End-of-Shift report
Timeframe: Freitag 29-08-2014 18:00 − Montag 01-09-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
CryptoWall's Haul: $1M in Six Months
The CryptoWall ransomware has proven to be a profitable criminal enterprise, netting more than $1.1 million in six months. More than 1,600 victims have surfaced and more than 5 billion files have been encrypted.
http://threatpost.com/cryptowalls-haul-1m-in-six-months/107978
Kindle App for Android SSL certificate spoofing
Kindle App for Android could allow a remote attacker to conduct spoofing attacks, caused by the improper verification of SSL certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to cause the victim to accept spoofed certificates.
http://xforce.iss.net/xforce/xfdb/95617
Glibc Heap Overflow in __gconv_translit_find() Lets Local Users Gain Elevated Privileges
A local user can set a specially crafted CHARSET environment variable value to trigger an off-by-one memory error and resulting heap overflow in __gconv_translit_find() and execute arbitrary code on the target system. The local user may be able to cause a set user id (setuid) root application that uses this environment variable to execute code with root privileges.
http://www.securitytracker.com/id/1030786
F5 Unauthenticated rsync access to Remote Root Code Execution
When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance.
http://cxsecurity.com/issue/WLB-2014080148
1900/UDP (SSDP) Scanning and DDOS, (Sun, Aug 31st)
Over the last few weeks we have detected a significant increase in both scanning for 1900/UDP and a huge increase of 1900/UDP being used for amplified reflective DDOS attacks. 1900/UDP is the Simple Service Discovery Protocol (SSDP) which is a part of Universal Plug and Play (UPnP). The limited information available to me indicates that the majority of the devices that are ..
https://isc.sans.edu/diary.html?storyid=18599
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router Passwords within routers sold by chipset manufacturer Broadcom and an unnamed vendor can be accessed within seconds thanks to weak or absent key randomisation, security bod Dominique Bongard has claimed.
http://www.theregister.co.uk/2014/09/01/wps_flaw_leaves_home_routers_vulnerable/
Lynis 1.6.0 - Security auditing tool for Unix/Linux systems
Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is ..
http://hack-tools.blackploit.com/2014/08/lynis-160-security-auditing-tool-for.html
Mozilla: An die 100.000 Nutzerdaten unabsichtlich offengelegt
Zweite grosse Datenpanne innerhalb eines Monats beim Firefox-Hersteller
http://derstandard.at/2000005015299
Dircrypt: Ransomware liefert Schlüssel mit
Eine Analyse der Ransomware Dircrypt hat ergeben, dass die verschlüsselten Dateien des Erpressungstrojaners offenbar den Schlüssel mitliefern. Allerdings nur für einen Teil der Daten.
http://www.golem.de/news/dircrypt-ransomware-liefert-schluessel-mit-1409-108940.html
APWG Q2 2014 report, phishing is even more dangerous
The APWG has published its new report related to phishing activities in the period April - June 2014, the document titled 'Phishing Activity Trends Report, 2nd Quarter 2014' states that online payment services and crypto-currency sites are ..
http://securityaffairs.co/wordpress/27935/cyber-crime/apwg-q2-2014-report.html