End-of-Shift report
Timeframe: Freitag 21-11-2014 18:00 − Montag 24-11-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Website Malware Removal: Phishing
As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a ..
http://blog.sucuri.net/2014/11/website-malware-removal-phishing.html
Asterisk IP address security bypass
http://xforce.iss.net/xforce/xfdb/98863
"NotCompatible": Die bisher hartnäckigste Android-Malware
Schadsoftware infiziert täglich 20.000 Geräte - Für Spam-Versand, Ticket-Kauf und Word-Press-Hacking
http://derstandard.at/2000008502545
DoubleDirect MitM Attack Targets Android, iOS and OS X Users
Security researchers have discovered a new type of "Man-in-the-Middle" (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world. The MitM attack, dubbed DoubleDirect, enables an attacker to redirect a victim's traffic of major websites ..
http://thehackernews.com/2014/11/doubledirect-mitm-attack-targets_22.html
Spearphishing: Jeder Fünfte geht in die Falle
IT-Benutzer sind gutgläubig. Ein Rabattversprechen reicht, um jede Menge Passwörter einzusammeln. Auf der Wiener Security-Konferenz Deepsec wurden erschreckende Zahlen aus der Praxis verraten.
http://www.heise.de/newsticker/meldung/Spearphishing-Jeder-Fuenfte-geht-in-die-Falle-2461982.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
A Nightmare on Malware Street
Another ransomware has been spotted in the wild lately, branded as CoinVault. This one involves some interesting details worth mentioning, including the peculiar characteristic of offering the free decryption of one of the hostage files a..
http://securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/
ClamA libclamav/pe.c buffer overflow
ClamAV is vulnerable to a Heap Based buffer overflow, caused by improper bounds checking by the libclamav/pe.c file. A local attacker could overflow a buffer and execute arbitrary code on the system.
http://xforce.iss.net/xforce/xfdb/98882
Crypto protocols held back by legacy, says ENISA
EU takes the microscope to security The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto ..
http://www.theregister.co.uk/2014/11/24/crypto_protocols_held_back_by_legacy_says_enisa/
Symantec reseachers find Regin malware, label it the new Stuxnet
Government probably penned peerless p0wn cannon aimed at Russian and Saudi targets An advanced malware instance said to be as sophisticated as Stuxnet and Duqu has has been detected attacking the top end of town and has ..
http://www.theregister.co.uk/2014/11/24/regin/
Triggering MS14-066
Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed. This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security ..
http://blog.beyondtrust.com/triggering-ms14-066
Hacking RFID Payment Cards Made Possible with Android App
We recently encountered a high-risk Android app detected as ANDROIDOS_STIP.A in Chile. This app, found distributed through forums and blogs, can be used to hack into the user's RFID bus transit card to recharge the credits. What is the mechanism ..
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-rfid-payment-cards-made-possible-with-android-app/
Protecting Against Unknown Software Vulnerabilities
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have a security implications, these are known as vulnerabilities. These vulnerabilities can be used to exploit and compromise your server, your siteRead More
http://blog.sucuri.net/2014/11/protecting-against-unknown-software-vulnerabilities.html
Linux-Distribution: Less ist ein mögliches Einfallstor
Das Tool Less wird unter Linux oft benutzt, um in Verbindung mit anderen Tools etwa Dateien zu öffnen. Damit würden viele Fehler und Sicherheitslücken provoziert, meint ein profilierter Hacker.
http://www.golem.de/news/linux-distribution-less-als-moegliches-einfallstor-1411-110756.html
Drupal-Update schiebt Session-Klau den Riegel vor
Die Entwickler des Open-Source CMS haben zwei Sicherheitslücken in Drupal 6 und 7 geschlossen. Die Schwachstellen können missbraucht werden, um Sessions angemeldeter Benutzer zu stehlen und um den Server lahmzulegen.
http://www.heise.de/security/meldung/Drupal-Update-schiebt-Session-Klau-den-Riegel-vor-2462551.html