End-of-Shift report
Timeframe: Montag 27-04-2015 18:00 − Dienstag 28-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Fake Security Scams - 2015 Edition
New Year, Similar Scams In 2013, I wrote an article talking about the popular Fake Microsoft Security Scams that were doing the rounds. As expected, these type of scams have continued to grow ..
http:////www.webroot.com/blog/2015/04/27/fake-security-scams-2015-edition/
10 Ways to Ensure Your Privileged Password Management Strategy Will Succeed
Leveraging complex, frequently updated passwords is a basic security best practice for protecting privileged accounts in your organisation. But if passwords are such a no-brainer, why do so many data breaches tie back to poor password management?
http://blog.beyondtrust.com/10-reasons-your-privileged-password-management-solution-will-fail
When Prevention Fails, Incident Response Begins, (Mon, Apr 27th)
Ive been asked a few times this year ($dayjob) to discuss and review incident handling practices with some of our clients. This topic seems to have come up to the surface again, and with some breaches getting main-stream coverage, it only ..
https://isc.sans.edu/diary.html?storyid=19629
WordPress 4.2.1 Security Release
https://wordpress.org/news/2015/04/wordpress-4-2-1/
SendGrid: Employee Account Hacked, Used to Steal Customer Credentials
Sendgrid, an email service used by tens of thousands of companies -- including Silicon Valley giants as well as Bitcoin exchange Coinbase -- said attackers compromised a Sendgrid employees account, which was then used to steal the usernames, email ..
http://krebsonsecurity.com/2015/04/sendgrid-employee-account-hacked-used-to-steal-customer-credentials/
Booby trapped! Malvertising campaign hit Adult Site xHamster
A New malvertising campaign hit adult website xHamster by abusing ad provider TrafficHaus and exploiting the Google's URL shortener service. Malversting campaigns are becoming a serious problem for web users, cyber criminals are exploiting ..
http://securityaffairs.co/wordpress/36367/cyber-crime/malvertising-campaign-xhamster.html
Best Free and Open Source SQL Injection Tools
SQL injection is one of the most common attacks against web applications. This is used against websites which use SQL to query data from the database server. A successful ..
http://resources.infosecinstitute.com/best-free-and-open-source-sql-injection-tools/
Hacker tarnen sich als Rüstungsfirma und tricksen Antiviren-Programme aus
Angreifer nutzten die Gunst der Stunde und verschickten im Zuge einer Firmenübernahme als Willkommensnachricht getarnte Phishing-Mails, um mit einer raffinierten Methode Schadcode auf die Computer von Angestellten zu schmuggeln.
http://heise.de/-2625892
Kritische Sicherheitslücke in WordPress
Angesichts der potentiellen Auswirkung der Lücke und der hohen Anzahl an installierten WordPress Content Management Systemen bittet CERT.at um Beachtung der folgenden ..
https://cert.at/warnings/all/20150428.html
Inside the Zeroaccess Trojan
The Zeroaccess trojan (Maxx++, Sierief, Crimeware) has affected millions of computers worldwide, and it is the number one cause of cyber click fraud and Bitcoin mining on the Internet.
http://blog.norsecorp.com/2015/04/27/inside-the-zeroaccess-trojan/
Cisco IOS Software and Cisco IOS XE Software Crafted RADIUS Packet Denial of Service Vulnerability
The vulnerability is due to improper processing of crafted RADIUS packets by a device running the affected software. An authenticated, remote attacker could exploit this vulnerability by sending crafted RADIUS packets to an affected device. If successful, the attacker could cause the device to crash, resulting in a DoS condition.
http://tools.cisco.com/security/center/viewAlert.x?alertId=38544
Cisco IOS Software and Cisco IOS XE Software Crafted DHCPv6 Sequence Denial of Service Vulnerability
The vulnerability is due to improper handling of DHCPv6 packets for a SOLICIT message for an Identity Association for Non-Temporary Addresses (IA-NA) by a device running the affected software. An unauthenticated, adjacent attacker could exploit this vulnerability by sending a crafted sequence exchange of DHCPv6 packets for a SOLICIT message for an IA-NA to an affected device. If successful, the attacker could cause the device to crash, resulting in a DoS condition.
http://tools.cisco.com/security/center/viewAlert.x?alertId=38543