End-of-Shift report
Timeframe: Dienstag 20-05-2014 18:00 − Mittwoch 21-05-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Ebay: Kundendaten bei Hackerangriff gestohlen
Hacker hatten im Februar und März Zugriff auf Kundendaten
http://derstandard.at/2000001422781
Enterprises Still Lax on Privileged User Access Controls
The results of a survey commissioned by Raytheon demonstrate that enterprises still dont have a firm grasp on privileged users and their activities on corporate networks.
http://threatpost.com/enterprises-still-lax-on-privileged-user-access-controls/106180
iBanking: Exploiting the Full Potential of Android Malware
http://www.symantec.com/connect/blogs/ibanking-exploiting-full-potential-android-malware
World's most pricey trojan is veritable Swiss Army knife targeting Android
Malicious Android app contains remote bugging, SMS interception, and much more.
http://arstechnica.com/security/2014/05/worlds-most-pricey-trojan-is-veritable-swiss-army-knife-targeting-android/
Siemens Industrial Products OpenSSL Heartbleed Vulnerability (Update B)
http://ics-cert.us-cert.gov//advisories/ICSA-14-105-03B
[2014-05-21] Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4
The software CoSoSys Endpoint Protector is affected by critical, unauthenticated SQL injection vulnerabilities and backdoor accounts.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140521-CoSoSys_Endpoint_Protector_Multiple_Vulnerabilities_v10_wo_poc.txt
Security App of the Week: WP Security Audit Log
WP Security Audit Log is a WordPress plugin that logs all the actions and events that take place under your website's hood. The plugin is useful not only in case of a data breach, but also for preventing one. The plugin is designed to generate a security alert when certain actions are detected. For instance, ..
http://news.softpedia.com/news/Security-App-of-the-Week-WP-Security-Audit-Log-442847.shtml
Hook Analyser 3.1 - Malware Analysis Tool
Hook Analyser is a freeware application which allows an investigator/analyst to perform 'static & run-time / dynamic' analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet.
http://www.darknet.org.uk/2014/05/hook-analyser-3-1-malware-analysis-tool/
Why You Should Ditch Adobe Shockwave
This author has long advised computer users who have Adobes Shockwave Player installed to junk the product, mainly on the basis that few sites actually require the browser plugin, and because its yet another plugin that requires constant updating. But I was positively shocked this week to learn that this software introduces a far more pernicious problem: Turns out, ..
http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/
LSE stellt Authentifizierungs-Tool LinOTP unter Open-Source-Lizenz
Das Authentifizierungswerkzeug LinOTP steht ab sofort als Open-Source-Produkt zum kostenlosen Download bereit.
http://www.heise.de/newsticker/meldung/LSE-stellt-Authentifizierungs-Tool-LinOTP-unter-Open-Source-Lizenz-2195061.html
Bugs in your TV
Introduction As part of our research into the Internet of Things (IoT), we were asked to look at the current generation of Smart TVs and see whether they posed any new issues when used in the home or office. In particular, the latest sets come with built-in cameras (for use with video chat applications, ..
https://www.nccgroup.com/en/blog/2014/05/bugs-in-your-tv/