End-of-Shift report
Timeframe: Mittwoch 04-02-2015 18:00 − Donnerstag 05-02-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Zero-day in the Fancybox-for-WordPress Plugin
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from '203koko' injected into the website. We were also directed to a forum thread ..
http://blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html
SA-CONTRIB-2015-037 - Path Breadcrumbs - Access Bypass
https://www.drupal.org/node/2420139
Analyzing CVE-2015-0313: The New Flash Player Zero Day
Adobe has started rolling out an update to Flash Player which fixes the zero-day vulnerability we discussed earlier this week. This particular vulnerability can be exploited ..
http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2015-0313-the-new-flash-player-zero-day
Russische Malware zielt auf iOS-Geräte, saugt alle Daten ab
Die IT-Sicherheitsfirma "TrendLabs" berichtet, dass eine SpyWare namens XAgent sich mittlerweile auf iPhone und iPads ausgebreitet hat. Bereits vergangenes Jahr war von dem Schadprogramm die Rede, damals griff die Anwendung Windows-Rechner in Regierungsorganisationen, ..
http://derstandard.at/2000011311181
Sicherheitsstandards ignoriert: BMW-Hack war vermeidbar
Der kürzlich bekannt gewordene Hack von Autos der Marke BMW wäre auf einfache Weise vermeidbar gewesen. Das Computermagazin c’t zeigt im Detail, wie der Autokonzern zentrale ..
http://derstandard.at/2000011322698
Flash Zero Days Dominate Exploit Landscape
The recent Flash zero-day vulnerabilities and exploits have uncovered the relatively quiet Hanjuan exploit kit, and further exposed the dangers of malvertising.
http://threatpost.com/flash-zero-days-dominate-exploit-landscape/110871
Internet Explorer Cross-Site Scripting Vulnerability Now Public
Security researcher David Leo has disclosed a new vulnerability in Microsoft Internet Explorer. The vulnerability allows the same origin policy of the browser to be violated. The same-origin policy restricts how a document or ..
http://blog.trendmicro.com/trendlabs-security-intelligence/internet-explorer-cross-site-scripting-vulnerability-now-public/
Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited
This is the tale of an ongoing SSH brute forcing campaign, targeting servers and network devices, that distributes a new family of Linux rootkit malware named 'XOR.DDoS'. While typical DDoS bots are straightforward in operation and often programmed in a high-level script such as PHP or Perl, the XOR.DDoS family is programming in C/C++ and incorporates multiple ..
https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html
Security updates available for Adobe Flash Player (APSB15-04)
A Security Bulletin (APSB15-04) has been published regarding security updates for Adobe Flash Player. These updates address CVE-2015-0313, which is being actively exploited in the wild via drive-by-download attacks against systems ..
https://blogs.adobe.com/psirt/?p=1175