End-of-Shift report
Timeframe: Mittwoch 04-06-2014 18:00 − Donnerstag 05-06-2014 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
Peek Inside a Professional Carding Shop
Over the past year, Ive spent a great deal of time trolling a variety of underground stores that sell "dumps" -- street slang for stolen credit card data that buyers can use to counterfeit new cards and go shopping in big-box stores for high-dollar merchandise that can be resold quickly for cash.
http://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/
Daktronics Vanguard Hardcoded Credentials
NCCIC/ICS-CERT is aware of a public report of a hardcoded password vulnerability affecting Daktronics Vanguard highway notification sign configuration software. According to this report, the vulnerability is a hardcoded password that could allow unauthorized access to the highway sign.
http://ics-cert.us-cert.gov//alerts/ICS-ALERT-14-155-01
New Apple operating systems bring security mysteries
Apples march toward seamless integration between the Mac, iPhone and iPad worries some security experts who say companies may find it more difficult to prevent data leakage on the devices.On Monday, Apple introduced Handoff, a feature in upcoming iOS 8 and Mac OS X Yosemite that would let a person start a task on one device and complete it on another. For example, an email started on the Mac could be completed later on the iPad.
http://www.csoonline.com/article/2360161/data-protection/new-apple-operating-systems-bring-security-mysteries.html#tk.rss_applicationsecurity
Android-Trojaner verschlüsselt Speicherkarte
Ein weiter Malware-Trend erreicht Android: Nach den Erpressungstrojanern, die das Gerät sperren, gibt es nun auch einen Schädling, der das digitale Hab und Gut seines Opfers verschlüsselt. Für die Entschlüsselung der Daten verlangen die Ganoven Geld.
http://www.heise.de/security/meldung/Android-Trojaner-verschluesselt-Speicherkarte-2216517.html
Sicherheitsprobleme mit OpenSSL
Das OpenSSL-Projekt hat eine Warnung bezüglich mehrerer sicherheitsrelevanter Schwachstellen veröffentlicht. Es besteht die Möglichkeit von Remote Code Execution, Denial Of Service und Man-in-the-middle Attacken. Diese können sowohl OpenSSL Clients als auch Server betreffen.
http://cert.at/warnings/all/20140605.html
IBM Security Bulletin: Vulnerability which could allow for unauthorized access to an IBM API Management topology
There is a vulnerability which could allow for unauthorized access to an IBM API Management topology, when a user secures APIs with basic authentication
CVE(s): CVE-2014-3036
Affected product(s) and affected version(s): IBM API Management V3.0.0.0
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_which_could_allow_for_unauthorized_access_to_an_ibm_api_management_topology?lang=en_us
They're ba-ack: Browser-sniffing ghosts return to haunt Chrome, IE, Firefox
Privacy threat that allows websites to know what sites youve viewed is revived.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/mZ97m15Wo_M/
Security-Experten isolierten über 2 Millionen Gameover-Bots
Im Rahmen der Aktionen gegen das Botnetz Gameover Zeus musste ein riesige Peer-to-Peer-Netz ausgeschaltet werden. Über zwei Millionen infizierte Rechner mussten dazu manipuliert werden.
http://www.heise.de/security/meldung/Security-Experten-isolierten-ueber-2-Millionen-Gameover-Bots-2216754.html
Security Notice-Statement About the CSRF Vulnerability on Multiple Huawei 3G Wi-Fi Devices
Huawei has noticed that several websites reported the CSRF vulnerability on Huawei E355, E5331, E303, B593 3G Mobile Wi-Fi Devices.
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-329005.htm
Webfwlog - Firewall Log Analyzer
Webfwlog is a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows XP. Supported log file formats are netfilter, ipfilter, ipfw, ipchains and Windows XP.
...
You can sort a report with a single click, 'drill-down' on the reports all the way to the packet level, and save your reports for later use.
http://hack-tools.blackploit.com/2014/06/webfwlog-firewall-log-analyzer.html