End-of-Shift report
Timeframe: Mittwoch 12-08-2015 18:00 − Donnerstag 13-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
New SMiShing Campaign Targets T-Mobile Subscribers
Criminals after online credentials have homed in on T-Mobile users, luring them with a $20 discount in exchange for ..
https://blog.malwarebytes.org/fraud-scam/2015/08/new-smishing-campaign-targets-t-mobile-subscribers/
Android: Und noch eine schwere Sicherheitslücke
Forscher von IBM haben in Googles mobilem Betriebssystem eine Lücke entdeckt, die über die Hälfte aller Android-Geräte betrifft. Sie erlaubt das Übernehmen privilegierter Prozesse durch einen Angreifer. Google hat die Lücke bereits geschlossen.
http://heise.de/-2777648
Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40440
Cisco Warns Customers About Attacks Installing Malicious IOS Bootstrap Images
Cisco is warning enterprise customers about a spike in attacks in which hackers use valid credentials on IOS devices to log in as administrators and then upload malicious ROMMON images to take control of the devices. The ROM Monitor is the ..
http://threatpost.com/cisco-warns-customers-about-attacks-installing-malicious-ios-bootstrap-images/114250
Cisco TelePresence Video Communication Server Command Injection Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40433
Volkswagen-Hack nach langer Sperrverfügung veröffentlicht
Vor einigen Jahren haben Forscher entdeckt, dass sich Motorolas Megamos-Transponder, der in den Autoschlüsseln unter anderem von Volkswagen verwendet wird, angreifen lässt. VW ließ damals gerichtlich untersagen, Detailinformationen über die Lücke zu veröffentlichen. Jetzt ist dies gelungen.
http://www.golem.de/news/autoschluessel-volkswagen-hack-nach-langer-sperrverfuegung-veroeffentlicht-1508-115731.html
Script injection vulnerability discovered in Salesforce
Elastica discovered an injection vulnerability in Salesforce which opened the door for attackers to use a trusted Salesforce application as a platform to conduct phishing attacks to steal end-users l...
http://www.net-security.org/secworld.php?id=18759
Spam and phishing in Q2 2015
In Q2 2015, the percentage of spam in email traffic accounted for 53.4%. The USA (14.6%) and Russia (7.8%) remained the biggest sources of spam. China came third with 7.1%. The Anti-Phishing system was triggered 30,807,071 times on computers of Kaspersky Lab users.
http://securelist.com/analysis/quarterly-spam-reports/71759/spam-and-phishing-in-q2-of-2015/
Berliner Internet-Provider 1blu Opfer einer Hacker-Attacke
Bislang unbekannte Angreifer haben sich Zugriff auf das interne System verschafft und erpressen den Berliner Internet-Provider nun.
http://futurezone.at/digital-life/berliner-internet-provider-1blu-opfer-einer-hacker-attacke/146.768.530
VoIP Fraud - Brute Force and Ignorance
The topic of VoIP fraud seems to ebb and flow within the IT-industry press, but struggle to break the surface of mainstream media. Specialist publications report flaws in commonly-used home routers and widespread campaigns against corporate VoIP PBXes while these stories are bypass ..
https://blog.team-cymru.org/2015/08/voip-fraud-brute-force-and-ignorance/
YARA: Simple and Effective Way of Dissecting Malware
In this article, we will learn about the YARA tool, which gives a very simple and highly effective way of identifying and classifying malware. We all know that Reverse Engineering is the highly recommended method for performing a complete post-mortem ..
http://resources.infosecinstitute.com/yara-simple-effective-way-dissecting-malware/
Erster Nexus Patch Day: Google schliesst 21 Sicherheitslücken
Acht davon "kritisch" - Neben Bugs in Stagefright noch zahlreiche andere Probleme bereinigt
http://derstandard.at/2000020697116
TOTOLINK Update - How to NOT handle security issues
This post is an an update to: Backdoor and RCE found in 8 TOTOLINK router models Backdoor credentials found in 4 TOTOLINK router models 4 TOTOLINK router models vulnerable to CSRF and XSS attacks 15 TOTOLINK router models vulnerable to multiple RCEs
https://pierrekim.github.io/blog/2015-08-13-TOTOLINK-how-to-NOT-handle-security-issues.html