End-of-Shift report
Timeframe: Freitag 27-06-2014 18:00 − Montag 30-06-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
The Akamai State of the Internet Report
The globally distributed Akamai Intelligent Platform delivers over 2 trillion Internet interactions and defends against multiple DDoS attacks each day. This provides us with unique visibility into Internet connection speeds, broadband adoption, mobile usage, outages, and attacks. Drawing ..
http://www.akamai.com/stateoftheinternet/
OpenAFS Memory Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030459
20 Jahre alte Kompressionsverfahren-Lücke sorgt für Verwirrung
Sicherheitsforscher deckte Schwachstelle auf, von der hauptsächlich Linux-User betroffen sein sollen - Entwarnung von Autoren
http://derstandard.at/2000002429137
Serious Android crypto key theft vulnerability affects 86% of devices
Bug in Android KeyStore that leaks credentials fixed only in KitKat.
http://arstechnica.com/security/2014/06/serious-android-crypto-key-theft-vulnerability-affects-86-of-devices/
Anatomy of an Android SMS virus - watch out for text messages, even from your friends!
Paul Ducklin looks into "Andr/SlfMite-A", an Android SMS virus. The malware sends itself to your top 20 contacts and foists an third party app for an alternative Android software market onto your device...
http://nakedsecurity.sophos.com/2014/06/29/anatomy-of-an-android-sms-virus-watch-out-for-text-messages-even-from-your-friends/
DSA-2970 cacti
http://www.debian.org/security/2014/dsa-2970
Microsoft Kills Security Emails, Blames Canada
In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the companys recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software.
http://krebsonsecurity.com/2014/06/microsoft-kills-security-emails-blames-canada/
ICS Focused Malware (Update A)
This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS-ALERT-14-176-02 ICS Focused Malware that was published June 25, 2014 on the ICS-CERT web site, and includes information previously published to the US-CERT secure portal.
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-176-02A
Disqus Wordpress Plugin Flaw Leaves Millions of Blogs Vulnerable to Hackers
A Remote code execution (RCE) vulnerability has been discovered in the comment and discussion service, Disqus plugin for the most popular Blogging Platform Wordpress. While there are more than 70 million websites on the Internet currently running WordPress, about 1.3 million of them use the 'Disqus Comment System' Plugin, making it one of the popular plugins of Wordpress for web comments
http://thehackernews.com/2014/06/disqus-wordpress-plugin-flaw-leaves.html
Medienplayer VLC mit kritischer Krypto-Lücke
Eine Schwachstelle in GnuTLS kann offenbar auch VLC-Nutzern zum Verhängnis werden: Versucht der Mediaplayer einen Stream von einem präparierten Server zu öffnen, droht die Infektion mit Schadcode.
http://www.heise.de/security/meldung/Medienplayer-VLC-mit-kritischer-Krypto-Luecke-2243225.html
Analysis: Spam in May 2014
In the run-up to the summer, spammers offered their potential customers seedlings and seeds for gardening. In addition, English-language festive spam in May was dedicated to Mother's Day - the attackers sent out adverts offering flowers and candies.
http://www.securelist.com/en/analysis/204792339/Spam_in_May_2014
How to protect yourself against privileged user abuse
Network World - The typical organization loses 5% of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees in executive management, operations, accounting, sales, customer service or purchasing, ..
http://www.computerworld.com/s/article/9249440/How_to_protect_yourself_against_privileged_user_abuse
Auch Google schliesst Datenleck im Cloud-Speicher
Wer Links in bei Google Drive abgelegten Dokumenten anklickt, hinterlässt Datenspuren. Durch diese können Dritte auf die Dokumente zugreifen.
http://www.heise.de/security/meldung/Auch-Google-schliesst-Datenleck-im-Cloud-Speicher-2243366.html