[CERT-daily] Tageszusammenfassung - Dienstag 26-11-2013
Daily end-of-shift report
team at cert.at
Tue Nov 26 18:01:14 CET 2013
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 25-11-2013 18:00 − Dienstag 26-11-2013 18:00
Handler: Matthias Fraidl
Co-Handler: n/a
*** Rätselhafte Entführungen im Internet ***
---------------------------------------------
Geheimdienste müssen gar nicht direkt am Kabel lauschen. Der Netzwerkdienstleister Renesys berichtet von einer deutlichen Zunahme von seltsamen Routing-Vorfällen, bei denen Netzwerkverkehr über andere Länder, manchmal sogar Kontinente umgeleitet wird.
---------------------------------------------
http://www.heise.de/security/meldung/Raetselhafte-Entfuehrungen-im-Internet-2053503.html
*** The Need for Incident Response ***
---------------------------------------------
On an average day in the UK more than 100 .co.uk domain websites are hacked according to the statistics in the Zone-h.org online database. Website hacks are increasing the volume of targeted attacks today.
---------------------------------------------
http://www.fireeye.com/blog/corporate/2013/11/the-need-for-incident-response.html
*** Fake tech support scam is trouble for legitimate remote help company ***
---------------------------------------------
Fraud victims mistake legitimate tech company for fraudsters.
---------------------------------------------
http://arstechnica.com/information-technology/2013/11/fake-tech-support-scam-is-trouble-for-legitimate-remote-help-company/
*** VBScript Malware SOYSOS Deletes CAD Files ***
---------------------------------------------
Cybercriminals can do just as much damage deleting users´ data as stealing it because file deletion can result in both data or monetary loss. One example would be CryptoLocker, which became notorious for combining the two - demanding money with the threat of data destruction. We recently came across a malware, detected as VBS_SOYSOS, that deletes important image files including .DWG files.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/vbscript-malware-soysos-deletes-cad-files/
*** Surge in "BlackShades" infections exposes machines worldwide to RAT ***
---------------------------------------------
Over the last two months, attackers have opted to spread the malware via the Neutrino exploit kit, researchers found.
---------------------------------------------
http://www.scmagazine.com/surge-in-blackshades-infections-exposes-machines-worldwide-to-rat/article/322617/
*** A Look At A Silverlight Exploit ***
---------------------------------------------
Recently, independent security researchers found that the Angler Exploit Kit had added Silverlight to their list of targeted software, using CVE-2013-0074. When we analyzed the available exploit, we found that in addition to CVE-2013-0074, a second vulnerability, CVE-2013-3896, in order to bypass ASLR.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-a-silverlight-exploit/
*** [Honeypot Alert] More PHP-CGI Scanning (apache-magika.c) ***
---------------------------------------------
In the past 24 hours, one of the WASC Distributed Web Honeypot participant's sensors picked up continued scanning for CVE-2012-1823 which is a vulnerability within PHP-CGI.
---------------------------------------------
http://blog.spiderlabs.com/2013/11/honeypot-alert-more-php-cgi-scanning-apache-magikac.html
*** New Exploit Kit Atrax Boasts Tor Connectivity, Bitcoin Extraction ***
---------------------------------------------
Yet another commercial crimekit has been spotted making the rounds on the underground malware forums that uses the anonymity network Tor to stealthily communicate with its command and control servers.
---------------------------------------------
http://threatpost.com/new-exploit-kit-atrax-boasts-tor-connectivity-bitcoin-extraction
*** The internet mystery that has the world baffled ***
---------------------------------------------
For the past two years, a mysterious online organisation has been setting the worlds finest code-breakers a series of seemingly unsolveable problems. But to what end? Welcome to the world of Cicada 3301.
---------------------------------------------
http://www.telegraph.co.uk/technology/internet/10468112/The-internet-mystery-that-has-the-world-baffled.html
*** Das Stuxnet-Duo: Bösartige Geschwister ***
---------------------------------------------
Der deutsche Experte Ralph Langner hat nach drei Jahren Analyse ein abschließendes Papier zu Stuxnet vorgelegt. Demnach besteht die Cyber-Waffe aus zwei Schädlingen, von denen nur die zweite richtig bekannt wurde - zu Unrecht, meint Langner.
---------------------------------------------
http://www.heise.de/security/meldung/Das-Stuxnet-Duo-Boesartige-Geschwister-2053847.html
*** Analysis: Online banking faces a new threat ***
---------------------------------------------
Neverquest supports just about every possible trick on online bank attacks. In light of Neverquest´s self-replication capabilities, the number of users attacked could increase over a short period of time.
---------------------------------------------
http://www.securelist.com/en/analysis/204792315/Online_banking_faces_a_new_threat
*** Nachholbedarf bei IT-Sicherheit: EU-Parlamentarier tappten in Hotspot-Falle ***
---------------------------------------------
Alle EU-Parlamentarier sollen jetzt dringend ihre Passwörter ändern, fordert eine Mail der IT-Abteilung. Sie bestätigt, dass durch Angriffe im ungesicherten Parlaments-WLAN Zugangspasswörter ausspioniert wurden.
---------------------------------------------
http://www.heise.de/security/meldung/Nachholbedarf-bei-IT-Sicherheit-EU-Parlamentarier-tappten-in-Hotspot-Falle-2054051.html
*** How To Combat Online Surveillance ***
---------------------------------------------
Governments have transformed the internet into a surveillance platform, but they are not omnipotent. They´re limited by material resources as much as the rest of us. We might not all be able to prevent the NSA and GCHQ from spying on us, but we can at least create more obstacles and make surveilling us more expensive. The more infrastructure you run, the safer the communication will be.
---------------------------------------------
http://theoccupiedtimes.org/?p=12362
*** Why Crimekit Atrax will attract attention ***
---------------------------------------------
CSIS researchers have observed an introduction of a new commercial crimekit being sold on several underground web forums. The kit is dubbed 'Atrax' and is both a cheap kit - costs less than $250 for the main platform - as well as it utilizes the TOR protocol for stealthy communication with C&Cs from where it is intended to get instructions, updates and new modules.
---------------------------------------------
https://www.csis.dk/en/csis/blog/4103
*** Blackhole and Cool Exploit Kits Nearly Extinct ***
---------------------------------------------
When authorities in Russia arrested Paunch, the alleged creator of the Blackhole exploit kit, last month, security researchers and watchers of the malware underground predicted that taking him off the board would put a dent in the use of Blackhole and force its customers onto other platforms. Six weeks later, it now appears that Blackhole is almost gone and the Cool exploit kit, another alleged creation of Paunch, has essentially disappeared, as well.
---------------------------------------------
http://threatpost.com/blackhole-and-cool-exploit-kits-nearly-extinct/103034
*** IBM WebSphere Application Server Java Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55870
*** WordPress Contact Form 7 3.5.2 Shell Upload ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110177
*** WordPress Pinboard Shell Upload ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110175
*** TPLINK WR740N / WR740ND Cross Site Request Forgery ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110181
*** NETGEAR ReadyNAS Perl Code Evaluation ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110179
*** Vuln: HP LoadRunner Virtual User Generator CVE-2013-4837 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63475
*** Bugtraq: Open-Xchange Security Advisory 2013-11-25 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/530008
More information about the Daily
mailing list