End-of-Shift report
Timeframe: Dienstag 03-06-2014 18:00 − Mittwoch 04-06-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
GameOver Zeus Takedown Shows Good Early Returns
The effect of the takedown of the GameOver Zeus botnet this week has been immediate and significant. Researchers who track the activity of the peer-to-peer botnet's activity say that the volume of packets being sent out by infected machines has dropped to almost zero. On Friday, the FBI and Europol, ..
http://threatpost.com/gameover-zeus-takedown-shows-good-early-returns/106429
Phishing Tale: An Analysis of an Email Phishing Scam
Phishing scams are always bad news, and in light of the Google Drive scam that made the rounds again last week, we thought we'd tell the story of some spam that was delivered into my own inbox because even security researchers, ..
http://blog.sucuri.net/2014/06/phishing-tale-an-analysis-of-an-email-phishing-scam.html
Making end-to-end encryption easier to use
While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we're releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools. However, ..
http://googleonlinesecurity.blogspot.co.at/2014/06/making-end-to-end-encryption-easier-to.html
The Best Of Both Worlds - Soraya
Arbor Networks' ASERT has recently discovered a new malware family that combines several techniques to steal payment card information. Dubbed Soraya, meaning 'rich', this malware uses memory scraping techniques similar to those found in Dexter to target point-of-sale terminals. Soraya also intercepts form data sent from web browsers, similar to the Zeus family of malware. Neither of these two techniques are new, but we have not seen them used together in the same piece of malware.
http://www.arbornetworks.com/asert/2014/06/the-best-of-both-worlds-soraya/
COPA-DATA Improper Input Validation
http://ics-cert.us-cert.gov//advisories/ICSA-14-154-01
DSA-2945 chkrootkit
http://www.debian.org/security/2014/dsa-2945
Adobe Acrobat / Reader XI-X AcroBroker Sandbox Bypass
http://cxsecurity.com/issue/WLB-2014060030
FreeBSD PAM Policy Parser Remote Authentication Bypass
http://www.securitytracker.com/id/1030330