End-of-Shift report
Timeframe: Freitag 04-04-2014 18:00 − Montag 07-04-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
BSI-Webseite mit Prüfung ob die eigene Emailadresse im aktuellen Fall betroffen ist
Im Rahmen eines laufenden Ermittlungsverfahrens der Staatsanwaltschaft Verden (Aller) ist erneut ein Fall von großflächigem Identitätsdiebstahl aufgedeckt worden.
...
Diese Webseite bietet eine Überprüfungsmöglichkeit, ob Sie von dem Identitätsdiebstahl betroffen sind.
https://www.sicherheitstest.bsi.de/
VirusShield: Nur ein Logo - sonst nichts
Die App VirusShield für Android erreichte innerhalb kürzester Zeit enorme Verkaufszahlen. Jedoch: Die App tut überhaupt nichts. (Google, Virenscanner)
http://www.golem.de/news/virusshield-nur-ein-logo-sonst-nichts-1404-105677-rss.html
Hash-Funktion: Entwurf für SHA-3-Standard liegt vor
Die US-Behörde Nist hat einen Entwurf für die Standardisierung der Hashfunktion SHA-3 vorgelegt. Drei Monate lang besteht nun die Möglichkeit, diesen zu kommentieren. (Technologie, Verschlüsselung)
http://www.golem.de/news/hash-funktion-entwurf-fuer-sha-3-standard-liegt-vor-1404-105641-rss.html
Those strange e-mails with URLs in them can lead to Android malware, (Sat, Apr 5th)
Youve probably gotten a few of these e-mails over the last few months (I saw the first one of this latest kind in early Feb), we got one to the handlers list earlier this week which prompted this diary. They seem pretty innocuous, they have little or no text and a URL like the one shown below. Note: the above link doesnt lead to the malware anymore, so I didnt obscure it. Most seem to be sent from Yahoo! (or Yahoo!-related e-mail addresses), so they may be coming from addresses that were
http://isc.sans.edu/diary.html?storyid=17909&rss
XMPP-Layer Compression Uncontrolled Resource Consumption
Topic: XMPP-Layer Compression Uncontrolled Resource Consumption Risk: Medium Text:Uncontrolled Resource Consumption with XMPP-Layer Compression Original Release Date: 2014-04-04 Last Updated: 2014-04-04 ...
http://cxsecurity.com/issue/WLB-2014040034
Fake Voting Campaign Steals Facebook Users’ Identities
Contributor: Parag SawantPhishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.read more
http://www.symantec.com/connect/blogs/fake-voting-campaign-steals-facebook-users-identity
Advice for Enterprises in 2014: Protect Your Core Data
Some companies may think – “if it can happen to a spy agency, there’s nothing we could do. We should just give up and not protect our data anymore.” Others may say: “let’s build a bigger wall around our data.” Both approaches are incorrect. Obviously, you have to protect your data. However, neither can enterprises just try and protect everything with the same rigor. ... What an enterprise needs to focus on is what really needs to be protected.
http://blog.trendmicro.com/trendlabs-security-intelligence/advice-for-enterprises-in-2014-protect-your-core-data/
Microsoft spells out new rules for exiling .EXEs
Microsoft has updated the methodology it uses to define adware, a move designed to make it clearer just what the company considers worthy for removal by its malware tools. ... The kinds of “unwanted behaviours” that Redmond is looking for will be familiar to anyone whos been burned by mistakenly clicking on the link, with lack of user choice or control topping the list.
http://www.theregister.co.uk/2014/04/07/microsoft_puts_adware_in_the_crosshairs_again/
Netgear schließt Hintertür in Modemrouter DGN1000
Die Firma hat ein Firmware-Update veröffentlicht, das die Hintertür auf Port 32764 des DSL-Modemrouters schließen soll. Über die Lücke können Angreifer die Passwörter der Geräte abgreifen.
http://www.heise.de/security/meldung/Netgear-schliesst-Hintertuer-in-Modemrouter-DGN1000-2165017.html
RSA Data Loss Prevention Security Bypass Security Issue
A security issue has been reported in RSA Data Loss Prevent, which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due an error within the session management and can be exploited to access otherwise restricted content.
https://secunia.com/advisories/57464