Tageszusammenfassung - Dienstag 29-07-2014

End-of-Shift report

Timeframe: Montag 28-07-2014 18:00 − Dienstag 29-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a

Critroni/Onion - Newest Addition to Encrypting Ransomware

In my last blog post about a week ago, I talked about how Cryptolocker and the like are not dead and we will continue to see more of them in action. It's a successful 'business model' and I don't see it going away anytime soon. Not even a few days after my post a new encrypting ransomware emerged. This ..

http://www.webroot.com/blog/2014/07/25/critroni-new-encrypting-ransomware/


Interesting HTTP User Agent "chroot-apach0day", (Mon, Jul 28th)

Our reader Robin submitted the following detect: Ive got a site that was scanned this morning by a tool that left these entries in the logs: [HTTP_USER_AGENT] => chroot-apach0day ..

https://isc.sans.edu/diary.html?storyid=18453


Cisco Prime Data Center Network Manager Input Validation Flaw Permits Cross-Site Scripting Attacks

http://www.securitytracker.com/id/1030652


Hacker klauten Pläne für Israels Raketenschild "Iron Dome"

Bei einem Hackerangriff auf drei israelische Waffenschmieden sollen Hacker der chinesischen Regierung in den Jahren 2011 und 2012 haufenweise wichtige Daten zu dem Raketenabwehrsystem erbeutet haben. Die Angreifer sollen der Spezialeinheit 61398 angehören.

http://www.heise.de/security/meldung/Hacker-klauten-Plaene-fuer-Israels-Raketenschild-Iron-Dome-2272329.html


Android crypto blunder exposes users to highly privileged malware

The majority of devices running Google's Android operating system are susceptible to hacks that allow malicious apps to bypass a key security sandbox so they can steal user credentials, read e-mail, and access payment histories and other sensitive data, researchers have warned.

http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-users-to-highly-privileged-malware/


Changes in the Asprox Botnet

In this blog post, we took a quick overview of Asprox's functions and saw the updates that it has made to its C&C code. With added RSA encryption, another C&C command, and updated messaging format, it does not look like Asprox will stop evolving. We will continue to monitor Asprox for any changes and will keep you updated.

https://blog.fortinet.com/Changes-in-the-Asprox-Botnet/


How Cybercrime Exploits Digital Certificates

Security experts recognize 2011 as the worst year for certification authorities. The number of successful attacks against major companies reported during the year has no precedent, many of them had serious consequences.

http://resources.infosecinstitute.com/cybercrime-exploits-digital-certificates/


Security: Antivirenscanner machen Rechner unsicher

Ein Datenexperte hat sich aktuelle Virenscanner angesehen. Viele seien durch einfache Fehler angreifbar, meint er. Da sie tief ins System eingreifen, stellen sie eine besondere Gefahr dar - obwohl sie eigentlich schützen sollen.

http://www.golem.de/news/security-antivirenscanner-machen-rechner-unsicher-1407-108199-rss.html


Elasticsearch-Lücke verwandelt Amazon-Cloud-Server in DDoS-Zombies

Durch eine Sicherheitslücke in einer älteren Elasticsearch-Version können Angreifer beliebigen Schadcode ausführen. Das wird momentan dazu genutzt, Server in Amazons EC2-Cloud zu kapern und für DDoS-Angriffe zu missbrauchen.

http://www.heise.de/security/meldung/Elasticsearch-Luecke-verwandelt-Amazon-Cloud-Server-in-DDoS-Zombies-2277689.html


Multiple vulnerabilities in Oxwall 1.7.0

http://cxsecurity.com/issue/WLB-2014070156 http://cxsecurity.com/issue/WLB-2014070155