End-of-Shift report
Timeframe: Donnerstag 25-07-2013 18:00 − Freitag 26-07-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
WordPress Duplicator 0.4.4 Cross Site Scripting
Topic: WordPress Duplicator 0.4.4 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23162 Product: Duplicator WordPress Plugin Vendor: LifeInTheGrid Vulnerable Version(s): 0.4.4 and probably ...
http://cxsecurity.com/issue/WLB-2013070201
Haunted by the Ghosts of ZeuS & DNSChanger
One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit
https://krebsonsecurity.com/2013/07/haunted-by-the-ghosts-of-zeus-dnschanger/
Versteckte Rechteverwaltung in Android 4.3
Android 4.3 bringt eine Funktion mit, um Apps nachträglich ihre Rechte zu entziehen. Freigeschaltet ist sie noch nicht, doch das geht mit einem kleinen Trick. Die Apps sind darauf allerdings nicht vorbereitet und reagieren unterschiedlich.
http://www.heise.de/security/meldung/Versteckte-Rechteverwaltung-in-Android-4-3-1923964.html
Blog: Malicious news - birth, death, spy scandal
Anna Volodina and Ram Herkanaidu
http://www.securelist.com/en/blog/8110/Malicious_news_birth_death_spy_scandal
Poker player who won $1.5 million charged with running Android malware ring
Contact-stealing Android malware allegedly used to fuel $3.9M spam operation.
http://arstechnica.com/information-technology/2013/07/poker-player-who-won-1-5-million-charged-with-running-android-malware-ring/
The Dangers of a Royal Baby: Scams Abound
Big news stories are always an opportunity for scammers and spammers, who attempt to redirect users to malicious exploit kits or other unwanted services. Britain's royal baby is the latest news to offer cover for malware. We have already found a lot of spam messages regarding the birth and baby that lead users to the Read more...
http://blogs.mcafee.com/mcafee-labs/the-dangers-of-a-royal-baby-scams-abound
Hintergrund: Zukunftssicher Verschlüsseln mit Perfect Forward Secrecy
Mit einem exotischen Feature bestimmter Verschlüsselungseinstellungen, könnten Server-Betreiber der NSA in die Suppe spucken. Leider macht das bisher nur ein einziger der großen Diensteanbieter.
http://www.heise.de/security/artikel/Zukunftssicher-Verschluesseln-mit-Perfect-Forward-Secrecy-1923800.html
Short-URL Services May Hide Threats
In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts. Read more...
http://blogs.mcafee.com/mcafee-labs/short-url-services-may-hide-threats
Microsoft: 88 Percent of Citadel Botnets Down
Nearly two months after the company was part of an operation to disrupt a large number of Citadel botnets, Microsoft said that 88 percent of the botnets spawned by that malware have been taken down. Citadel is a Trojan designed specifically to steal financial information from a variety of sources using a number of techniques.
http://threatpost.com/microsoft-88-percent-of-citadel-botnets-down/101503
Powershell Payload Web Delivery
Topic: Powershell Payload Web Delivery Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
http://cxsecurity.com/issue/WLB-2013070202
FileChucker filechucker.cgi file upload
FileChucker filechucker.cgi file upload
http://xforce.iss.net/xforce/xfdb/85965
[2013-07-26] Critical vulnerabilities in Symantec Web Gateway
The identified vulnerabilities enable state-sponsored or criminal hackers to take full control of the Symantec Web Gateway Appliance. The surveillance of all internet web activities, which are supposed to be protected by the Symantec solution, can be performed by the attacker easily.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt
Bugtraq: Xymon Systems and Network Monitor - remote file deletion vulnerability
Xymon Systems and Network Monitor - remote file deletion vulnerability
http://www.securityfocus.com/archive/1/527534
BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities
BMC Service Desk Express Cross-Site Scripting and SQL Injection Vulnerabilities
https://secunia.com/advisories/54145
Aktueller Phishing-Angriff auf Apple-Nutzer
Einige Online-Ganoven scheinen den aktuellen Ausfall von Apples Entwicklerbereich zu nutzen, um an Apple-IDs zu gelangen.
http://www.heise.de/security/meldung/Aktueller-Phishing-Angriff-auf-Apple-Nutzer-1924324.html
Malware Evasion Techniques Dissected at Black Hat
Researchers use file-level sandboxes to analyze the behavior of malware samples as well as techniques malicious code uses to detect and evade analysis.
http://threatpost.com/malware-evasion-techniques-dissected-at-black-hat/101504
So funktioniert der SIM-Karten-Hack
Vor rund einer Woche deckte der deutsche Kryptographieexperte Karsten Nohl auf, dass sich Millionen SIM-Kartendaten durch das Hacken der DES-Schlüssel ausnutzen lassen. Wie das genau geht, zeigt unser Video.
http://www.heise.de/security/meldung/So-funktioniert-der-SIM-Karten-Hack-1924346.html