End-of-Shift report
Timeframe: Mittwoch 26-08-2015 18:00 − Donnerstag 27-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Paper: Not a GAMe maKER
Raul Alvarez performs low-level analysis of information-stealing trojan.The Gamker information-stealing trojan (also known as Shiz) has been around for a few years. It made the news back in 2013 when it was found to target SAP ..
http://www.virusbtn.com/blog/2015/08_26.xml
Patched Ins0mnia Vulnerability Keeps Malicious iOS Apps Hidden
Apple's monster security update of Aug. 13 included a patch for an iOS vulnerability that could beacon out location data and other personal information from a device, even if a ..
http://threatpost.com/patched-ins0mnia-vulnerability-keeps-malicious-ios-apps-hidden/114423
Concerns new Tor weakness is being exploited prompt dark market shutdown
A dark market website that relies on the Tor privacy network to keep its operators anonymous is temporarily shutting down amid concerns attackers are exploiting a newly reported weakness ..
http://arstechnica.com/security/2015/08/concerns-new-tor-weakness-is-being-exploited-prompt-dark-market-shut-down/
Cisco ACE 4710 Application Control Engine CLI Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40666
PDF + maldoc1 = maldoc2
I received another example of a PDF file that contains a malicious MS Office document. Sample (MD5 0c044fd59cc6ccc28a48937bc69cc0c4). This time I want to focus on the analysis of such a sample. First we run pdfid to identify the sample. It contains ..
https://isc.sans.edu/diary.html?storyid=20079
Taking root
We analyzed the statistics we had collected from May to August 2015 and identified three main Trojan families that use root privileges on the device to achieve their goals.
http://securelist.com/blog/mobile/71981/taking-root/
Throwback Thursday: Safe Hex in the 21st Century
This Throwback Thursday, we turn the clock back to July 2000, when we were already being warned that virus scanners were no longer enough.How many times have we heard commentators claim that anti-virus is dead? After all, in the current ..
http://www.virusbtn.com/blog/2015/08_27.xml
Phisher greifen iranische Aktivisten an, umgehen Googles Multifaktor-Anmeldung
Eine Serie von Phishing-Angriffen hat es anscheinend auf iranische Aktivisten und Dissidenten abgesehen. Auch eine hochrangige Mitarbeiterin der EFF wurde angegriffen.
http://heise.de/-2792580
Important Notice Regarding Public Availability of Stable Patches
Grsecurity has existed for over 14 years now. During this time it has been the premier solution for hardening Linux against security exploits and served as a role model for many mainstream commercial applications elsewhere. All modern OSes took our lead and implemented to varying degrees a number of security ..
https://grsecurity.net/announce.php
Angler Exploit Kit Strikes on MSN.com via Malvertising Campaign
The same actors behind the recent Yahoo and Azure malvertising attacks went after MSN.com this time.
https://blog.malwarebytes.org/malvertising-2/2015/08/angler-exploit-kit-strikes-on-msn-com-via-malvertising-campaign/