End-of-Shift report
Timeframe: Donnerstag 19-03-2015 18:00 − Freitag 20-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Paper: Dylib hijacking on OS X
Patrick Wardle shows how OS X is also vulnerable to once common Windows attacks.A few years ago, DLL hijacking on Windows was really hot, despite the fact that the concept had been discussed by none other than the NSA as far ..
http://www.virusbtn.com/blog/2015/03_19.xml?rss
FindPOS: New POS Malware Family Discovered
Unit 42 has discovered a new Point of Sale (POS) malware family, which includes multiple variants created as early as November 2014. Over the past few weeks we have been analyzing this malware family, which ..
http://researchcenter.paloaltonetworks.com/2015/03/findpos-new-pos-malware-family-discovered/
Multiple vulnerabilities in Cisco products
http://tools.cisco.com/security/center/viewAlert.x?alertId=37934
http://tools.cisco.com/security/center/viewAlert.x?alertId=37947
http://tools.cisco.com/security/center/viewAlert.x?alertId=37946
Security Update 2015-003
https://support.apple.com/kb/HT204563
Who Develops Code for IT Support Scareware Websites?
When investigating a website used as part of an IT support scam, I came across a web page that attempted to fool the visitor into thinking that the persons system was infected. The goal was to persuade the potential victim to call a Microsoft Certified Live Technician at the designated phone number ..
https://isc.sans.edu/diary.html?storyid=19489&rss
CryptoWall 3.0 Ransomware Partners With FAREIT Spyware
Crypto-ransomware is once again upping the ante with its routines. We came across one crypto-ransomware variant that's combined with spyware - a first for crypto-ransomware. This development just comes at the heels of the discovery that ..
http://blog.trendmicro.com/trendlabs-security-intelligence/cryptowall-3-0-ransomware-partners-with-fareit-spyware/
Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities
This advisory provides mitigation details for multiple DLL Hijacking vulnerabilities in a software component included with Rockwell Automation's FactoryTalk View Studio product.
https://ics-cert.us-cert.gov//advisories/ICSA-15-062-02
CVE-2015-0336 (Flash up to 16.0.0.305) and Exploit Kits
As reported by Malwarebytes and FireEye, Nuclear Pack is now taking advantage of a vulnerability patched with the last version of Flash Player ( 17.0.0.134 )
http://malware.dontneedcoffee.com/2015/03/cve-2015-0336-flash-up-to-1600305-and.html
Erhebliche Sicherheitsmängel bei Geschenkkarten
Geschenkkarten lassen sich erschreckend einfach manipulieren, wird in der aktuellen Ausgabe des Computermagazins c’t gewarnt. Während Geldscheine mit immer mehr Sicherheitsmerkmalen gegen Fälschungen geschützt werden, sieht das bei den beliebten Geschenkkarten völlig anders aus. "Mit simplen Tricks ..
http://derstandard.at/2000013205756
Android Security Symposium, co-organized by SBA Research
https://www.sba-research.org/events/android-security-symposium-co-organized-by-sba-research/
Apple: Anti-Viren-Apps für iOS "irreführend"
Als Begründung für den plötzlichen Rauswurf von Anti-Viren-Software aus dem App Store hat Apple einem Bericht zufolge angeführt, diese Apps könnten Nutzer glauben lassen, es gäbe Viren für iOS.
http://heise.de/-2581916