End-of-Shift report
Timeframe: Freitag 31-01-2014 18:00 − Montag 03-02-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Telefonie-Missbrauch anscheinend kein Massenhack von AVMs Fritzboxen
In den letzten Tagen wunderten sich einige Fritzbox-Nutzer über hohe, teils exorbitante Telefongebühren. Dahinter stecken anscheinend Angriffe mit bekannten Zugangsdaten auf die Fernkonfiguration der verwendeten Fritzboxen.
http://www.heise.de/security/meldung/Telefonie-Missbrauch-anscheinend-kein-Massenhack-von-AVMs-Fritzboxen-2104609.html
Hackers Use a Trick to Deliver Zeus Banking Malware
IDG News Service - Hackers found a new way to slip past security software and deliver Zeus, a long-known malicious software program that steals online banking details. Security company Malcovery Security, based in Georgia, alerted security analysts after finding that none of 50 security programs on Googles online virus scanning service VirusTotal were catching it as of early Sunday.
http://www.cio.com/article/747601/Hackers_Use_a_Trick_to_Deliver_Zeus_Banking_Malware
More than a million Android devices infected with bootkit trojan
More than a million Android mobile devices worldwide are now infected with a crafty bootkit trojan known as Android.Oldboot.1.origin - a number that has more than tripled in a week.
http://www.scmagazine.com//more-than-a-million-android-devices-infected-with-bootkit-trojan/article/331982/
DailyMotion Still Infected, Serving Fake AV Malware
DailyMotion, one of the most popular websites on the Web, is still serving fake AV malware three weeks after it was notified of a compromise.
http://threatpost.com/dailymotion-still-infected-serving-fake-av-malware/104003
SSA-342587 (Last Update 2014-02-03): Vulnerabilities in SIMATIC WinCC Open Architecture
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf
VU#250358: Various Inmarsat broadband satellite terminals contain multiple vulnerabilities
A number of broadband satellite terminals which utilize the Inmarsat satellite telecommunications network have been found to contain undocumented hardcoded login credentials (CWE-798). Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows...
http://www.kb.cert.org/vuls/id/250358
DSA-2851 drupal6
impersonation
http://www.debian.org/security/2014/dsa-2851
IBM Financial Transaction Manager multiple vulnerabilities
http://xforce.iss.net/xforce/xfdb/90584
http://xforce.iss.net/xforce/xfdb/90585
http://xforce.iss.net/xforce/xfdb/90586
http://xforce.iss.net/xforce/xfdb/90612
Security Bulletin: Cross-Site Request Forgery in IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2013-5427)
Due to insufficient safeguards against cross-site request forgery, an attacker can trick a legitimate user into opening a URL that results in an action being taken as that user, potentially without the knowledge of that user. Any actions taken require that the legitimate user be already authenticated or to authenticate separately as part of the attack.
http://www-01.ibm.com/support/docview.wss?uid=swg21663181