End-of-Shift report
Timeframe: Montag 02-03-2015 18:00 − Dienstag 03-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Ads Gone Bad
FireEye Labs tracks malvertising activity and recently discovered hundreds of sites that may have been exposed to malvertisements via abuse of ad networks that use real-time bidding (RTB). Since February 4, 2015, FireEye Labs has seen over 1,700 advertiser RTB requests that resulted in downloading of malicious SWF files. We believe this activity is part of an active malvertising operation.
https://www.fireeye.com/blog/threat-research/2015/03/ads_gone_bad.html
D-Link Routers Haunted by Remote Command Injection Bug
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link's home routers and the key ..
http://threatpost.com/d-link-routers-haunted-by-remote-command-injection-bug/111355
Older Keen Team Use-After-Free IE Exploit Added to Angler Exploit Kit
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsofts Internet Explorer browser.
http://threatpost.com/older-keen-team-use-after-free-ie-exploit-added-to-angler-exploit-kit/111350
How to keep your Smart Home safe
The Internet of Things (IoT) devices can help you save time and hassle and improve your quality of life. As an example, you can check the contents of your fridge and turn on the oven while at the grocery store thus saving money, uncertainty, and ..
https://www.f-secure.com/weblog/archives/00002792.html
Symantec NetBackup OpsCenter Server Javascript Injection RCE
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150302_00
SSH-Client Putty: Fast vergessene Sicherheitslücke geschlossen
Der Schöpfer von Putty entschuldigt sich dafür, eine Sicherheitslücke erst nach eineinhalb Jahren vollständig geschlossen zu haben und ergänzt die neue Version um weitere Bugfixes und zwei neue Funktionen.
http://heise.de/-2563230
SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass
https://www.drupal.org/node/2428851
New gTLD Portals Taken Offline by ICANN Due to Security Flaw
The Internet Corporation for Assigned Names and Numbers (ICANN) shut down two new generic top-level domain (gTLD) portals on February 27 after learning of a vulnerability that could have been exploited to view users' data.
http://www.securityweek.com/new-gtld-portals-taken-offline-icann-due-security-flaw
Cyber criminals target call center operators in Apple Pay fraud schema
Cybercriminals are targeting call centers operators in Apple Pay fraud to circumvent the checks implemented by Apple, banks and card issuers. The security expert Cherian Abraham revealed a spike in the fraud on Apple's ..
http://securityaffairs.co/wordpress/34359/cyber-crime/apple-pay-fraud.html
Captcha <= 4.0.6 - Captcha Bypass
https://wpvulndb.com/vulnerabilities/7822
Financial Trojans in 2014: Takedowns contributed to 53 percent drop in infections, but threat is still prevalent
While the number of financial Trojan detections decreased in 2014, the threat was still ..
http://www.symantec.com/connect/blogs/financial-trojans-2014-takedowns-contributed-53-percent-drop-infections-threat-still-prevalent
phpMoAdmin Zero-day Vulnerability Puts Websites Using MongoDB at Risk
About two weeks back, over 40,000 organizations running MongoDB were found unprotected and vulnerable to hackers. Now, once again the users of MongoDB database are at risk because of a critical zero-day vulnerability making ..
http://thehackernews.com/2015/03/phpMoAdmin-mongoDB-exploit.html
Ted Unangst: OpenBSD will Browser sicherer machen
Mindestens ein Webbrowser soll durch die Umsetzung einer Speicherrichtlinie aus OpenBSD abgesichert werden. Dafür bezahlt die Stiftung des Betriebssystems einen Entwickler mit Erfahrung bei Libressl.
http://www.golem.de/news/ted-unangst-openbsd-will-browser-sicherer-machen-1503-112725.html
Thanks for the Memories: Identifying Malware from a Memory Capture
Weve all seen attackers try and disguise their running malware as something legitimate. They might use a file name of a legitimate Windows file or even inject code into a legitimate process thats already running. Regardless of how its done, that code has to run, which means it has to be in memory. Somewhere.
http://www.contextis.com/resources/blog/thanks-memories-identifying-malware-memory-capture/
LogPOS - New Point of Sale Malware Using Mailslots
There has been an explosion in POS malware in the last year. At Morphick, Jeremy Humble and I found 2 undiscovered families in 2014 and we just found our first new family of 2015. This new malware which were calling ..
http://morphick.com/blog/2015/2/27/mailslot-pos
Change to Lollipop Encryption Policy May Not Have Much Effect, Experts Say
Google has made a subtle, but important, shift in the requirements for Android handset makers, saying now that OEMs manufacturing phones that will run Lollipop do not have to enable disk encryption by default. This is a major change from the ..
http://threatpost.com/change-to-lollipop-encryption-policy-may-not-have-much-effect-experts-say/111386
Cisco Network Analysis Module Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0656