End-of-Shift report
Timeframe: Dienstag 22-07-2014 18:00 − Mittwoch 23-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
DDoS attacks remain up, stronger in Q2, report says
Prolexics second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.
http://www.scmagazine.com/ddos-attacks-remain-up-stronger-in-q2-report-says/article/362256/
De-obfuscating the DOM based JavaScript obfuscation found in EK's such as Fiesta and Rig
There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for JavaScript and are utilizing browser functionality to their advantage. Recent exploit kits such as "Fiesta" and "Rig" for example, have been found to be using DOM based JavaScript obfuscation. In...
http://research.zscaler.com/2014/07/de-obfuscating-dom-based-javascript.html
Securing the Nest Thermostat
A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nests remote data collection....
https://www.schneier.com/blog/archives/2014/07/securing_the_ne.html
WordPress brute force attack via wp.getUsersBlogs, (Tue, Jul 22nd)
Now that the XMLRPC "pingback" DDoS problem in WordPress is increasingly under control, the crooks now seem to try brute force password guessing attacks via the "wp.getUsersBlogs" method of xmlrpc.php. ISC reader Robert sent in some logs that show a massive distributed (> 3000 source IPs) attempt at guessing passwords on his Wordpress installation. The requests look like the one shown below and are posted into xmlrpc.php. Unfortunately, the web server responds with a
https://isc.sans.edu/diary.html?storyid=18427&rss
New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd)
We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition, we also updated our script that will allow you to contribute data to this effort. Right now, we are supporting the kippo honeypot to collect data. This script will submit usernames, passwords and the IP address of the attacker to our system. To download the script see
https://isc.sans.edu/clients/kippo/kippodshield.pl . The script uses
https://isc.sans.edu/diary.html?storyid=18433&rss
Arbeit für Admins: Apache 2.4.10 stopft Sicherheitslücken
Für Administratoren von Webservern, die auf Apache 2.4.x laufen, heißt es updaten. Die Apache-Entwickler haben mit der neuesten Version der Software fünf Lücken geschlossen, eine davon erlaubt das Ausführen von Schadcode aus dem Netz.
http://www.heise.de/security/meldung/Arbeit-fuer-Admins-Apache-2-4-10-stopft-Sicherheitsluecken-2265619.html
How Thieves Can Hack and Disable Your Home Alarm System
When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren't even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can...
http://feeds.wired.com/c/35185/f/661467/s/3cc7d302/sc/15/l/0L0Swired0N0C20A140C0A70Chacking0Ehome0Ealarms0C/story01.htm
EU to Roll Out Cybercrime Taskforce
International Team Will Target Cross-Border Crime Campaigns The European Union is set to launch a trial run of an international cybercrime task force that will coordinate investigations across Europe, as well as with a handful of other countries, including Australia, Canada and the United States.
http://www.bankinfosecurity.com/eu-to-roll-out-cybercrime-taskforce-a-7093
The psychology of phishing
Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.
http://www.net-security.org/article.php?id=2078
Just Released - The Phishing Planning Kit
One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit...
http://www.securingthehuman.org/blog/2014/07/22/phishing-planning-kit
Facebook Scam Leads to Nuclear Exploit Kit
Attackers have become more aggressive and are now using Facebook scams to lead to exploit kits so they can control a user's system.
http://www.symantec.com/connect/blogs/facebook-scam-leads-nuclear-exploit-kit
Cisco IOS XR Software NetFlow Processing Denial of Service Vulnerability
CVE-2014-3322
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3322
SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting
Topic: SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting Risk: Low Text:I. VULNERABILITY - Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 II. BACKGROUND ...
http://cxsecurity.com/issue/WLB-2014070121
Barracuda Networks Spam And Virus Firewall 6.0.2 XSS
Topic: Barracuda Networks Spam And Virus Firewall 6.0.2 XSS Risk: Low Text:Document Title: Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Re...
http://cxsecurity.com/issue/WLB-2014070118
Security Notice-Statement on the XSS Security Vulnerability in Huawei E355
Jul 23, 2014 17:37
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-356647.htm
SSA-214365 (Last Update 2014-07-23): Vulnerabilities in SIMATIC WinCC
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf
Omron NS Series HMI Vulnerabilities
This advisory provides mitigation details for multiple vulnerabilities in Omron Corporation's NS series human-machine interface (HMI) terminals.
http://ics-cert.us-cert.gov//advisories/ICSA-14-203-01
Honeywell FALCON XLWeb Controllers Vulnerabilities
This advisory was originally posted to the US-CERT secure Portal library on June 24, 2014, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in Honeywell FALCON XLWeb controllers.
http://ics-cert.us-cert.gov//advisories/ICSA-14-175-01
HPSBMU03073 rev.1 - HP Network Virtualization, Remote Execution of Code, Disclosure of Information
A potential security vulnerability has been identified with HP Network Vitalization. The vulnerability could be exploited remotely to allow execution of code and disclosure of information.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202