Tageszusammenfassung - Montag 22-09-2014

End-of-Shift report

Timeframe: Freitag 19-09-2014 18:00 − Montag 22-09-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

Tiny Tinba Trojan Could Pose Big Threat

In July 2014, the original source code of Tinba was made public in an underground forum. This leaked version comes with complete documentation and full source code. This follows other source code leaks from much more infamous and prevalent threats, which researchers worry that attackers could use as the basis for new versions. Similar to...

http://www.seculert.com/blog/2014/09/tiny-tinba-trojan-could-pose-big-threat.html

Apple Pay: A Security Analysis

Has Apple taken a bite out of hackers' arsenals? The company is betting on it. Its recent announcement about a new secure payment option has the retail and tech worlds buzzing. If Apple can implement its near-field communication (NFC) payment...

http://www.fireeye.com/blog/corporate/2014/09/apple-pay-a-security-analysis-2.html

How to secure your new iPhone in three simple steps

Summary: Symantec recommends best practices to keep your Apple ID account and iPhone safe.

http://www.symantec.com/connect/blogs/how-secure-your-new-iphone-three-simple-steps

Conditional Malicious iFrame Targeting WordPress Web Sites

We have an email, labs at sucuri.net where we receive multiple questions a day about various forms of malware. One of the most common questions happen when our Free Security Scanner, SiteCheck, detects a spam injection or a hidden iframe and the user is unable to locate the infection in the source code. It's not until we...

http://blog.sucuri.net/2014/09/conditional-malicious-iframe-targeting-wordpress-web-sites.html

PHP Fixes Several Bugs in Version 5.4 and 5.5, (Fri, Sep 19th)

PHP announced the released of version 5.5.17 and 5.4.33. Ten bugs were fixed in version 5.4.33 and 15 bugs were fixed in version 5.5.17. All PHP users are encouraged to upgrade.The latest version are available for download here. [1] http://php.net/ChangeLog-5.php#5.4.33 [2] http://php.net/ChangeLog-5.php#5.5.17 [3] http://windows.php.net/download Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons

https://isc.sans.edu/diary.html?storyid=18683&rss

CipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org, (Fri, Sep 19th)

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

https://isc.sans.edu/diary.html?storyid=18677&rss

New OWASP Testing guide version 4! Check https://www.owasp.org/images/1/19/OTGv4.pdf, (Sat, Sep 20th)

Manuel Humberto Santander Peláez SANS Internet Storm Center - Handler Twitter: (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

https://isc.sans.edu/diary.html?storyid=18687&rss

CloudFlare ditches private SSL keys for better security

Sorry, spooks, we cant decrypt this for you CloudFlare has announced the outcome of what it says is two years work - switching on Keyless SSL - which lets customers encrypt their web traffic via the companys services without having to hand over their private SSL keys.

http://www.theregister.co.uk/2014/09/22/cloudflare_ditches_keys_for_better_security/

Holzleim: Fingerabdrucksensor des iPhone 6 ausgetrickst

Mit einer simpel angefertigten Kopie hat Ben Schlabs von den SRLabs den Fingerabdrucksensor des iPhone 6 getäuscht. Da Apple unter iOS 8 auch Drittanbieter diese Authentifizierungsmethode nutzen lässt, ist dies brisanter als beim iPhone 5S.

http://www.golem.de/news/holzleim-fingerabdrucksensor-des-iphone-6-ausgetrickst-1409-109368-rss.html

VB2014 preview: Tech Support Scams 2.0: an inside look into the evolution of the classic Microsoft tech support scam

Jérôme Segura looks at recent developments in malicious cold calls. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are looking at some of the research that will be presented at the event. Today, in the final entry in this series, we look at the paper Tech Support Scams 2.0: an inside look into the evolution of the classic Microsoft tech support scam, by Jérôme Segura (Malwarebytes).Two years ago, at VB2012 in Dallas, I...

https://www.virusbtn.com/blog/2014/09_22.xml

Doubleclick und Zedo lieferten virenverseuchte Werbung aus

Das große Werbenetzwerk Zedo und die Google-Tochter Doubleclick sollen nach Angaben eines Antivirenherstellers fast einen Monat lang Schadcode über ihre Werbung verteilt haben. Auch größere Webseiten wie Last.fm waren betroffen.

http://www.heise.de/newsticker/meldung/Doubleclick-und-Zedo-lieferten-virenverseuchte-Werbung-aus-2400733.html/from/rss09?wt_mc=rss.ho.beitrag.rdf

iOS 7.1.x Exploit Released (CVE-2014-4377), (Mon, Sep 22nd)

Havent upgraded to iOS 8 yet? Aside from a lot of new features, Apple also fixed a number of security vulnerabilities in iOS 8. For example CVE-2014-4377, a memory corrupion issue in iOSs core graphics library. An exploit is now available for this vulnerability. NOTE: I have not verified yet that the exploit is working / genuine. We will not link at this point to the exploit code, but basic Google Fu should allow you to find it. The author claims that the exploit is "compleatly reliable

https://isc.sans.edu/diary.html?storyid=18693&rss

Datenleck: WhatsApp petzt Online-Status

Ob und wie oft man WhatsApp öffnet, will man unter Umständen lieber für sich behalten. Der Betreiber macht diese Information allerdings für jedermann zugänglich, der die Nummer kennt. Selbst, wenn man dies in den Datenschutz-Einstellungen deaktiviert hat.

http://www.heise.de/security/meldung/Datenleck-WhatsApp-petzt-Online-Status-2400819.html

VU#730964: FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities

Vulnerability Note VU#730964 FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities Original Release date: 19 Sep 2014 | Last revised: 19 Sep 2014 Overview Fortinet FortiGate and FortiWiFi appliances are susceptible to man-in-the-middle attacks (CWE-300) and a heap-based overflow vulnerability (CWE-122). Description Fortinet FortiGate and FortiWiFi 4.00.6 and possibly earlier versions are susceptible to man-in-the-middle attacks (CWE-300) and a heap-based overflow...

http://www.kb.cert.org/vuls/id/730964

Cisco Nexus 1000V Cross-Site Scripting Vulnerability

CVE-2014-3367

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3367