End-of-Shift report
Timeframe: Montag 28-07-2014 18:00 − Dienstag 29-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Critroni/Onion - Newest Addition to Encrypting Ransomware
In my last blog post about a week ago, I talked about how Cryptolocker and the like are not dead and we will continue to see more of them in action. It's a successful 'business model' and I don't see it going away anytime soon. Not even a few days after my post a new encrypting ransomware emerged. This ..
http://www.webroot.com/blog/2014/07/25/critroni-new-encrypting-ransomware/
Interesting HTTP User Agent "chroot-apach0day", (Mon, Jul 28th)
Our reader Robin submitted the following detect: Ive got a site that was scanned this morning by a tool that left these entries in the logs: [HTTP_USER_AGENT] => chroot-apach0day ..
https://isc.sans.edu/diary.html?storyid=18453
Cisco Prime Data Center Network Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030652
Hacker klauten Pläne für Israels Raketenschild "Iron Dome"
Bei einem Hackerangriff auf drei israelische Waffenschmieden sollen Hacker der chinesischen Regierung in den Jahren 2011 und 2012 haufenweise wichtige Daten zu dem Raketenabwehrsystem erbeutet haben. Die Angreifer sollen der Spezialeinheit 61398 angehören.
http://www.heise.de/security/meldung/Hacker-klauten-Plaene-fuer-Israels-Raketenschild-Iron-Dome-2272329.html
Android crypto blunder exposes users to highly privileged malware
The majority of devices running Google's Android operating system are susceptible to hacks that allow malicious apps to bypass a key security sandbox so they can steal user credentials, read e-mail, and access payment histories and other sensitive data, researchers have warned.
http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-users-to-highly-privileged-malware/
Changes in the Asprox Botnet
In this blog post, we took a quick overview of Asprox's functions and saw the updates that it has made to its C&C code. With added RSA encryption, another C&C command, and updated messaging format, it does not look like Asprox will stop evolving. We will continue to monitor Asprox for any changes and will keep you updated.
https://blog.fortinet.com/Changes-in-the-Asprox-Botnet/
How Cybercrime Exploits Digital Certificates
Security experts recognize 2011 as the worst year for certification authorities. The number of successful attacks against major companies reported during the year has no precedent, many of them had serious consequences.
http://resources.infosecinstitute.com/cybercrime-exploits-digital-certificates/
Security: Antivirenscanner machen Rechner unsicher
Ein Datenexperte hat sich aktuelle Virenscanner angesehen. Viele seien durch einfache Fehler angreifbar, meint er. Da sie tief ins System eingreifen, stellen sie eine besondere Gefahr dar - obwohl sie eigentlich schützen sollen.
http://www.golem.de/news/security-antivirenscanner-machen-rechner-unsicher-1407-108199-rss.html
Elasticsearch-Lücke verwandelt Amazon-Cloud-Server in DDoS-Zombies
Durch eine Sicherheitslücke in einer älteren Elasticsearch-Version können Angreifer beliebigen Schadcode ausführen. Das wird momentan dazu genutzt, Server in Amazons EC2-Cloud zu kapern und für DDoS-Angriffe zu missbrauchen.
http://www.heise.de/security/meldung/Elasticsearch-Luecke-verwandelt-Amazon-Cloud-Server-in-DDoS-Zombies-2277689.html
Multiple vulnerabilities in Oxwall 1.7.0
http://cxsecurity.com/issue/WLB-2014070156
http://cxsecurity.com/issue/WLB-2014070155