End-of-Shift report
Timeframe: Freitag 03-01-2014 18:00 − Dienstag 07-01-2014 18:00
Handler: Alexander Riepl
Co-Handler: Matthias Fraidl
Router auf Backdoor testen
Die Netzwerkausrüster hüllen sich nach wie vor über den Zweck des kürzlich entdeckten, undokumentierten Router-Dienstes in Schweigen. So finden Sie heraus, ob Ihr Router ebenfalls auf Befehle wartet.
http://www.heise.de/security/meldung/Router-auf-Backdoor-testen-2074844.html
Backdoor in Routern: Hersteller rätseln und analysieren
Noch immer können die Router-Hersteller keine plausible Erklärung dafür liefern, dass auf auf ihren Geräten ein undokumentierter Konfigurationsdienst läuft. Sie sind nach eigenen Angaben selbst noch mit der Analyse beschäftigt.
http://www.heise.de/newsticker/meldung/Backdoor-in-Routern-Hersteller-raetseln-und-analysieren-2077308.html
Distributionen patchen Drupal -- außer Ubuntu
Debian und Fedora liefern Sicherheitsupdates für kürzlich gemeldete Sicherheitsprobleme in Drupal. Wer Ubuntu nutzt, muss sich jedoch selber kümmern.
http://www.heise.de/security/meldung/Distributionen-patchen-Drupal-ausser-Ubuntu-2075618.html
Recent Windows Zero-Day Targeted Embassies, Used Syria-related Email
In late November, Microsoft revealed that a zero-day vulnerability was in use in targeted attacks against Windows XP and Server 2003 systems. From samples of the exploit examined, it has a backdoor payload that possesses sophisticated anti-analysis techniques. Further research of this earlier attack - discussed in the blog posts above - has revealed that the exploit was deployed via...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/xqgSESnrQns/
A Year of Spam: The Notable Trends of 2013
2013 was a year of change inthe spam landscape. The volume of spam increased from 2012. We witnessed the decline of a previously-successful exploit kit. The old became new again, thanks to different techniques used by spammers. While we still saw traditional types of spam, we also saw several "improvements" which allowed spammers to avoid...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/uZ0knuU7r3A/
Malware Deployed by Fake Digital Certificates Bypassing Endpoint Security
Enterprises that place unwavering faith in the sanctity of digital certificates may want to re-think that belief, now that the latest chapter in the Win32/Winwebsec malware saga has revealed a troubling new development: the use of stolen authentication credentials. Win32/Winwebsec is the catch-all term used by Microsoft to reference a group of fake anti-virus programs [...]
http://www.seculert.com/blog/2014/01/malware-deployed-by-fake-digital-certificates-bypassing-endpoint-security.html
Ransomware: Powerlocker wird für 100 US-Dollar angeboten
Die Gruppe Malware Crusaders warnt vor einer neuen Ransomware, die nicht nur besser verschlüsselt, sondern mit zusätzlichen Funktionen ausgestattet ist. In einschlägigen Foren wird Powerlocker bereits für 100 US-Dollar angeboten. (Virus, Malware)
http://www.golem.de/news/ransomware-powerlocker-wird-fuer-100-us-dollar-angeboten-1401-103757-rss.html
Malicious Advertisements served via Yahoo
Fox-IT operates the shared Security Operations Center service ProtACT. This service monitors the networks of our clients for malicious activity. On January 3 we detected and investigated the infection of clients after they visited yahoo.com.
http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/
WordPress Connect plugin for WordPress unspecified cross-site scripting
http://xforce.iss.net/xforce/xfdb/90106
Debian devscripts uscan.pl code execution
http://xforce.iss.net/xforce/xfdb/90107
[2013-12-27] XPath Injection in IBM Web Content Manager
By exploiting the identified XPath Injection vulnerability, an unauthenticated user is able to extract sensitive application configuration data from vulnerable installations of IBM Web Content Manager.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131227-0_IBM_WCM_XPath_Injection_v10.txt
HP Data Protector code execution
http://xforce.iss.net/xforce/xfdb/90001
http://xforce.iss.net/xforce/xfdb/90002
http://xforce.iss.net/xforce/xfdb/90003