java-bugs/