Tageszusammenfassung - Mittwoch 25-06-2014

End-of-Shift report

Timeframe: Dienstag 24-06-2014 18:00 − Mittwoch 25-06-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

TimThumb WebShot Code Execution Exploit (0-day)

If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was just disclosed on TimThumb's "Webshot" feature that allows for certain commands to be executed on the vulnerable website remotely (no authentication required). With a simple command,...

http://blog.sucuri.net/2014/06/timthumb-webshot-code-execution-exploit-0-day.html

SPAM Hack Targets WordPress Core Install Directories

Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like "Google Pharmacy" stores or other fake stores? We have been tracking and analyzing a growing trend in SEO Spam (a.k.a., Search Engine Poisoning (SEP)) attacks in which thousands of compromised WordPress websites are being used...

http://blog.sucuri.net/2014/06/spam-hack-targets-wordpress-core-install-directories.html

Asprox botnet campaign shifts tactics, evades detection

FireEye researchers are tracking spikes in malicious emails attributed to an ongoing Asprox campaign.

http://www.scmagazine.com/asprox-botnet-campaign-shifts-tactics-evades-detection/article/357472/

R2DR2: ANALYSIS AND EXPLOITATION OF UDP AMPLIFICATION VULNERABILITIES

Since we began our studies in the Masters degree on ICT security at the European University, drew our attention the possibility of doing a project under the guidance of Alejandro Ramos (@aramosf), a professional of the scene that we admire. After several ideas and proposals by both parties, we decided to make a project about finding new attack vectors on distributed reflection denial of service attacks (DRDOS). Recently this blog talked about it in a article focused on SNMP vulnerability,...

http://www.securitybydefault.com/2014/06/r2dr2-analysis-and-exploitation-of-udp-amplification-vulns.html

PlugX RAT With "Time Bomb" Abuses Dropbox for Command-and-Control Settings

Monitoring network traffic is one of the means for IT administrators to determine if there is an ongoing targeted attack in the network. Remote access tools or RATs, commonly seen in targeted attack campaigns, are employed to establish command-and-control (C&C) communications. Although the network traffic of these RATs, such as Gh0st, PoisonIvy, Hupigon, and PlugX, among...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4SyyRxr49gU/

HackPorts - Mac OS X Penetration Testing Framework and Tools

HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a "super-project" that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines.

http://hack-tools.blackploit.com/2014/06/hackports-mac-os-x-penetration-testing.html

Flaw Lets Attackers Bypass PayPal Two-Factor Authentication

There's a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim's account to any recipient he chooses. The flaw lies in the way that the PayPal authentication flow works with the service's...

http://threatpost.com/flaw-lets-attackers-bypass-paypal-two-factor-authentication/106852