End-of-Shift report
Timeframe: Dienstag 30-07-2013 18:00 − Mittwoch 31-07-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
New Software Obfuscation Throws Wrench into Reverse Engineering
Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days.
http://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-engineering/101531
Malware Hijacks Social Media Accounts Via Browser Add-ons
We spotted yet another threat lurking around social media sites targeting users of either Google Chrome or Mozilla Firefox. This threat uses fake extensions for both browsers to infiltrate user systems and hijack social media accounts specifically, Facebook, Google+, and Twitter accounts.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-hijacks-social-media-accounts-via-browser-add-ons/
Pwned again: an exclusive look at Pwnie Express newest hack-in-a-box
The Pwn Plug R2 is a miniature NSA, ready to exploit networks for their own good.
http://arstechnica.com/security/2013/07/pwned-again-an-exclusive-look-at-pwnie-express-newest-hack-in-a-box/
DIY commercially-available 'automatic Web site hacking as a service' spotted in the wild
By Dancho Danchev A newly launched underground market service, aims to automate the unethical penetration testing process, by empowering virtually all of its (paying) customers with what they claim is 'private exploitation techniques' capable of compromising any Web site.
http://blog.webroot.com/2013/07/31/diy-commercially-available-automatic-web-site-hacking-as-a-service-spotted-in-the-wild/
TYPO3-CORE-SA-2013-002: Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution
Component Type: TYPO3 Core
Overall Severity: Critical
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/
New Software Obfuscation Throws Wrench into Reverse Engineering
Researchers say their new software obfuscation scheme is the first time this technique has been successfully accomplished where the underlying piece of software, such as a patch, could not be reverse engineered in a matter of days.
https://threatpost.com/new-software-obfuscation-throws-wrench-into-reverse-engineering/101531
Mozilla Minion: Plattform für Sicherheitstests
Die Plattform zum Automatisieren von Sicherheitstests hat laut ihrer Entwickler mit Version 0.3 nun einen Stand erreicht, in dem sie sich erstmals im großen Stil einsetzen ließe.
http://www.heise.de/security/meldung/Mozilla-Minion-Plattform-fuer-Sicherheitstests-1927091.html
MalwareZ: visualizing malware activity on earth map
MalwareZ is a visualization project that is started as a YakindanEgitim (YE) project. YE is a startup that me and some collegues mentor young people on specific projects, remotely. It is announced as a local fork of Google Summer of Code, except neither mentors nor mentees are paid.
https://www.honeynet.org/node/1075
Licht an, Whirlpool aus: Smart-Home-Hacking
Bei der BlackHat-Konferenz widmen sich mehrere Vortragende dem Thema (un)sichere Heimautomation. Eine Journalistin von Forbes versuchte sich ebenfalls im Home-Hacking - und hatte bei acht "Smart-Homes" Erfolg.
http://www.heise.de/security/meldung/Licht-an-Whirlpool-aus-Smart-Home-Hacking-1927124.html
Andromeda Botnet Gets an Update
The Andromeda botnet is still active in the wild and not yet dead. In fact, it's about to undergo a major update real soon. This botnet was first reported back in 2011 but has recently risen to prominence due to the latest modifications in the threat.
http://blog.trendmicro.com/trendlabs-security-intelligence/andromeda-botnet-gets-an-update/
Siemens SIMATIC WinCC TIA Portal Two Vulnerabilities
https://secunia.com/advisories/54051
Vuln: YUI CVE-2013-4939 Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/61177
Vuln: phpMyAdmin CVE-2013-4998 Multiple Unspecified Full Path Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/61513
More heavily URL encoded PHP Exploits against Plesk "phppath" vulnerability, (Tue, Jul 30th)
http://isc.sans.edu/diary.html?storyid=16255&rss
IE9/10 information disclosure vulnerability
http://cxsecurity.com/issue/WLB-2013070232