End-of-Shift report
Timeframe: Montag 20-01-2014 18:00 − Dienstag 21-01-2014 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
Sicherheitstest eingerichtet: BSI meldet millionenfachen Identitätsdiebstahl
Behörden haben bei der Analyse von Botnetzen rund 16 Millionen betroffene Benutzerkonten entdeckt. Das BSI bietet einen Sicherheitstest an, um E-Mails auf Identitätsdiebstahl zu überprüfen. (Internet, Security)
http://www.golem.de/news/sicherheitstest-eingerichtet-bsi-meldet-millionenfachen-identitaetsdiebstahl-1401-104045-rss.html
Android Vulnerability Enables VPN Bypass
A hole in Androids VPN feature could expose what should be securely communicated data as clear, unencrypted text.
http://threatpost.com/android-vulnerability-enables-vpn-bypass/103719
Details on Patched Microsoft Office 365 XSS Vulnerability Disclosed
A cross-site scripting vulnerability in Microsoft Office 365 casts attention on the need to shore up the security of cloud-based enterprise applications.
http://threatpost.com/details-on-patched-microsoft-office-365-xss-vulnerability-disclosed/103714
Kampf um die Hintertüren einer vernetzten Welt
Adam Philpott vom Netzwerk-Riesen Cisco bestreitet Kooperation mit Geheimdiensten und skizziert neue Bedrohungen im Netz der Zukunft
http://derstandard.at/1389857261752
Blog: WhatsApp for PC - a guaranteed Trojan banker
WhatsApp for PC - now from Brazil and bringing banker which will steal your money. It hides itself as an mp3 file and has a low VT detection.
http://www.securelist.com/en/blog/208214225/WhatsApp_for_PC_a_guaranteed_Trojan_banker
EU cyber security Agency ENISA calls for secure e-banking and e-payments: non-replicable, single-use credentials for e-identities are needed in the financial sector
Different tokens, devices, mobile phones, e-signatures, etc. are used to authenticate our e-identities. Yet, some financial institutions are still not considering the risk of inadequate authentication mechanisms according to a new study by the EU Agency ENISA.
http://www.enisa.europa.eu/media/press-releases/enisa-calls-for-secure-e-banking-and-e-payments
Spoiled Onions
As of January 2014, the Tor anonymity network consists of 5,000 relays of which almost 1,000 are exit relays. As the diagram to the right illustrates, exit relays bridge the gap between the Tor network and the open Internet. As a result, exit relays are able to see anonymised network traffic as it is sent by Tor clients. While most exit relays are innocuous and run by well-meaning volunteers, there are exceptions: In the past, some exit relays were documented to have sniffed and
http://www.cs.kau.se/philwint/spoiled_onions/
Merkur-Kundendaten mit Nocard geknackt
Studenten der FH Salzburg ist mit dem Kundenkartengenerator Zugriff auf Kundenprofile gelungen
http://derstandard.at/1389857747260
WordPress WordFence Plugin "User-Agent" Script Insertion Vulnerability
Input passed via the "User-Agent" HTTP header is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a administrator's browser session in context of an affected site when the malicious data is being viewed.
https://secunia.com/advisories/56558