Tageszusammenfassung - Donnerstag 9-01-2014

End-of-Shift report

Timeframe: Mittwoch 08-01-2014 18:00 − Donnerstag 09-01-2014 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter

Intercepted Email Attempts to Steal Payments, (Wed, Jan 8th)

A reader sent in details of a incident that is currently being investigated in their environment. (Thank you Peter for sharing! ) It appears to be a slick yet elaborate scam to divert a customer payment to the scammers. It occurs when the scammer attempts to slip into an email conversation and go undetected in order to channel an ordinary payment for service or goods into his own coffers. Here is a simple breakdown of the flow: Supplier sends business email to customer, email mentions a...

http://isc.sans.edu/diary.html?storyid=17366&rss


ZeroAccess Takedown and the TDSS Aftermath

Early December last year, Microsoft - in cooperation with certain law enforcement agencies - announced their takedown of the ZeroAccess operations. This development, however, also yielded an unexpected effect on another well-known botnet, in particular TDSS. TDSS and ZeroAccess ZeroAccess is one of the most notable botnets in the world, with its malware known for rootkit...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v07x5pzmpj4/


Malvertising attacks via Yahoo ads may precede broader iframe attacks

A New Years malvertisement attack on Yahoo.com that is believed to have infected the systems and devices of thousands of website visitors could signal an uptick in the use of highly effective iframe Web attacks on larger online communities.

http://searchsecurity.techtarget.com/news/2240212218/Malvertising-attacks-via-Yahoo-ads-may-precede-broader-iframe-attacks


Personal banking apps leak info through phone

For several years I have been reading about flaws in home banking apps, but I was skeptical. To be honest, when I started this research I was not expecting to find any significant results.

http://blog.ioactive.com/2014/01/personal-banking-apps-leak-info-through.html


Falscher Alarm: Avast für Android hält alle Apps für Viren

Ein fehlerhaftes Signaturupdate hat dazu geführt, dass Avast Android-Virenscanner am heutigen Donnerstag zahlreich fündig wurde.

http://www.heise.de/security/meldung/Falscher-Alarm-Avast-fuer-Android-haelt-alle-Apps-fuer-Viren-2078962.html


WordPress-Angreifer lieben TimThumb

Akamai hat Attacken auf WordPress-Erweiterungen untersucht und festgestellt, dass sich die Angreifer vor allem auf ein Plug-in eingeschossen haben.

http://www.heise.de/security/meldung/WordPress-Angreifer-lieben-TimThumb-2080515.html


Critics Cut Deep on Yahoo Mail Encryption Rollout

Yahoo has turned on HTTPS by default for its web-based email service, but the deployment is inconsistent across the board and experts are critical of its use of weak standards and the lack of Perfect Forward Secrecy and HSTS.

http://threatpost.com/critics-cut-deep-on-yahoo-mail-encryption-rollout/103534


Drupal Media 7.x Access Bypass

Topic: Drupal Media 7.x Access Bypass Risk: High Text:View online: https://drupal.org/node/2169767 * Advisory ID: PSA-2014-001 * Project: Media [1] (third-party module) ...

http://cxsecurity.com/issue/WLB-2014010051