End-of-Shift report
Timeframe: Montag 29-07-2013 18:00 − Dienstag 30-07-2013 18:00
Handler: Matthias Fraidl
Co-Handler: Otmar Lendl
Microsoft Expands MAPP Program to Incident Response Teams
Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific attacks and general threats.
http://threatpost.com/microsoft-expands-mapp-program-to-incident-response-teams/101524
Texas students hijack superyacht with GPS-spoofing luggage
Dont panic, yet Students from the University of Texas successfully piloted an $80m superyacht sailing 30 miles offshore in the Mediterranean Sea by overriding the ships GPS signals without any alarms being raised...
http://www.theregister.co.uk/2013/07/29/texas_students_hijack_superyacht_with_gpsspoofing_luggage/
How much does it cost to buy one thousand Russian/Eastern European based malware-infected hosts?
By Dancho Danchev For years, many of the primary and market-share leading 'malware-infected hosts as a service' providers have become used to selling exclusive access to hosts from virtually the entire World, excluding the sale and actual infection of Russian and Eastern European based hosts.
http://blog.webroot.com/2013/07/29/how-much-does-it-cost-to-buy-one-thousand-russianeastern-european-based-malware-infected-hosts
BGP multiple banking addresses hijacked, (Mon, Jul 29th)
BGP multiple banking addresses hijacked On 24 July 2013 a significant number of Internet Protocol (IP) addresses that belong to banks suddenly were routed to somewhere else. An IP address is how packets are routed to their destination across the Internet. Why is this important you ask? Well, imagine the Internet suddenly decided that you were living in the middle of Asia and all traffic that should go to you ends up traveling through a number of other countries to get to you, but you arent
http://isc.sans.edu/diary.html?storyid=16249&rss
Mail from the (Velvet) Cybercrime Underground
Over the past six months, "fans" of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts.
https://krebsonsecurity.com/2013/07/mail-from-the-velvet-cybercrime-underground
Custom USB sticks bypassing Windows 7/8's AutoRun protection measure going mainstream
By Dancho Danchev When Microsoft disabled AutoRun on XP and Vista back in February, 2011, everyone thought this was game over for the bad guys who were abusing the removable media distribution/infection vector in particular.
http://blog.webroot.com/2013/07/30/custom-usb-sticks-bypassing-windows-78s-autorun-protection-measure-going-mainstream
NASA: In die Cloud geschubst
Von den Bundesbehörden in die Cloud gedrängt und ohne richtige Cloud-Strategie, schob die NASA Daten in die Wolke - nicht abgesichert und teils ohne Wissen des zuständigen Büros. Bei den Bundesbehörden setzt man aber weiterhin auf die Cloud.
http://www.heise.de/security/meldung/NASA-In-die-Cloud-geschubst-1926189.html
CrowdSource Tool Aims to Improve Automated Malware Analysis
When a new piece of malware surfaces, it's typically analyzed eight ways from Sunday by a long list of antimalware and other security companies, government agencies, CERTs and other organizations who try to break it down and classify its capabilities.
http://threatpost.com/crowdsource-tool-aims-to-improve-automated-malware-analysis/101526
Vuln: phpMyAdmin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/61493
Debian Security Advisory DSA-2730 gnupg
http://www.debian.org/security/2013/dsa-2730
Bugtraq: MojoPortal XSS
http://www.securityfocus.com/archive/1/527629
OpenOffice.org OOXML code execution
http://xforce.iss.net/xforce/xfdb/86002
FreeBSD NFS security bypass
http://xforce.iss.net/xforce/xfdb/86003
FluxBB 1.5.3 Multiple Remote Vulnerabilities
http://cxsecurity.com/issue/WLB-2013070223