End-of-Shift report
Timeframe: Mittwoch 21-01-2015 18:00 − Donnerstag 22-01-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
"Zero-Day"-Sicherheitslücke in Adobe Flash Player (aktiv ausgenützt)
Wie der bekannte Sicherheitsforscher "Kafeine" in seinem Blog berichtet (
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html), scheint es eine neue, noch ungepatchte Sicherheitslücke im Adobe Flash Player zu geben, die aktiv von zumindest einem Exploit Kit ausgenützt wird.
https://cert.at/warnings/all/20150122.html
Security updates available for Adobe Flash Player (APSB15-02)
A Security Bulletin (APSB15-02) has been published regarding security updates for Adobe Flash Player. These updates address a vulnerability (CVE-2015-0310) that could be used to circumvent memory randomization mitigations on the Windows platform. Adobe is aware of reports that an ..
https://blogs.adobe.com/psirt/?p=1157
Security Advisory - Vulnerabilities in Pagelines/Platform theme for WordPress
Users of both the Pagelines and Platform themes should update as soon as possible. During a routine audit for our WAF, we found two dangerous issues: A Privilege Escalation vulnerability ..
http://blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html
Tubrosa threat drives millions of views to scammers' YouTube gaming videos
Cybercriminals are fraudulently earning advertising revenue by spreading click-fraud threat Trojan.Tubrosa, which sends compromised computers to their ..
http://www.symantec.com/connect/blogs/tubrosa-threat-drives-millions-views-scammers-youtube-gaming-videos
CTB-Locker Ransomware Includes Freemium Feature, Extends Deadline
Last July we came across a crypto-ransomware variant known as Critroni or Curve-Tor-Bitcoin (CTB) Locker. We observed recent improvements to the CTB malware, which now offer a 'free decryption' service, extended deadline to ..
http://blog.trendmicro.com/trendlabs-security-intelligence/ctb-locker-ransomware-includes-freemium-feature-extends-deadline/
Multiple vulnerabilities in third-party Drupal-modules
https://www.drupal.org/node/2411737
https://www.drupal.org/node/2411539
https://www.drupal.org/node/2411527
Energy Harvesting: Tastatur erkennt Benutzer durch Eigenheiten beim Tippen
Tippe, und ich sage dir, wer du bist: Forscher in den USA und China haben eine Tastatur entwickelt, die ihren Besitzer am Tippen erkennt. Das könnte eine Ergänzung zu herkömmlichen Passwörtern sein. Die Tastatur gewinnt per Energy Harvesting elektrische Energie aus den Tippbewegungen.
http://www.golem.de/news/energy-harvesting-tastatur-erkennt-benutzer-durch-eigenheiten-beim-tippen-1501-111865.html
Is 123456 Really The Most Common Password?
I recently worked with SplashData to compile their 2014 Worst Passwords List and yes, 123456 tops the list. In the data set of 3.3 million passwords I used for SplashData, almost 20,000 of those were in fact 123456. But how often do you really see people using that, or the second most common ..
https://xato.net/passwords/123456-common-password/
An analysis of Regins Hopscotch and Legspin
Perhaps one of the most interesting things we observed in the Regin malware operation are the forgotten codenames for some of its modules. We decided to analyse two of these modules in more detail.
http://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/
Confluence Security Advisory - 2015-01-21
We have discovered and fixed a vulnerability in our fork of WebWork. Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework. The attacker needs to have an account and be able to access the Confluence web interface.
https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+-+2015-01-21
Yes, Every Freeware Download Site is Serving Crapware
When we wrote about what happens when you install the top ten apps from CNET Downloads, about half of the comments were from people saying, 'Well you should download from a trusted source.' The only problem is that there isn't a freeware download site that is free of crapware or adware. And here's the result of our investigation to prove it.
http://www.howtogeek.com/207692/yes-every-freeware-download-site-is-serving-crapware-heres-the-proof/?PageSpeed=noscript
Contact Form 3.82 - Unauthorized Language Manipulation
https://wpvulndb.com/vulnerabilities/7761
Dataurization of URLs for A More Effective Phishing Campaign
Phishing with data: URIs is not a new idea. The concept is relatively simple, taking advantage of many user's inexperience with how data: URIs function in order to trick them into entering credentials into a phishing page. We've seen this ..
https://thehackerblog.com/dataurization-of-urls-for-a-more-effective-phishing-campaign/