End-of-Shift report
Timeframe: Mittwoch 10-07-2013 18:00 − Donnerstag 11-07-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Christian Wojner
Strange ransomware title pushes surveys, knows Close Encounters tune
If your PC's CD tray opens and you hear the iconic, five-note tune from the movie Close Encounters of the Third Kind, it's probably not a visit from aliens. Chances are it's a newly discovered piece of malware with some highly unusual characteristics.
http://arstechnica.com/security/2013/07/strange-ransomware-title-pushes-surveys-knows-close-encounters-tune/
Google Fixes 17 Flaws in Chrome 28
Google has fixed more than 15 vulnerabilities in Chrome and paid out nearly $35,000 in rewards to security researchers for reporting the bugs. One researcher earned an unusually large reward of $21,500 for a series of vulnerabilities he reported in Chrome.
http://threatpost.com/google-fixes-17-flaws-in-chrome-28/101240
How elite security ninjas choose and safeguard their passwords
If you felt a twinge of angst after reading Ars' May feature that showed how password crackers ransack even long passwords such as "qeadzcwrsfxv1331", you weren't alone. The upshot was clear: If long passwords containing numbers, symbols, and upper- and lower-case letters are this easy to break, what are users to do?
http://arstechnica.com/security/2013/07/how-elite-security-ninjas-choose-and-safeguard-their-passwords/
Is it Time to Add Vulnerability Wednesday?
By now, you've likely seen Google's announcement that they now support a seven-day timeline for disclosure of critical vulnerabilities. Our CTO Raimund Genes believes that seven days is pretty aggressive and that rushing patches often leads to painful collateral damage.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Kakh3BWekwY/
Drupal TinyBox 7.x Cross Site Scripting
Topic: Drupal TinyBox 7.x Cross Site Scripting
Risk: Low
Text: View online:
https://drupal.org/node/2038807
http://cxsecurity.com/issue/WLB-2013070081
nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept
Topic: nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept
Risk: Medium
Text: nginx 1.3.9/1.4.0 x86 brute force remote exploit
http://cxsecurity.com/issue/WLB-2013070087
Adobe Reader 11.0.03 Insecure Third Party Components
Topic: Adobe Reader 11.0.03 Insecure Third Party Components
Risk: High
Text: Hi @ll, the current Adobe Reader 11.0.03 installs the following VULNERABLE (3rd party)
http://cxsecurity.com/issue/WLB-2013070086
Avira-Update blockiert Browser und E-Mail-Clients
Ein Avira-Update der Avira Internet Security verursacht Probleme. Der Internet-Zugang wird blockiert; das Versions-Upgrade scheint mit den Problemen aber nichts zu tun zu haben.
http://www.heise.de/security/meldung/Avira-Update-blockiert-Browser-und-E-Mail-Clients-1915609.html
Debian Security Advisory DSA-2719 poppler
several vulnerabilities
http://www.debian.org/security/2013/dsa-2719
D-Link muss auch Netzwerkkameras absichern
Auch D-Links IP-Cams sind über UPnP angreifbar. Ein ganzer Schwung Firmware-Updates soll nun dafür sorgen, dass sich das ändert.
http://www.heise.de/security/meldung/D-Link-muss-auch-Netzwerkkameras-absichern-1915917.html
Attackers Targeting MS13-055 IE Vulnerability
Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that's being used is capable of bypassing both ASLR and DEP.
http://threatpost.com/attackers-targeting-ms13-055-ie-vulnerability/101253
New commercially available mass FTP-based proxy-supporting doorway/malicious script uploading application spotted in the wild
For many years now, cybercriminals have been efficiency abusing both legitimate compromised and automatically registered FTP accounts (using CAPTCHA outsourcing) in an attempt to monetize the process by uploading cybercrime-friendly 'doorways' or plain simple malicious scripts to be used later on in their campaigns.
http://blog.webroot.com/2013/07/11/new-commercially-available-mass-ftp-based-proxy-supporting-doorwaymalicious-script-uploading-application-spotted-in-the-wild/
Bugtraq: Facebook Url Redirection Vuln.
By obtaining user-specific hash value, an attacker redirect the user
to a malicious website without asking for verification. The hash value
can be found from the link that the user send to his/her wall. After
clicking on user's link, by setting BurpSuite Proxy, the attacker
intercept the parameters in the methods.
http://www.securityfocus.com/archive/1/527194