[CERT-daily] Tageszusammenfassung - Montag 17-02-2014

Mon Feb 17 18:27:04 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 14-02-2014 18:00 − Montag 17-02-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Christian Wojner

*** Not Just Pills or Payday Loans, It's Essay SEO SPAM! ***
---------------------------------------------
Remember back in school or college when you had to write pages and pages of long essays, but you had no time write them? Or maybe you were just too lazy? Yeah, good times. Well, it seems like some companies are trying to end this problem. They are offering services where clients pay ..
---------------------------------------------
http://blog.sucuri.net/2014/02/not-just-pills-or-payday-loans-its-essay-seo-spam.html


*** New IE 10 Zero Day Targeting Military Intelligence ***
---------------------------------------------
A new campaign, dubbed Operation SnowMan, has been spotted leveraging a previously unknown zero-day in Internet Explorer 10 to compromise the U.S. Veterans of Foreign Wars website this week.
---------------------------------------------
http://threatpost.com/new-ie-10-zero-day-targeting-military-intelligence/104272


*** Microsoft Internet Explorer 10 remote code execution exploit ***
---------------------------------------------
Microsoft Internet Explorer 10 remote code execution exploit, Use-after-free vulnerability in Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code via vectors in...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020123


*** The New Normal: 200-400 Gbps DDoS Attacks ***
---------------------------------------------
KrebsOnSecurity has been targeted by countless denial-of-service attacks intended to knock it offline. Earlier this week, KrebsOnSecurity was hit by easily the most massive and intense such attack yet -- a nearly 200 Gpbs assault leverging a simple attack method that industry experts is becoming alarmingly common.
---------------------------------------------
http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos-attacks/


*** More Malware Embedded in RTFs ***
---------------------------------------------
RTF (Rich Text Format) files have been used before by cybercriminals, but of late it seems their use of this format is becoming more creative. We have earlier talked about how CPL files were being embedded in RTF files and sent to would-be victims as an e-mail attachment. These CPL files would then proceed to download malicious ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/more-malware-embedded-in-rtfs/


*** More on HNAP - What is it, How to Use it, How to Find it, (Sat, Feb 15th) ***
---------------------------------------------
Weve had a ton of discussion on the most recent set of home router vulnerabilities based on the HNAP protocol. But what is the HNAP protocol for, and why is it so persistently enabled?  HNAP (Home Network Administration Protocol) is a network device management protocol, useful for anyone, but I think meant primarily for ISPs to manage fleets of ..
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17648&rss


*** Crowdfunding-Plattform Kickstarter gehackt ***
---------------------------------------------
Die Crowdfunding-Plattform Kickstarter wurde Opfer eines Hackerangriffs. Jenseits von Benutzernamen und Mail-Adressen griffen die Hacker auch auf verschlüsselte Passwörter zu.
---------------------------------------------
http://www.heise.de/security/meldung/Crowdfunding-Plattform-Kickstarter-gehackt-2115380.html


*** Zugangsdaten im Umlauf: FTP-Server von Webseiten angegriffen ***
---------------------------------------------
Es sollen wohl tausende Zugangsdaten zu FTP-Servern im Umlauf sein, darunter auch Zugänge für bekannte Webseiten. Erste Fälle, in denen Schadinhalte auf Webseiten wie der New York Times untergebracht wurden, gab es schon. (Virus, Server-Applikationen)
---------------------------------------------
http://www.golem.de/news/zugangsdaten-im-umlauf-ftp-server-von-webseiten-angegriffen-1402-104598-rss.html


*** HP Data Protector EXEC_BAR Remote Command Execution ***
---------------------------------------------
Topic: HP Data Protector EXEC_BAR Remote Command Execution, import argparse import socket ..
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020134


*** WebSphere Application Server Multiple Java Vulnerabilities ***
---------------------------------------------
WebSphere Application Server Multiple Java Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/56778


*** Mapping Hacking Team's "Untraceable" Spyware ***
---------------------------------------------
Remote Control System (RCS) is sophisticated computer spyware marketed and sold exclusively to governments by Milan-based Hacking Team. Hacking Team was first thrust into the public spotlight in 2012 when RCS was used against award-winning Moroccan media outlet Mamfakinch, and United Arab Emirates (UAE) human rights activist Ahmed Mansoor. Most recently, Citizen Lab research found that RCS was used to target Ethiopian journalists in the Washington DC area.
---------------------------------------------
https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware/