End-of-Shift report
Timeframe: Montag 24-02-2014 18:00 − Dienstag 25-02-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Android users under attack through malicious ads in Facebook
Cyber-criminals are always trying to attract people's attention in order to carry out their crimes. So it should be no surprise that they have now found a combined way of using Facebook (the world's largest social network), WhatsApp (the leading text messaging program for smartphones, recently bought by Facebook) and Android (the most popular operating...
http://pandalabs.pandasecurity.com/android-users-under-attack-through-malicious-ads-in-facebook/
New attack completely bypasses Microsoft zero-day protection app
Whitehats ability to sidestep EMET strongly suggest criminal hackers can, too.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/aCb9-4Ke6D8/
Poisoned YouTube ads serve Caphaw banking trojan
YouTubes ad network was compromised to host the Styx exploit kit, researchers found.
http://www.scmagazine.com/poisoned-youtube-ads-serve-caphaw-banking-trojan/article/335465/
Blog: The first Tor Trojan for Android
Virus writers of Android Trojans have traditionally used Windows malware functionality as a template. Now, yet another technique from Windows Trojans has been implemented in malware for Android: for the first time we have detected an Android Trojan that uses a domain in the .onion pseudo zone as a C&C. The Trojan uses the anonymous Tor network built on a network of proxy servers. As well as providing users with anonymity,...
http://www.securelist.com/en/blog/8184/The_first_Tor_Trojan_for_Android
Touchlogger: iOS im Lauscheinsatz
Die Sicherheitsexperten von Fireeye Labs haben eine iOS-App entwickelt, mit der sich alle Eingaben auf der Touchscreen-Oberfläche im Hintergrund mitschneiden und an einen Server übermitteln lassen.
http://www.golem.de/news/touchlogger-ios-im-lauscheinsatz-1402-104776-rss.html
The Tenth Anniversary of Mobile Malware
2014 marks the tenth anniversary of mobile malware. It all began in 2004, when the first variant of SymbOS.Cabir was submitted to security researchers. The analysis revealed that this worm targeted Symbian OS, which was a very popular mobile operating system at the time. Infected phones would search for nearby Bluetooth devices that...
http://www.symantec.com/connect/blogs/tenth-anniversary-mobile-malware
Best Practices in Computer Network Defense
This article was published in the book in Computer Network Defense: Incident Detection and Response. Edited by Melissa E. Hathaway, NATO Science for Peace and Security Series, 2014. The article is about the Dutch approach, the importance of intertnational cooperation and the role of the Dutch Cyber Security Council.
http://www.ncsc.nl/english/current-topics/news/best-practices-in-computer-network-defense.html
"goto fail": Demo-Exploit für SSL-Schwachstelle in iOS und OS X
Der Sicherheitsforscher Aldo Cortesi hat sein Tool mitmproxy angepasst, um den verschlüsselten Datenverkehr von ungepatchten iOS-Geräten und Macs mit OS X 10.9 Mavericks mitzuschneiden. Fast alles lasse sich mitlesen, so Cortesi.
http://www.heise.de/security/meldung/goto-fail-Demo-Exploit-fuer-SSL-Schwachstelle-in-iOS-und-OS-X-2123763.html
HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code
A potential security vulnerability has been identified with HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly known as HP LeftHand Virtual SAN Appliance) dbd_manager. The vulnerability could be remotely exploited resulting in execution of arbitrary code.
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03995204-1
HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure
A potential security vulnerability has been identified in the Web Console component of HP Application Information Optimizer (formerly HP Database Archiving). The vulnerability could be exploited to allow remote execution of code and information disclosure.
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04140965-1
Bugtraq: WiFiles HD v1.3 iOS - File Include Web Vulnerability
http://www.securityfocus.com/archive/1/531236
MYBB 1.6.12 search.php Sql injection
http://cxsecurity.com/issue/WLB-2014020202
GitHub RCE by Environment variable injection Bug Bounty
Topic: GitHub RCE by Environment variable injection Bug Bounty Risk: High Text:GitHub RCE by Environment variable injection Bug Bounty writeup Disclaimer: Ill keep this really short but I hope youll g...
http://cxsecurity.com/issue/WLB-2014020209
TYPO3 6.1.7 XSS / Disclosure / Shell Upload
Topic: TYPO3 6.1.7 XSS / Disclosure / Shell Upload Risk: High Text:# == # Title ...| Multiple vulnerabilities in Typo3 CMS # Version .| introductionpackage-6.1.7 # Date .....
http://cxsecurity.com/issue/WLB-2014020208
FreePBX 2.x Remote Command Execution
Topic: FreePBX 2.x Remote Command Execution Risk: High Text:App : Freepbx 2.x Download : schmoozecom.net Auther : i-Hmx Mail :
n0p1337 at gmail.com Home : security arrays inc. , sec4ever...
http://cxsecurity.com/issue/WLB-2014020206
Zen Cart E-Commerce 1.5.1 Multiple vulnerabilities
Topic: Zen Cart E-Commerce 1.5.1 Multiple vulnerabilities Risk: High Text:# == # Title ...| Multiple vulnerabilities in Zen Cart e-commerce # Version .| zen-cart-v1.5.1-full-file...
http://cxsecurity.com/issue/WLB-2014020203
WordPress Search Everything Plugin SQL Injection Vulnerability
https://secunia.com/advisories/56820
AutoCAD Insecure Library and FAS File Loading Vulnerabilities
https://secunia.com/advisories/57002
OATH Toolkit libpam-oath replay
http://xforce.iss.net/xforce/xfdb/91316