End-of-Shift report
Timeframe: Donnerstag 24-07-2014 18:00 − Freitag 25-07-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
More Details of Onion/Critroni Crypto Ransomware Emerge
New ransomware has been dubbed Onion by researchers at Kaspersky Lab as its creators use command and control servers hidden in the Tor Network (a/k/a The Onion Router) to obscure their malicious activity.
http://threatpost.com/onion-ransomware-demands-bitcoins-uses-tor-advanced-encryption/107408
-- Bojan INFIGO IS (c) SANS Internet Storm Center.
https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
https://isc.sans.edu/diary.html?storyid=18443&rss
Gefährlicher als die NSA: Firmen unterschätzen kriminelle Hacker
Allianz für Cyber-Sicherheit beim deutschen Bundesamt für Sicherheit in der Informationstechnik sieht größten Nachholbedarf in produzierenden Unternehmen
http://derstandard.at/2000003528513
TAILS Team Recommends Workarounds for Flaw in I2P
The developers of the TAILS operating system say that users can mitigate the severity of the critical vulnerability researchers discovered in the I2P software that's bundled with TAILS with a couple of workarounds, but there is no patch for the bug yet. The vulnerability that affects TAILS is in the I2P anonymity network software that comes...
http://threatpost.com/tails-team-recommends-workarounds-for-flaw-in-i2p/107422
Fake GoogleBots are third most common DDoS attacker
An analysis of 400 million search engine visits to 10,000 sites done by Incapsula researchers has revealed details that might be interesting to web operators and SEO professionals.
http://www.net-security.org/secworld.php?id=17169
New SSL server rules go into effect Nov. 1
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.
http://www.networkworld.com/article/2457649/security0/new-ssl-server-rules-go-into-effect-nov-1.html
The App I Used to Break Into My Neighbor's Home
Leave your ring of cut-brass secrets unattended on your desk at work, at a bar table while you buy another round, or in a hotel room, and any strangeror friendcan upload your keys to their online collection.
http://feeds.wired.com/c/35185/f/661467/s/3cdb9908/sc/36/l/0L0Swired0N0C20A140C0A70Ckeyme0Elet0Eme0Ebreak0Ein0C/story01.htm
Attackers abusing Internet Explorer to enumerate software and detect security products
During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim's system using Internet Explorer.In this blog post we will describe some of the techniques that attackers are using to perform reconnaisance that gives them information for future attacks. We have also seen these techniques being used to decide whether or not they exploit the victim based on detected...
http://www.alienvault.com/open-threat-exchange/blog/attackers-abusing-internet-explorer-to-enumerate-software-and-detect-securi
Building a Legal Botnet in the Cloud
Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but theres no reason this cant scale to much larger numbers....
https://www.schneier.com/blog/archives/2014/07/building_a_lega.html
Bugtraq: Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14
http://www.securityfocus.com/archive/1/532895
Morpho Itemiser 3 Hard-Coded Credential
This advisory provides vulnerability information for hard-coded credentials in the Morpho Itemiser 3.
http://ics-cert.us-cert.gov//advisories/ICSA-14-205-01
VU#394540: Sabre AirCentre Crew contains a SQL injection vulnerability
Vulnerability Note VU#394540 Sabre AirCentre Crew contains a SQL injection vulnerability Original Release date: 25 Jul 2014 | Last revised: 25 Jul 2014 Overview Sabre AirCentre Crew 2010.2.12.20008 and earlier contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Sabre AirCentre Crew 2010.2.12.20008 and earlier is vulnerable to a SQL Injection attack in the username and password fields in CWPLogin.aspx.
http://www.kb.cert.org/vuls/id/394540
Cisco Unified Presence Server Sync Agent Vulnerability
CVE-2014-3328
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
CVE-2014-3305
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305
Cisco WebEx Meetings Server Stack Trace Vulnerability
CVE-2014-3301
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3301