End-of-Shift report
Timeframe: Mittwoch 08-01-2014 18:00 − Donnerstag 09-01-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
Intercepted Email Attempts to Steal Payments, (Wed, Jan 8th)
A reader sent in details of a incident that is currently being investigated in their environment. (Thank you Peter for sharing! ) It appears to be a slick yet elaborate scam to divert a customer payment to the scammers. It occurs when the scammer attempts to slip into an email conversation and go undetected in order to channel an ordinary payment for service or goods into his own coffers. Here is a simple breakdown of the flow: Supplier sends business email to customer, email mentions a...
http://isc.sans.edu/diary.html?storyid=17366&rss
ZeroAccess Takedown and the TDSS Aftermath
Early December last year, Microsoft - in cooperation with certain law enforcement agencies - announced their takedown of the ZeroAccess operations. This development, however, also yielded an unexpected effect on another well-known botnet, in particular TDSS. TDSS and ZeroAccess ZeroAccess is one of the most notable botnets in the world, with its malware known for rootkit...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/v07x5pzmpj4/
Malvertising attacks via Yahoo ads may precede broader iframe attacks
A New Years malvertisement attack on Yahoo.com that is believed to have infected the systems and devices of thousands of website visitors could signal an uptick in the use of highly effective iframe Web attacks on larger online communities.
http://searchsecurity.techtarget.com/news/2240212218/Malvertising-attacks-via-Yahoo-ads-may-precede-broader-iframe-attacks
Personal banking apps leak info through phone
For several years I have been reading about flaws in home banking apps, but I was skeptical. To be honest, when I started this research I was not expecting to find any significant results.
http://blog.ioactive.com/2014/01/personal-banking-apps-leak-info-through.html
Falscher Alarm: Avast für Android hält alle Apps für Viren
Ein fehlerhaftes Signaturupdate hat dazu geführt, dass Avast Android-Virenscanner am heutigen Donnerstag zahlreich fündig wurde.
http://www.heise.de/security/meldung/Falscher-Alarm-Avast-fuer-Android-haelt-alle-Apps-fuer-Viren-2078962.html
WordPress-Angreifer lieben TimThumb
Akamai hat Attacken auf WordPress-Erweiterungen untersucht und festgestellt, dass sich die Angreifer vor allem auf ein Plug-in eingeschossen haben.
http://www.heise.de/security/meldung/WordPress-Angreifer-lieben-TimThumb-2080515.html
Critics Cut Deep on Yahoo Mail Encryption Rollout
Yahoo has turned on HTTPS by default for its web-based email service, but the deployment is inconsistent across the board and experts are critical of its use of weak standards and the lack of Perfect Forward Secrecy and HSTS.
http://threatpost.com/critics-cut-deep-on-yahoo-mail-encryption-rollout/103534
Drupal Media 7.x Access Bypass
Topic: Drupal Media 7.x Access Bypass Risk: High Text:View online:
https://drupal.org/node/2169767 * Advisory ID: PSA-2014-001 * Project: Media [1] (third-party module) ...
http://cxsecurity.com/issue/WLB-2014010051