End-of-Shift report
Timeframe: Montag 24-06-2013 18:00 − Dienstag 25-06-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
Latest Pushdo Variants Challenge Antimalware Solution
Command-and-control (C&C) server communication is essential for botnet creators to control zombie computers (or bots). To hide this from security researchers, they often use rootkits and other tricks. However, hiding the network traffic specifically from monitoring outside an infected computer is not an easy task, but is something that the botnet creators have improved through the years.
http://blog.trendmicro.com/trendlabs-security-intelligence/latest-pushdo-variants-challenge-antimalware-solution/
Backdoor in Backup-Servern von HP
Einem Hacker zufolge besitzt die Software auf den Backup-Systemen der Serie "StoreOnce" von HP eine Hintertür. Zur Ausnutzung der Lücke soll ein SSH-Zugang ausreichen.
http://www.heise.de/security/meldung/Backdoor-in-Backup-Servern-von-HP-1895797.html
Raspberry Pi bot tracks hacker posts to vacuum up passwords and more
Dumpmon scours Twitter for sensitive data hiding in plain site.
http://arstechnica.com/security/2013/06/raspberry-pi-bot-tracks-hacker-posts-to-vacuum-up-passwords-and-more/
Trend Micro turns RAT catcher as Taiwan cops cuff hacker
Ghost RAT attacks hit thousands on the island... Security vendor Trend Micro has embiggened its industry collaboration credentials this week after helping Taiwanese police arrest one man in connection with a widespread targeted attack, and teaming up with Interpol on a new cyber crime prevention centre.
http://go.theregister.com/feed/www.theregister.co.uk/2013/06/25/trend_micro_catches_a_ghost_rat/
SIP-based API-supporting fake caller ID/SMS number supporting DIY Russian service spotted in the wild
By Dancho Danchev One of the most common myths regarding the emerging TDoS (Telephony Denial of Service) market segment, portrays a RBN (Russian Business Network) type of bulletproof infrastructure used to launch these attacks. The infrastructure's speculated resilience is supposed to be acting as a foundation for the increase of TDoS services and products.
http://blog.webroot.com/2013/06/25/sip-based-api-supporting-fake-caller-idsms-number-supporting-diy-russian-service-spotted-in-the-wild
Scam Sites Now Selling Instagram Followers
Another scam site is offering to increase a user's Instagram followers. Unlike previous attacks, however, these sites require payment with the amount depending on the number of followers you prefer. Figure 1. Pricelist for Instagram followers Despite the sitess liberal use of the Instagram logo, it has nothing to do with the service.
http://blog.trendmicro.com/trendlabs-security-intelligence/scam-sites-now-selling-instagram-followers/
Download me - Saying "yes" to the Web's most dangerous search terms
Seeking "free games" and getting burned by illicit downloads is so 2008, right?
http://arstechnica.com/information-technology/2013/06/download-me-saying-yes-to-the-webs-most-dangerous-search-terms/
LG-Smartphones: Root-Zugriff durch Backup-Programm
Android-Smartphones der Firma LG können durch Sicherheitslücken in ihrer vorinstallierten Backup-Software manipuliert werden.
http://www.heise.de/security/meldung/LG-Smartphones-Root-Zugriff-durch-Backup-Programm-1896090.html
Carberp Source Code Leaked
The source code for the Carberp Trojan, which typically sells for $40,000 on the underground, has been leaked and is now available to anyone who wants it. The leak has echoes of the release of the Zeus crimeware source code a couple of years ago and has security researchers concerned that it may lead to [...]
http://threatpost.com/carberp-source-code-leaked/
Drupal Login Security Module Security Bypass and Denial of Service Vulnerability
A security issue and a vulnerability have been reported in the Login Security module for Drupal, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
https://secunia.com/advisories/53717
cURL/libcURL curl_easy_unescape() function buffer overflow
cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the curl_easy_unescape() function in lib/escape.c. While decoding URL encoded strings to raw binary data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
http://xforce.iss.net/xforce/xfdb/85180
MoinMoin twikidraw Action Traversal File Upload
This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files.
http://www.exploit-db.com/exploits/26422
[2013-06-25] Multiple vulnerabilities in IceWarp Mail Server
IceWarp Mail Server is vulnerable to reflected Cross-Site Scripting and XXE Injection attacks. By exploiting the XXE vulnerability, an unauthenticated attacker can get read access to the filesystem of the IceWarp Mail Server host and thus obtain sensitive information such as the configuration files.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130625-0_IceWarp_Mail_Server_Multiple_Vulnerabilities_v10.txt
Stream Video Player plugin for WordPress cross site request forgery
Stream Video Player plugin for WordPress is vulnerable to an unspecified cross-site request forgery. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to modify plugin settings and perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
http://xforce.iss.net/xforce/xfdb/85155