End-of-Shift report
Timeframe: Mittwoch 02-07-2014 18:00 − Donnerstag 03-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm
Analysis of a New Banking Trojan Spammed by Cutwail
The Cutwail spambot has a long history of sending spam with attached malicious files such as Zbot, Blackhole Exploit Kit and Cryptolocker. Another trick in Cutwail's portfolio is to use links pointing to popular file hosting services. Over the past weeks, we have observed spam that claims to be an unpaid invoice from ..
http://blog.spiderlabs.com/2014/07/analysis-of-a-banking-trojan-spammed-by-cutwail.html
Simple Javascript Extortion Scheme Advertised via Bing, (Wed, Jul 2nd)
Thanks to our reader Dan for spotting this one. As of today, a search for "Katie Matusik" on Bing will include the following result. The rank has been slowly rising during the day, and as of right now, it is the first link after the link to "Videos" Once a user clicks on the link, the user is redirected to ..
https://isc.sans.edu/diary.html?storyid=18337&rss
Multiple vulnerabilities in third-party Drupal modules
https://www.drupal.org/node/2296783
https://www.drupal.org/node/2296511
https://www.drupal.org/node/2296495
New Android Malware HijackRAT Attacks Mobile Banking Users
Cybercriminals have rolled out a new malicious Android application that wraps different varieties of banking fraud trick into a single piece of advanced mobile malware.
http://thehackernews.com/2014/07/new-android-malware-hijackrat-attacks.html
Exploring the Java vulnerability (CVE-2013-2465) used in the Fiesta EK
While going through our daily analysis this month, we came across several Fiesta Exploit Kit attacks. Although this EK first emerged in August 2013, the authors have constantly updated their ..
http://research.zscaler.com/2014/07/exploring-java-vulnerability-cve-2013.html
Avast hielt Krypto-Messenger für Trojaner
Wer angeblich mit dem Trojaner "Android:Banker-BW" infiziert ist, kann die Warnung unter Umständen getrost ignorieren. Der Avast-Virenscanner hat Moxie Marlinspikes Krypto-Messenger TextSecure fälschlicherweise als Malware eingestuft.
http://www.heise.de/security/meldung/Avast-hielt-Krypto-Messenger-fuer-Trojaner-2248792.html
Bugtraq: [security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass
http://www.securityfocus.com/archive/1/532631
DynDNS-Dienst: Microsoft hat Domains an NoIP zurückgegeben
Seit Tagen funktioniert der DynDNS-Dienst NoIP für viele Kunden nicht, weil Microsoft die Domains übertragen wurden und viele Anfragen ins Leere liefen. Nun hat Microsoft die Domains zurückgegeben und die Lage sollte sich normalisieren.
http://www.heise.de/security/meldung/DynDNS-Dienst-Microsoft-hat-Domains-an-NoIP-zurueckgegeben-2249112.html
VU#402020: Autodesk VRED contains an unauthenticated remote code execution vulnerability
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection): Autodesk VRED Professional 2014 contains an unauthenticated remote code execution vulnerability. Autodesk VRED Professional 2014.
http://www.kb.cert.org/vuls/id/402020
8 Common Pitfalls of HeartBleed Identification and Remediation (CVE-2014-0160)
Unfortunately, one of the biggest vulnerabilities disclosed this year, HeartBleed, has been inefficiently addressed and for some, already forgotten about. Plenty of details about the vulnerability already exist including our FAQ and ..
http://blog.spiderlabs.com/2014/07/pitfalls-of-heartbleed-identification-and-remediation-cve-2014-0160.html