======================= = End-of-Shift report = =======================
Timeframe: Freitag 22-11-2013 18:00 − Montag 25-11-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a
*** Second Look at Stuxnet Reveals Older Dangerous Variant *** --------------------------------------------- ICS expert Ralph Langner has thrown back the covers on Stuxnet revealing a two-pronged attack intent not only on disrupting Irans nuclear capabilities, but flexing the attackers muscle in building weaponized malware. --------------------------------------------- http://threatpost.com/second-look-at-stuxnet-reveals-older-dangerous-variant...
*** Google fixes flaw in Gmail password reset process *** --------------------------------------------- According to the researcher who discovered the bug, Google swiftly addressed the security issue, which could leave users passwords vulnerable to theft. --------------------------------------------- http://www.scmagazine.com/google-fixes-flaw-in-gmail-password-reset-process/...
*** Five Years Old And Still On The Run: DOWNAD *** --------------------------------------------- Five years ago, Conficker/DOWNAD was first seen and quickly became notorious due to how quickly it spread and how much damage it caused. Remarkably, after all that time, it´s still alive. It can still pose a serious problem, as it can propagate to other systems on the same network as an infected machine - a factor that may explain its high rate of infection to this day. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/five-years-old-an...
*** Another Fake WordPress Plugin - And Yet Another SPAM Infection! *** --------------------------------------------- We clean hundreds and thousands of infected websites, a lot of the cleanups can be considered to be somewhat "routine". If you follow our blog, you often hear us say we´ve seen "this" numerous times, we´ve cleaned "that" numerous times. --------------------------------------------- http://blog.sucuri.net/2013/11/another-fake-wordpress-plugin-and-yet-another...
*** Top Security Predictions for 2014 *** --------------------------------------------- As 2013 draws to a close, FireEye researchers are already looking ahead to 2014 and the shifting threat landscape. Expect fewer Java zero-day exploits and more browser-based ones. Watering-hole attacks may supplant spear-phishing attacks. --------------------------------------------- http://www.fireeye.com/blog/corporate/2013/11/top-security-predictions-for-2...
*** Port 0 DDOS, (Fri, Nov 22nd) *** --------------------------------------------- Following on the stories of amplification DDOS attacks using Chargen, and stories of "booters" via Brian Kreb's, I am watching with interest the increase in port 0 amplification DDOS attacks. --------------------------------------------- http://isc.sans.edu/diary.html?storyid=17081
*** Spam-Friendly Registrar 'Dynamic Dolphin' Shuttered *** --------------------------------------------- The organization that oversees the Internet domain name registration industry last week revoked the charter of Dynamic Dolphin, a registrar that has long been closely associated with spam and cybercrime. --------------------------------------------- http://krebsonsecurity.com/2013/11/spam-friendly-registrar-dynamic-dolphin-s...
*** LG smart TV snooping extends to home networks, second blogger says *** --------------------------------------------- A second blogger has published evidence that his LG-manufactured smart television is sharing sensitive user data with the Korea-based company in a post that offers support for the theory that the snooping isnt isolated behavior that affects a small number of sets. --------------------------------------------- http://arstechnica.com/security/2013/11/lg-smart-tv-snooping-extends-to-home...
*** CryptoLocker gang teams with botnet-builders on ransomware *** --------------------------------------------- The cyber-gang running the CryptoLocker extortion racket is sharing a big cut of any payments they squeeze out of their victims with criminal botnet owners working closely with them, says Symantec, which has been monitoring this underworld activity online. --------------------------------------------- http://www.pcworld.com/article/2066741/cryptolocker-gang-teams-with-botnet-b...
*** DSA-2802 nginx *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2802
*** DSA-2801 libhttp-body-perl *** --------------------------------------------- http://www.debian.org/security/2013/dsa-2801
*** [webapps] - TPLINK WR740N/WR740ND - Multiple CSRF Vulnerabilities *** --------------------------------------------- http://www.exploit-db.com/exploits/29802
*** ImpressPages CMS 3.8 Stored XSS Vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110168
*** Pirelli Discus DRG A125g Remote Change SSID Value Vulnerability *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110167
*** Google Gmail IOS Mobile Application - Persistent / Stored XSS *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013110170
*** Ruby Heap Overflow in Floating Point Parsing Lets Remote Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1029388
*** Drupal Core Bugs Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, and Open Redirect Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1029386