End-of-Shift report
Timeframe: Montag 12-08-2013 18:00 − Dienstag 13-08-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
Blaster - 3654 Days Later
Yesterday was Blasters 10th anniversary. Do you remember where you were on August 11, 2003? Numerous organizations, including several banks and airlines, suffered serious disruptions because of Blaster which caused affected computers to reboot continuously. Can you imagine the difficulties that would cause today?
http://www.f-secure.com/weblog/archives/00002587.html
Cybercrime-friendly underground traffic exchange helps facilitate fraudulent and malicious activity
By Dancho Danchev Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones - think traffic acquisition through illegally embedded iFrames - has been contributing to the growing market segment where traffic is bought, sold and re-sold, ...
http://blog.webroot.com/2013/08/13/cybercrime-friendly-underground-traffic-exchange-helps-facilitate-fraudulent-and-malicious-activity
Attackers Toolbox Makes Malware Detection More Difficult
Sometimes the simplest techniques can foil the complex systems created by security firms and large enterprises to detect malicious programs and files. Putting malware to sleep, waiting for a user to click, or looking for the hallmarks of a virtual machine can set off warning bells and cause a malicious program to cease running, making analysis difficult at best.
http://www.darkreading.com/monitoring/attackers-toolbox-makes-malware-detectio/240159800
Researchers demonstrate how IPv6 can easily be used to perform MitM attacks
Many devices simply waiting for router advertisements, good or evil. When early last year I was doing research for an article on IPv6 and security, I was surprised to learn how easy it was to set up an IPv6 tunnel into an IPv4-only environment.
http://www.virusbtn.com/blog/2013/08_12.xml
Joomla Patches Zero Day Targeting EMEA Banks
Content management system Joomla patched a zero-day vulnerability that allowed attackers to upload malicious code that led victims to the Blackhole exploit kit.
http://threatpost.com/joomla-patches-zero-day-targeting-emea-banks/101976
WordPress All-in-One Event Calendar Plugin Script Insertion and SQL Injection Vulnerabilities
https://secunia.com/advisories/54038
HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow
http://cxsecurity.com/issue/WLB-2013080109
IBM HTTP Server mod_rewrite Arbitrary Command Execution Vulnerability
https://secunia.com/advisories/54497
Juniper Network and Security Manager Apache Axis2 Security Issue and Vulnerability
https://secunia.com/advisories/54454
Dovecot POP3 "LIST" Command Handling Denial of Service Vulnerability
https://secunia.com/advisories/54438
Debian Security Advisory DSA-2737 swift
http://www.debian.org/security/2013/dsa-2737
IBM Advanced Management Module Cross-Site Scripting (XSS)
http://cxsecurity.com/issue/WLB-2013080103
Ajax PHP Penny Auction 1.x 2.x multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2013080104
Python SSL Module "subjectAltNames" NULL Byte Handling Security Issue
https://secunia.com/advisories/54393