End-of-Shift report
Timeframe: Mittwoch 29-04-2015 18:00 − Donnerstag 30-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
MailChimp - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-101
The MailChimp Signup submodule does not properly sanitize some user input, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting (XSS) vulnerability.
https://www.drupal.org/node/2480253
My Website Was Blacklisted By Google and Distributing Email Spam
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning page can literally destroy ..
https://blog.sucuri.net/2015/04/my-website-was-blacklisted-by-google-and-distributing-email-spam.html
Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38580
Bedep trojan malware spread by the Angler exploit kit gets political
We recently observed what seems to be a group of cybercriminals helping spread pro-Russia messaging by artificially inflating video views and ratings on a popular video website. The ..
https://www.trustwave.com/Resources/SpiderLabs-Blog/Bedep-trojan-malware-spread-by-the-Angler-exploit-kit-gets-political/
Cyber threat intelligence group links Russia to cyber espionage and attacks
"Operation Armageddon," active since at least mid-2013, exposes a cyber espionage campaign devised to provide a military advantage to Russian leadership by targeting Ukrainian government, law enforcement, and military ..
http://www.liveleak.com/view?i=b39_1430249732
WhatsApp durchleuchtet: Vorbildliche Verschlüsselung weitgehend nutzlos
Um die Frage zu beantworten wie vertrauenswürdig die von WhatsApp seit einigen Monaten eingesetzte Ende-zu-Ende-Verschlüsselung ist, hat c't sie unter die Lupe genommen: Zwar setzt WhatsApp die richtige Technik ein, viel nützt das aber trotzdem nicht.
http://heise.de/-2629081
Voiceprint: Stimmenerkennung ist die neue Gesichtserkennung
Statt mit einem Passwort können sich Bankkunden mittlerweile mit ihrer Stimme am Telefon identifizieren. Akustische Biometriesysteme werden in immer mehr Firmen eingesetzt. Die Gefahr: Auch Geheimdienste und Staaten können auf die Technik zugreifen.
http://www.golem.de/news/voiceprint-stimmenerkennung-ist-die-neue-gesichtserkennung-1504-113801.html
Analysis of a MICROSOFT WORD INTRUDER sample: execution, check-in and payload delivery
On April 1st FireEye released a report on 'MWI; and 'MWISTAT' which is a sort of exploit kit for Word Documents if you will: A New Word Document Exploit Kit In the article FireEye goes over MWI which is the short for 'Microsoft Word Intruder' coded ..
http://blog.0x3a.com/post/117760824504/analysis-of-a-microsoft-word-intruder-sample
A Brief Look at DNS Zone Transfer for Alexia's Top 1M Domains
The folks at Rapid7 have released another scan. This one is looking at Alexa's top 1 million domains for DNS servers which have allowed unauthenticated requests for Zone Transfer.
http://atechdad.com/a-brief-look-at-dns-zone-transfer-for-alexias-top-1m-domains/
TA15-120A: Securing End-to-End Communications
Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject code, ..
https://www.us-cert.gov/ncas/alerts/TA15-119A-0
The BACKRONYM MySQL Vulnerability
Earlier this year, I - along with some members of our DevOps team - noticed some interesting behavior in libmysqlclient and the MySQL CLI: no matter how hard we tried (no matter how many MYSQL_OPT_SSL_* options we set) we could not make the client enforce the use of SSL. If the server claimed not to support it, the ..
https://www.duosecurity.com/blog/backronym-mysql-vulnerability