End-of-Shift report
Timeframe: Freitag 07-02-2014 18:00 − Montag 10-02-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Darkleech + Bitly.com = Insightful Statistics
This post is about how hackers abuse popular web services, and how this helps security researchers obtain interesting statistics about malware attacks. We, at Sucuri, work with infected websites every day. While we see some particular infections on one site or on multiple sites, we can't accurately tell how many more sites out there are...
http://blog.sucuri.net/2014/02/darkleech-bitly-com-insightful-statistics.html
The Internet is Broken - Act Accordingly
Costin Raiu is a cautious man. He measures his words carefully and says exactly what he means, and is not given to hyperbole or exaggeration. Raiu is the driving force behind much of the intricate research into APTs and targeted attacks that Kaspersky Lab's Global Research and Analysis Team has been doing for the last...
http://threatpost.com/the-internet-is-broken-act-accordingly/104141
Linkup ransomware blocks internet access, mines Bitcoins
A trojan variant, Linkup, identified by Emsisoft, takes control of DNS servers, blocks internet access and mines Bitcoins.
http://www.scmagazine.com/linkup-ransomware-blocks-internet-access-mines-bitcoins/article/333238/
February 2014 Threat Stats
Its no surprise that this months threat stats reveal that the largest breach to take place in December involved Target, where 40 million individuals were affected by the point-of-sale malware that swiped the data.
http://www.scmagazine.com/february-2014-threat-stats/slideshow/1809/#0
iOS: Sicherheitsforscher warnt vor DoS-Möglichkeit über Snapchat
Durch Wiederverwendung alter App-Tokens soll es möglich sein, große Mengen an Nachrichten an Nutzer des Bilderdienstes zu schicken, was dann auch dem iPhone Probleme bereiten soll. Snapchat ist das Problem neu.
http://www.heise.de/security/meldung/iOS-Sicherheitsforscher-warnt-vor-DoS-Moeglichkeit-ueber-Snapchat-2109628.html
Want to remotely control a car? $20 in parts, some oily fingers, and youre in command
Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the cars controls while its on the road.
http://www.theregister.co.uk/2014/02/06/want_to_hack_a_car_20_in_parts_some_oily_fingers_and_its_yours/
Mac Trojan Steals Bitcoin Wallet Credentials
A new Trojan for Mac OS X disguised as an app for sending and receiving payments steals Bitcoin wallet login credentials.
http://threatpost.com/mac-trojan-steals-bitcoin-wallet-credentials/104152
Security Bulletin: Fix available for Cross Site Scripting vulnerabilities in IBM Connections Portlets for WebSphere Portal (CVE-2014-0855)
A fix is available for Cross Site Scripting (XSS) vulnerabilities in IBM Connections Portlets for WebSphere Portal.
http://www-01.ibm.com/support/docview.wss?uid=swg21663921
Bugtraq: [oCERT-2014-001] MantisBT input sanitization errors
http://www.securityfocus.com/archive/1/530980
Bugtraq: ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure
http://www.securityfocus.com/archive/1/530985
Contao "Input::postRaw()" PHP Object Injection Vulnerability
https://secunia.com/advisories/56755
Xerox ColorQube 8700 / 8900 Unspecified Vulnerabilities
https://secunia.com/advisories/56889