Tageszusammenfassung - Donnerstag 5-06-2014

End-of-Shift report

Timeframe: Mittwoch 04-06-2014 18:00 − Donnerstag 05-06-2014 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner

Peek Inside a Professional Carding Shop

Over the past year, Ive spent a great deal of time trolling a variety of underground stores that sell "dumps" -- street slang for stolen credit card data that buyers can use to counterfeit new cards and go shopping in big-box stores for high-dollar merchandise that can be resold quickly for cash.

http://krebsonsecurity.com/2014/06/peek-inside-a-professional-carding-shop/


Daktronics Vanguard Hardcoded Credentials

NCCIC/ICS-CERT is aware of a public report of a hardcoded password vulnerability affecting Daktronics Vanguard highway notification sign configuration software. According to this report, the vulnerability is a hardcoded password that could allow unauthorized access to the highway sign.

http://ics-cert.us-cert.gov//alerts/ICS-ALERT-14-155-01


New Apple operating systems bring security mysteries

Apples march toward seamless integration between the Mac, iPhone and iPad worries some security experts who say companies may find it more difficult to prevent data leakage on the devices.On Monday, Apple introduced Handoff, a feature in upcoming iOS 8 and Mac OS X Yosemite that would let a person start a task on one device and complete it on another. For example, an email started on the Mac could be completed later on the iPad.

http://www.csoonline.com/article/2360161/data-protection/new-apple-operating-systems-bring-security-mysteries.html#tk.rss_applicationsecurity


Android-Trojaner verschlüsselt Speicherkarte

Ein weiter Malware-Trend erreicht Android: Nach den Erpressungstrojanern, die das Gerät sperren, gibt es nun auch einen Schädling, der das digitale Hab und Gut seines Opfers verschlüsselt. Für die Entschlüsselung der Daten verlangen die Ganoven Geld.

http://www.heise.de/security/meldung/Android-Trojaner-verschluesselt-Speicherkarte-2216517.html


Sicherheitsprobleme mit OpenSSL

Das OpenSSL-Projekt hat eine Warnung bezüglich mehrerer sicherheitsrelevanter Schwachstellen veröffentlicht. Es besteht die Möglichkeit von Remote Code Execution, Denial Of Service und Man-in-the-middle Attacken. Diese können sowohl OpenSSL Clients als auch Server betreffen.

http://cert.at/warnings/all/20140605.html


IBM Security Bulletin: Vulnerability which could allow for unauthorized access to an IBM API Management topology

There is a vulnerability which could allow for unauthorized access to an IBM API Management topology, when a user secures APIs with basic authentication CVE(s): CVE-2014-3036 Affected product(s) and affected version(s): IBM API Management V3.0.0.0

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_which_could_allow_for_unauthorized_access_to_an_ibm_api_management_topology?lang=en_us


They're ba-ack: Browser-sniffing ghosts return to haunt Chrome, IE, Firefox

Privacy threat that allows websites to know what sites youve viewed is revived.

http://feeds.arstechnica.com/~r/arstechnica/security/~3/mZ97m15Wo_M/


Security-Experten isolierten über 2 Millionen Gameover-Bots

Im Rahmen der Aktionen gegen das Botnetz Gameover Zeus musste ein riesige Peer-to-Peer-Netz ausgeschaltet werden. Über zwei Millionen infizierte Rechner mussten dazu manipuliert werden.

http://www.heise.de/security/meldung/Security-Experten-isolierten-ueber-2-Millionen-Gameover-Bots-2216754.html


Security Notice-Statement About the CSRF Vulnerability on Multiple Huawei 3G Wi-Fi Devices

Huawei has noticed that several websites reported the CSRF vulnerability on Huawei E355, E5331, E303, B593 3G Mobile Wi-Fi Devices.

http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-329005.htm


Webfwlog - Firewall Log Analyzer

Webfwlog is a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows XP. Supported log file formats are netfilter, ipfilter, ipfw, ipchains and Windows XP. ... You can sort a report with a single click, 'drill-down' on the reports all the way to the packet level, and save your reports for later use.

http://hack-tools.blackploit.com/2014/06/webfwlog-firewall-log-analyzer.html