End-of-Shift report
Timeframe: Montag 30-03-2015 18:00 − Dienstag 31-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
New reconnaissance threat Trojan.Laziok targets the energy sector
A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised ..
http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector
WordPress Leads 1.6.1-1.6.2 - Persistent XSS
https://wpvulndb.com/vulnerabilities/7871
Drive-by code and Phishing on Swiss websites in 2014
In 2014, about 1,800 Swiss websites were cleaned from drive-by code, compared with 2,700 in 2013, a decline of 33%. At the same time, the number of phishing cases affecting .ch and .li ..
http://securityblog.switch.ch/2015/03/31/drive-by-phishing-swiss-websites-2014/
Citrix Command Center Bugs Let Remote Users Download Files and Execute Arbitrary Code
http://www.securitytracker.com/id/1031993
VB2015 conference programme announced
>
From drones to elephants: an exciting range of topics will be covered in Prague.In six months time, security researchers from around the world will gather in Prague for the 25th Virus Bulletin conference. Today we are excited to reveal the conference programme.As every year, the selection committees task ..
http://www.virusbtn.com/blog/2015/03_31.xml?rss
IoT Research - Smartbands
One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report to shed some light on the current ..
http://securelist.com/analysis/publications/69412/iot-research-smartbands/
Chinas Man-on-the-Side Attack on GitHub
We have looked closer at this attack, and can conclude that China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub. See our "TTL analysis" at the end of ..
http://www.netresec.com//Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub
Hacking Browsers: Are Browsers the Weakest Link of the Security Chain?
Current scenario The number of cyber attacks is constantly increasing, and according to security experts they grow even more sophisticated. The security firm Secunia has recently released its annual study of trends in software vulnerabilities, an interesting report that highlights the ..
http://resources.infosecinstitute.com/hacking-browsers-are-browsers-the-weakest-link-of-the-security-chain/
The sad state of SMTP encryption
This is a quick recap of why Im sad about SMTP encryption. It explains how TLS certificate verification in SMTP is useless even if you force it.
https://blog.filippo.io/the-sad-state-of-smtp-encryption/