End-of-Shift report
Timeframe: Dienstag 18-03-2014 18:00 − Mittwoch 19-03-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
Apache Update Resolves Security Vulnerabilities
Apache has released version 2.4.9 of its ubiquitous HTTP web server (HTTPD), resolving two security vulnerabilities and a number of other bugs in the process.
http://threatpost.com/apache-update-resolves-security-vulnerabilities/104849
Ebury-Rootkit: Zombie-Server greifen täglich eine halbe Million Rechner an
Zu den Opfern der Malware-Kampagne "Operation Windigo" gehören unter anderem kernel.org und cPanel. Die mit dem Ebury-Rootkit infizierten Server versenden Spam und attackieren Besucher der kompromittierten Webseiten.
http://www.heise.de/security/meldung/Ebury-Rootkit-Zombie-Server-greifen-taeglich-eine-halbe-Million-Rechner-an-2149609.html
Wide Gap Between Attackers, BIOS Forensics Research
Advanced attackers are ahead of researchers when it comes to understanding firmware vulnerabilities and BIOS forensics, experts from MITRE and Intel said during last weeks CanSecWest.
http://threatpost.com/wide-gap-between-attackers-bios-forensics-research/104852
Avast-Toolbar mit Shopping-Spion
Die Browser-Toolbar, die unter anderem mit der Antivirensoftware auf den Rechner gelangt, schaut dem Nutzer beim Einkaufen über die Schulter und baut Konkurrenzangebot in die Shop-Seiten ein.
http://www.heise.de/security/meldung/Avast-Toolbar-mit-Shopping-Spion-2149646.html
Data suggests Android malware threat greatly overhyped
Its no secret that many in the security industry perceive Google Inc.s Android mobile platform to be plagued by malware, but Android security team lead Adrian Ludwig has made it his mission to eradicate the disingenuous meme of the burgeoning Android malware apocalypse.
http://searchsecurity.techtarget.com/news/2240216335/Data-suggests-Android-malware-threat-greatly-overhyped
Mailingliste Full Disclosure macht dicht
Die bekannte Sicherheits-Mailingliste wurde von ihrem Betreiber bis auf weiteres geschlossen. Full Disclosure war in der Vergangenheit immer wieder Schauplatz der Enthüllung wichtiger Sicherheitslücken.
http://www.heise.de/security/meldung/Mailingliste-Full-Disclosure-macht-dicht-2150127.html
10 Years of Mobile Malware: How Secure Are You?
Believe it or not, but it has been 10 years since the first mobile malware was created! On the infographic below, you can see a brief overview of the most important malware events in the past 10 years, with a short description of each of them.
https://www.linkedin.com/today/post/article/20140316112657-67886711-10-years-of-mobile-malware-how-secure-are-you
New Exploits Arrive for Old PHP Vulnerability
New exploits for a two-year-old PHP vulnerability popped up in October that allow hackers to run code on websites running vulnerable versions of the web development framework.
http://threatpost.com/new-exploits-arrive-for-old-php-vulnerability/104881
Fake Tor browser for iOS laced with adware, spyware, members warn
Title available since November raises questions about App Store vetting process.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/qB_-ioinSh4/
WordPress Subscribe To Comments Reloaded Plugin Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/57015
Moodle Multiple Security Issues and Multiple Vulnerabilities
https://secunia.com/advisories/57331
Samba smbcacls security bypass
http://xforce.iss.net/xforce/xfdb/91849