Tageszusammenfassung - Montag 17-02-2014

End-of-Shift report

Timeframe: Freitag 14-02-2014 18:00 − Montag 17-02-2014 18:00 Handler: Alexander Riepl Co-Handler: Christian Wojner

Not Just Pills or Payday Loans, It's Essay SEO SPAM!

Remember back in school or college when you had to write pages and pages of long essays, but you had no time write them? Or maybe you were just too lazy? Yeah, good times. Well, it seems like some companies are trying to end this problem. They are offering services where clients pay ..

http://blog.sucuri.net/2014/02/not-just-pills-or-payday-loans-its-essay-seo-spam.html


New IE 10 Zero Day Targeting Military Intelligence

A new campaign, dubbed Operation SnowMan, has been spotted leveraging a previously unknown zero-day in Internet Explorer 10 to compromise the U.S. Veterans of Foreign Wars website this week.

http://threatpost.com/new-ie-10-zero-day-targeting-military-intelligence/104272


Microsoft Internet Explorer 10 remote code execution exploit

Microsoft Internet Explorer 10 remote code execution exploit, Use-after-free vulnerability in Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code via vectors in...

http://cxsecurity.com/issue/WLB-2014020123


The New Normal: 200-400 Gbps DDoS Attacks

KrebsOnSecurity has been targeted by countless denial-of-service attacks intended to knock it offline. Earlier this week, KrebsOnSecurity was hit by easily the most massive and intense such attack yet -- a nearly 200 Gpbs assault leverging a simple attack method that industry experts is becoming alarmingly common.

http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos-attacks/


More Malware Embedded in RTFs

RTF (Rich Text Format) files have been used before by cybercriminals, but of late it seems their use of this format is becoming more creative. We have earlier talked about how CPL files were being embedded in RTF files and sent to would-be victims as an e-mail attachment. These CPL files would then proceed to download malicious ..

http://blog.trendmicro.com/trendlabs-security-intelligence/more-malware-embedded-in-rtfs/


More on HNAP - What is it, How to Use it, How to Find it, (Sat, Feb 15th)

Weve had a ton of discussion on the most recent set of home router vulnerabilities based on the HNAP protocol. But what is the HNAP protocol for, and why is it so persistently enabled? HNAP (Home Network Administration Protocol) is a network device management protocol, useful for anyone, but I think meant primarily for ISPs to manage fleets of ..

http://isc.sans.edu/diary.html?storyid=17648&rss


Crowdfunding-Plattform Kickstarter gehackt

Die Crowdfunding-Plattform Kickstarter wurde Opfer eines Hackerangriffs. Jenseits von Benutzernamen und Mail-Adressen griffen die Hacker auch auf verschlüsselte Passwörter zu.

http://www.heise.de/security/meldung/Crowdfunding-Plattform-Kickstarter-gehackt-2115380.html


Zugangsdaten im Umlauf: FTP-Server von Webseiten angegriffen

Es sollen wohl tausende Zugangsdaten zu FTP-Servern im Umlauf sein, darunter auch Zugänge für bekannte Webseiten. Erste Fälle, in denen Schadinhalte auf Webseiten wie der New York Times untergebracht wurden, gab es schon. (Virus, Server-Applikationen)

http://www.golem.de/news/zugangsdaten-im-umlauf-ftp-server-von-webseiten-angegriffen-1402-104598-rss.html


HP Data Protector EXEC_BAR Remote Command Execution

Topic: HP Data Protector EXEC_BAR Remote Command Execution, import argparse import socket ..

http://cxsecurity.com/issue/WLB-2014020134


WebSphere Application Server Multiple Java Vulnerabilities

WebSphere Application Server Multiple Java Vulnerabilities

https://secunia.com/advisories/56778


Mapping Hacking Team's "Untraceable" Spyware

Remote Control System (RCS) is sophisticated computer spyware marketed and sold exclusively to governments by Milan-based Hacking Team. Hacking Team was first thrust into the public spotlight in 2012 when RCS was used against award-winning Moroccan media outlet Mamfakinch, and United Arab Emirates (UAE) human rights activist Ahmed Mansoor. Most recently, Citizen Lab research found that RCS was used to target Ethiopian journalists in the Washington DC area.

https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware/