[CERT-daily] Tageszusammenfassung - Montag 13-05-2013

Mon May 13 18:09:08 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 10-05-2013 18:00 − Montag 13-05-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  L. Aaron Kaplan

*** Android.TechnoReaper Downloader Found on Google Play ***
---------------------------------------------
By Nathan Collier We have found a new threat we are calling Android.TechnoReaper. This malware has two parts: a downloader available on the Google Play Market and the spyware app it downloads. The downloaders are disguised as font installing apps, as seen below: Once you install the app, it looks like a nice app used
---------------------------------------------
http://blog.webroot.com/2013/05/10/android-technoreaper-downloader-found-on-google-play/


*** Google Has Aggressive Plans for Strong Authentication ***
---------------------------------------------
Google has a long-term plan for strong authentication that ties log-ins to the operating system and hardware, and puts up barriers against man in the middle attacks and weak passwords.
---------------------------------------------
http://threatpost.com/google-has-aggressive-plans-for-strong-authentication/


*** Samsung Officeserv Read the users/passwords ***
---------------------------------------------
Topic: Samsung Officeserv Read the users/passwords Risk: Medium 
Text:# Title:samsung officeserv Read the users/passwords 
# Author: MaDo Mokhtar 
# Contact: codezeroooo[at]yahoo[dot]com # Vendo...
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013050087


*** RSA Authentication Agent cross-site scripting ***
---------------------------------------------
RSA Authentication Agent cross-site scripting
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84155


*** Cybercriminals offer HTTP-based keylogger for sale, accept Bitcoin ***
---------------------------------------------
By Dancho Danchev In 2013, Liberty Reserve and Web Money remain the payment method of choice for the majority of Russian/Eastern European cybercriminals. Cybercrime-as-a-Service underground market propositions, malware crypters, R.A.Ts (Remote Access Trojans), brute-forcing tools etc. virtually every underground market product/service is available for purchase through the use of these ubiquitous virtual currencies. What's the situation on the international underground
---------------------------------------------
http://blog.webroot.com/2013/05/10/cybercriminals-offer-http-based-keylogger-for-sale-accept-bitcoin/


*** WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability ***
---------------------------------------------
Topic: WordPress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Risk: Low Text:Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability Vendor: Securimage PHP CAPTCHA Product web page: https:...
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013050098


*** WordPress Search and Share plugin vulnerabilities ***
---------------------------------------------
Topic: WordPress Search and Share plugin vulnerabilities Risk: Low Text:I want to inform you about vulnerabilities in Search and Share plugin for WordPress. These are Cross-Site Scripting and Ful...
---------------------------------------------
http://cxsecurity.com/wlb/WLB-2013050103


*** DDoS Services Advertise Openly, Take PayPal ***
---------------------------------------------
The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of todays so-called "booter" or "stresser" services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers. Oh, and they nearly all rely on Paypal to receive payments.Related Posts:Privacy 101: Skype Leaks Your
---------------------------------------------
https://krebsonsecurity.com/2013/05/ddos-services-advertise-openly-take-paypal/


*** Dangerous Trojan substitutes web pages ***
---------------------------------------------
May 7, 2013 Specialists from the Russian anti-virus company Doctor Web have studied one of the most widespread threats in April 2013, the Trojan Trojan.Mods.1, formerly known as Trojan.Redirect.140. According to statistics compiled by the curing utility Dr.Web CureIt!, the number of infections with this Trojan represent 3.07% of the total number of detected threats. A summary of the study can be found below. The Trojan has two components: the dropper and the dynamic link library which stores
---------------------------------------------
http://news.drweb.com/show/?i=3511&lng=en&c=9


*** Newly launched E-shop for hacked PCs charges based on malware 'executions' ***
---------------------------------------------
By Dancho Danchev On the majority of occasions, Cybercrime-as-a-Service vendors will sell access to malware-infected hosts to virtually anyone who pays for them, without bothering to know what happens once the transaction takes place. A newly launched E-shop for malware-infected hosts, however, has introduced a novel approach for calculating the going rate for the hacked PCs.
---------------------------------------------
http://blog.webroot.com/2013/05/13/newly-launched-e-shop-for-hacked-pcs-charges-based-on-malware-executions/


*** Blog: Telecom fraud - phishing and Trojans combined ***
---------------------------------------------
In China telecom fraud has become an increasingly common crime.
---------------------------------------------
http://www.securelist.com/en/blog/877/Telecom_fraud_phishing_and_Trojans_combined


*** Trojaner kapert Facebook-Accounts ***
---------------------------------------------
Eine bösartige Browsererweiterung befüllt Googles Chrome und Mozillas Firefox. Sie hat es auf Facebook-Konten abgesehen.
---------------------------------------------
http://www.heise.de/security/meldung/Trojaner-kapert-Facebook-Accounts-1861008.html


*** Researchers uncovered new malware used by Chinese cyber criminals ***
---------------------------------------------
Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese cyber criminal group to target South East Asian organizations from the video gaming sector.
---------------------------------------------
http://thehackernews.com/2013/05/researchers-uncovered-new-malware-used.html


*** AWS EC2 Security Vulnerability and Pinterest Hacked ***
---------------------------------------------
Well, almost hacked. This is rather embarassing (for Pinterest, and maybe AWS?), in that I was able to access what seemed to be their admin page. Furthermore, I discovered through this interface that it seems they do not store passwords encrypted or salted.
---------------------------------------------
http://www.jontsai.com/2013/05/11/aws-ec2-security-vulnerability-and-pinterest-hacked/


*** Introducing Conpot ***
---------------------------------------------
We proudly announce the first release of our Industrial Control System honeypot named Conpot. Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications.
---------------------------------------------
http://www.honeynet.org/node/1047


*** Attackers Target Older Java Bugs ***
---------------------------------------------
It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same [...]
---------------------------------------------
http://threatpost.com/attackers-target-older-java-bugs/