End-of-Shift report
Timeframe: Mittwoch 05-02-2014 18:00 − Donnerstag 06-02-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Target Hackers Broke in Via HVAC Company
Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers.
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/JuvkO7plF2E/
Angriffe auf Fritzboxen: AVM empfiehlt Abschaltung der Fernkonfiguration
Nach ersten Fällen von Telefonie-Missbrauch halten Angriffe auf Fritzboxen über die Fernkonfiguration an. Um Schäden vorzubeugen, sollen Fritzbox-Nutzer die Funktion vorübergehend deaktivieren.
http://www.heise.de/security/meldung/Angriffe-auf-Fritzboxen-AVM-empfiehlt-Abschaltung-der-Fernkonfiguration-2106542.html
Demystifying Point of Sale Malware and Attacks
Cybercriminals have an insatiable thirst for credit card data. There are multiple ways to steal this information on-line, but Point of Sales are the most tempting target. An estimated 60 percent of purchases at retailers' Point of Sale (POS) are paid for using a credit or debit card. Given that large retailers may process thousands of transactions daily though their POS, it stands to reason that POS terminals have come into the crosshairs of cybercriminals seeking large volumes of credit...
http://www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-attacks
Malware Uses ZWS Compression for Evasion Tactic
Cybercriminals can certainly be resourceful when it comes to avoiding detection. We have seen many instances wherein malware came equipped with improved evasion techniques, such as preventing execution of analysis tools, hiding from debuggers, blending in with normal network traffic, along with various JavaScript techniques. Security researchers have now come across malware that uses a legitimate compression technique to go unnoticed by security solutions.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-uses-zws-compression-for-evasion-tactic/
New Asprox Variant Goes Above and Beyond to Hijack Victims
[UPDATE] After further analysis, this threat was identified as Asprox botnet and not Zbot
http://research.zscaler.com/2014/02/new-zbot-variant-goes-above-and-beyond.html
OpenLDAP 2.4.36 Remote Users Deny Of Service
Topic: OpenLDAP 2.4.36 Remote Users Deny Of Service Risk: Medium Text:It was discovered that OpenLDAP, with the rwm overlay to slapd, could segfault if a user were able to query the directory and i...
http://cxsecurity.com/issue/WLB-2014020032
Rockwell RSLogix 5000 Password Vulnerability
OVERVIEW: This advisory was originally posted to the US-CERT secure Portal library on January 21, 2014, and is now being released to the NCCIC/ICS-CERT Web site.Independent researcher Stephen Dunlap has identified a password vulnerability in the Rockwell Automation RSLogix 5000 software. Rockwell Automation has produced a new version that mitigates this vulnerability.
http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01
NETGEAR Router D6300B Telnet Backdoor Lets Remote Users Gain Root Access
http://www.securitytracker.com/id/1029727
DSA-2855 libav
several vulnerabilities
http://www.debian.org/security/2014/dsa-2855
Security Bulletin: IBM Domino IMAP Server Denial of Service Vulnerability (CVE-2014-0822)
The IMAP server in IBM Domino contains a denial of service vulnerability. A remote unauthenticated attacker could exploit this security vulnerability to cause a crash of the Domino server. The fix for this issue is available as a hotfix and is planned to be incorporated in all upcoming Interim Fixes, Fix Packs and Maintenance Releases.
http://www-01.ibm.com/support/docview.wss?uid=swg21663023
Bugtraq: ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability
http://www.securityfocus.com/archive/1/530929
Vulnerabilities in Drupal Third-Party Modules
https://drupal.org/node/2187453
https://drupal.org/node/2189509
https://drupal.org/node/2189643
https://drupal.org/node/2189751
WordPress WooCommerce SagePay Direct Payment Gateway Cross-Site Scripting Vulnerability
https://secunia.com/advisories/56801