Tageszusammenfassung - Montag 1-09-2014

End-of-Shift report

Timeframe: Freitag 29-08-2014 18:00 − Montag 01-09-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

CryptoWall's Haul: $1M in Six Months

The CryptoWall ransomware has proven to be a profitable criminal enterprise, netting more than $1.1 million in six months. More than 1,600 victims have surfaced and more than 5 billion files have been encrypted.

http://threatpost.com/cryptowalls-haul-1m-in-six-months/107978


Kindle App for Android SSL certificate spoofing

Kindle App for Android could allow a remote attacker to conduct spoofing attacks, caused by the improper verification of SSL certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to cause the victim to accept spoofed certificates.

http://xforce.iss.net/xforce/xfdb/95617


Glibc Heap Overflow in __gconv_translit_find() Lets Local Users Gain Elevated Privileges

A local user can set a specially crafted CHARSET environment variable value to trigger an off-by-one memory error and resulting heap overflow in __gconv_translit_find() and execute arbitrary code on the target system. The local user may be able to cause a set user id (setuid) root application that uses this environment variable to execute code with root privileges.

http://www.securitytracker.com/id/1030786


F5 Unauthenticated rsync access to Remote Root Code Execution

When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance.

http://cxsecurity.com/issue/WLB-2014080148


1900/UDP (SSDP) Scanning and DDOS, (Sun, Aug 31st)

Over the last few weeks we have detected a significant increase in both scanning for 1900/UDP and a huge increase of 1900/UDP being used for amplified reflective DDOS attacks. 1900/UDP is the Simple Service Discovery Protocol (SSDP) which is a part of Universal Plug and Play (UPnP). The limited information available to me indicates that the majority of the devices that are ..

https://isc.sans.edu/diary.html?storyid=18599


Rubbish WPS config sees WiFi router keys popped in seconds

Another day, another way in to your home router Passwords within routers sold by chipset manufacturer Broadcom and an unnamed vendor can be accessed within seconds thanks to weak or absent key randomisation, security bod Dominique Bongard has claimed.

http://www.theregister.co.uk/2014/09/01/wps_flaw_leaves_home_routers_vulnerable/


Lynis 1.6.0 - Security auditing tool for Unix/Linux systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is ..

http://hack-tools.blackploit.com/2014/08/lynis-160-security-auditing-tool-for.html


Mozilla: An die 100.000 Nutzerdaten unabsichtlich offengelegt

Zweite grosse Datenpanne innerhalb eines Monats beim Firefox-Hersteller

http://derstandard.at/2000005015299


Dircrypt: Ransomware liefert Schlüssel mit

Eine Analyse der Ransomware Dircrypt hat ergeben, dass die verschlüsselten Dateien des Erpressungstrojaners offenbar den Schlüssel mitliefern. Allerdings nur für einen Teil der Daten.

http://www.golem.de/news/dircrypt-ransomware-liefert-schluessel-mit-1409-108940.html


APWG Q2 2014 report, phishing is even more dangerous

The APWG has published its new report related to phishing activities in the period April - June 2014, the document titled 'Phishing Activity Trends Report, 2nd Quarter 2014' states that online payment services and crypto-currency sites are ..

http://securityaffairs.co/wordpress/27935/cyber-crime/apwg-q2-2014-report.html