Tageszusammenfassung - Montag 24-11-2014

End-of-Shift report

Timeframe: Freitag 21-11-2014 18:00 − Montag 24-11-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Website Malware Removal: Phishing

As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a ..

http://blog.sucuri.net/2014/11/website-malware-removal-phishing.html


Asterisk IP address security bypass

http://xforce.iss.net/xforce/xfdb/98863


"NotCompatible": Die bisher hartnäckigste Android-Malware

Schadsoftware infiziert täglich 20.000 Geräte - Für Spam-Versand, Ticket-Kauf und Word-Press-Hacking

http://derstandard.at/2000008502545


DoubleDirect MitM Attack Targets Android, iOS and OS X Users

Security researchers have discovered a new type of "Man-in-the-Middle" (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world. The MitM attack, dubbed DoubleDirect, enables an attacker to redirect a victim's traffic of major websites ..

http://thehackernews.com/2014/11/doubledirect-mitm-attack-targets_22.html


Spearphishing: Jeder Fünfte geht in die Falle

IT-Benutzer sind gutgläubig. Ein Rabattversprechen reicht, um jede Menge Passwörter einzusammeln. Auf der Wiener Security-Konferenz Deepsec wurden erschreckende Zahlen aus der Praxis verraten.

http://www.heise.de/newsticker/meldung/Spearphishing-Jeder-Fuenfte-geht-in-die-Falle-2461982.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


A Nightmare on Malware Street

Another ransomware has been spotted in the wild lately, branded as CoinVault. This one involves some interesting details worth mentioning, including the peculiar characteristic of offering the free decryption of one of the hostage files a..

http://securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/


ClamA libclamav/pe.c buffer overflow

ClamAV is vulnerable to a Heap Based buffer overflow, caused by improper bounds checking by the libclamav/pe.c file. A local attacker could overflow a buffer and execute arbitrary code on the system.

http://xforce.iss.net/xforce/xfdb/98882


Crypto protocols held back by legacy, says ENISA

EU takes the microscope to security The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto ..

http://www.theregister.co.uk/2014/11/24/crypto_protocols_held_back_by_legacy_says_enisa/


Symantec reseachers find Regin malware, label it the new Stuxnet

Government probably penned peerless p0wn cannon aimed at Russian and Saudi targets An advanced malware instance said to be as sophisticated as Stuxnet and Duqu has has been detected attacking the top end of town and has ..

http://www.theregister.co.uk/2014/11/24/regin/


Triggering MS14-066

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed. This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security ..

http://blog.beyondtrust.com/triggering-ms14-066


Hacking RFID Payment Cards Made Possible with Android App

We recently encountered a high-risk Android app detected as ANDROIDOS_STIP.A in Chile. This app, found distributed through forums and blogs, can be used to hack into the user's RFID bus transit card to recharge the credits. What is the mechanism ..

http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-rfid-payment-cards-made-possible-with-android-app/


Protecting Against Unknown Software Vulnerabilities

Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have a security implications, these are known as vulnerabilities. These vulnerabilities can be used to exploit and compromise your server, your siteRead More

http://blog.sucuri.net/2014/11/protecting-against-unknown-software-vulnerabilities.html


Linux-Distribution: Less ist ein mögliches Einfallstor

Das Tool Less wird unter Linux oft benutzt, um in Verbindung mit anderen Tools etwa Dateien zu öffnen. Damit würden viele Fehler und Sicherheitslücken provoziert, meint ein profilierter Hacker.

http://www.golem.de/news/linux-distribution-less-als-moegliches-einfallstor-1411-110756.html


Drupal-Update schiebt Session-Klau den Riegel vor

Die Entwickler des Open-Source CMS haben zwei Sicherheitslücken in Drupal 6 und 7 geschlossen. Die Schwachstellen können missbraucht werden, um Sessions angemeldeter Benutzer zu stehlen und um den Server lahmzulegen.

http://www.heise.de/security/meldung/Drupal-Update-schiebt-Session-Klau-den-Riegel-vor-2462551.html