End-of-Shift report
Timeframe: Mittwoch 10-12-2014 18:00 − Donnerstag 11-12-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Critical vulnerability affecting HD FLV Player
We've been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched on Joomla! and WordPress, leaving the custom website version vulnerable. Furthermore, websites ..
http://blog.sucuri.net/2014/12/critical-vulnerability-in-joomla-hd-flv-player-plugin.html
Underground black market: Thriving trade in stolen data, malware, and attack services
The underground market is still booming after recent major data breaches. The price of stolen email accounts has dropped substantially, but the value of ..
http://www.symantec.com/connect/blogs/underground-black-market-thriving-trade-stolen-data-malware-and-attack-services
Odd new ssh scanning, possibly for D-Link devices, (Wed, Dec 10th)
I noticed it in my own logs overnight and also had a couple of readers (both named Paul) report some odd new ssh scanning overnight. The scanning involves many sites, likely a botnet, attempting to ssh in as 3 users, D-Link, admin, ..
https://isc.sans.edu/diary.html?storyid=19055
Microsoft Enables Removal of SSL 3.0 Fallback In IE
Microsoft has given Windows admins the option to remove the SSL 3.0 fallback from Internet Explorer. By disabling SSL 3.0, IE is no longer vulnerable to POODLE attacks.
http://threatpost.com/microsoft-enables-removal-of-ssl-3-0-fallback-in-ie/109821
FreeBSD Buffer Overflow in libc stdio Lets Local Users Deny Service or Execute Arbitrary Code
http://www.securitytracker.com/id/1031343
FreeBSD file(1) and libmagic(3) File Processing Flaws Let Remote Users Deny Service
http://www.securitytracker.com/id/1031344
WordPress Uninstall <= 1.1 - WordPress Deletion via CSRF
https://wpvulndb.com/vulnerabilities/7715
Mysterious Turla Linux backdoor also for Solaris?
There has been numerous reports about the mysterious Linux backdoor connected to Turla, an APT family. The malware has some pretty interesting features, the most interesting being its ability to sniff the network interface. More specifically, it ..
https://www.f-secure.com/weblog/archives/00002775.html
Regin
Wir haben in der Woche ab dem 24. November 2014 zum Thema Regin regelmässige Status-Updates an die GovCERT Constituency (in unserer Rolle als GovCERT Austria), die potentiell betroffenen Sektoren (im Rahmen des ATC) und den CERT-Verbund verschickt.Dieser Blogpost stellt unsere Timeline ..
http://www.cert.at/services/blog/20141211105745-1339.html
Patch-Debakel: Microsoft zieht erneut Update zurück
Nach einem fehlerhaften Rollup-Update für Exchange musste Microsoft nun auch einen Patch für die Root-Zertifikate in Windows zurückziehen. Probleme mit Updates und Patches hatte Microsoft in letzter Zeit des öfteren.
http://www.heise.de/security/meldung/Patch-Debakel-Microsoft-zieht-erneut-Update-zurueck-2487143.html
Cyber-Spionage: Auf Roter Oktober folgt Cloud Atlas
Eine neue Angriffswelle mit gezielten Attacken droht: Cloud Atlas soll die nächste digitale Spionagekampagne sein. Die Malware sei eine aktualisierte Variante von Roter Oktober, sagen IT-Sicherheitsexperten.
http://www.golem.de/news/cyber-spionage-auf-roter-oktober-folgt-cloud-atlas-1412-111120-rss.html