End-of-Shift report
Timeframe: Freitag 14-02-2014 18:00 − Montag 17-02-2014 18:00
Handler: Alexander Riepl
Co-Handler: Christian Wojner
Not Just Pills or Payday Loans, It's Essay SEO SPAM!
Remember back in school or college when you had to write pages and pages of long essays, but you had no time write them? Or maybe you were just too lazy? Yeah, good times. Well, it seems like some companies are trying to end this problem. They are offering services where clients pay ..
http://blog.sucuri.net/2014/02/not-just-pills-or-payday-loans-its-essay-seo-spam.html
New IE 10 Zero Day Targeting Military Intelligence
A new campaign, dubbed Operation SnowMan, has been spotted leveraging a previously unknown zero-day in Internet Explorer 10 to compromise the U.S. Veterans of Foreign Wars website this week.
http://threatpost.com/new-ie-10-zero-day-targeting-military-intelligence/104272
Microsoft Internet Explorer 10 remote code execution exploit
Microsoft Internet Explorer 10 remote code execution exploit, Use-after-free vulnerability in Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code via vectors in...
http://cxsecurity.com/issue/WLB-2014020123
The New Normal: 200-400 Gbps DDoS Attacks
KrebsOnSecurity has been targeted by countless denial-of-service attacks intended to knock it offline. Earlier this week, KrebsOnSecurity was hit by easily the most massive and intense such attack yet -- a nearly 200 Gpbs assault leverging a simple attack method that industry experts is becoming alarmingly common.
http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos-attacks/
More Malware Embedded in RTFs
RTF (Rich Text Format) files have been used before by cybercriminals, but of late it seems their use of this format is becoming more creative. We have earlier talked about how CPL files were being embedded in RTF files and sent to would-be victims as an e-mail attachment. These CPL files would then proceed to download malicious ..
http://blog.trendmicro.com/trendlabs-security-intelligence/more-malware-embedded-in-rtfs/
More on HNAP - What is it, How to Use it, How to Find it, (Sat, Feb 15th)
Weve had a ton of discussion on the most recent set of home router vulnerabilities based on the HNAP protocol. But what is the HNAP protocol for, and why is it so persistently enabled? HNAP (Home Network Administration Protocol) is a network device management protocol, useful for anyone, but I think meant primarily for ISPs to manage fleets of ..
http://isc.sans.edu/diary.html?storyid=17648&rss
Crowdfunding-Plattform Kickstarter gehackt
Die Crowdfunding-Plattform Kickstarter wurde Opfer eines Hackerangriffs. Jenseits von Benutzernamen und Mail-Adressen griffen die Hacker auch auf verschlüsselte Passwörter zu.
http://www.heise.de/security/meldung/Crowdfunding-Plattform-Kickstarter-gehackt-2115380.html
Zugangsdaten im Umlauf: FTP-Server von Webseiten angegriffen
Es sollen wohl tausende Zugangsdaten zu FTP-Servern im Umlauf sein, darunter auch Zugänge für bekannte Webseiten. Erste Fälle, in denen Schadinhalte auf Webseiten wie der New York Times untergebracht wurden, gab es schon. (Virus, Server-Applikationen)
http://www.golem.de/news/zugangsdaten-im-umlauf-ftp-server-von-webseiten-angegriffen-1402-104598-rss.html
HP Data Protector EXEC_BAR Remote Command Execution
Topic: HP Data Protector EXEC_BAR Remote Command Execution, import argparse import socket ..
http://cxsecurity.com/issue/WLB-2014020134
WebSphere Application Server Multiple Java Vulnerabilities
WebSphere Application Server Multiple Java Vulnerabilities
https://secunia.com/advisories/56778
Mapping Hacking Team's "Untraceable" Spyware
Remote Control System (RCS) is sophisticated computer spyware marketed and sold exclusively to governments by Milan-based Hacking Team. Hacking Team was first thrust into the public spotlight in 2012 when RCS was used against award-winning Moroccan media outlet Mamfakinch, and United Arab Emirates (UAE) human rights activist Ahmed Mansoor. Most recently, Citizen Lab research found that RCS was used to target Ethiopian journalists in the Washington DC area.
https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware/