[CERT-daily] Tageszusammenfassung - Mittwoch 4-06-2014

Daily end-of-shift report team at cert.at
Wed Jun 4 18:06:31 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 03-06-2014 18:00 − Mittwoch 04-06-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** GameOver Zeus Takedown Shows Good Early Returns ***
---------------------------------------------
The effect of the takedown of the GameOver Zeus botnet this week has been immediate and significant. Researchers who track the activity of the peer-to-peer botnet's activity say that the volume of packets being sent out by infected machines has dropped to almost zero. On Friday, the FBI and Europol, ..
---------------------------------------------
http://threatpost.com/gameover-zeus-takedown-shows-good-early-returns/106429




*** Phishing Tale: An Analysis of an Email Phishing Scam ***
---------------------------------------------
Phishing scams are always bad news, and in light of the Google Drive scam that made the rounds again last week, we thought we'd tell the story of some spam that was delivered into my own inbox because even security researchers, ..
---------------------------------------------
http://blog.sucuri.net/2014/06/phishing-tale-an-analysis-of-an-email-phishing-scam.html




*** Making end-to-end encryption easier to use ***
---------------------------------------------
While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we're releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools. However, ..
---------------------------------------------
http://googleonlinesecurity.blogspot.co.at/2014/06/making-end-to-end-encryption-easier-to.html




*** The Best Of Both Worlds - Soraya ***
---------------------------------------------
Arbor Networks' ASERT has recently discovered a new malware family that combines several techniques to steal payment card information. Dubbed Soraya, meaning 'rich', this malware uses memory scraping techniques similar to those found in Dexter to target point-of-sale terminals. Soraya also intercepts form data sent from web browsers, similar to the Zeus family of malware. Neither of these two techniques are new, but we have not seen them used together in the same piece of malware.
---------------------------------------------
http://www.arbornetworks.com/asert/2014/06/the-best-of-both-worlds-soraya/




*** COPA-DATA Improper Input Validation ***
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-154-01




*** DSA-2945 chkrootkit ***
---------------------------------------------
http://www.debian.org/security/2014/dsa-2945




*** Adobe Acrobat / Reader XI-X AcroBroker Sandbox Bypass ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060030




*** FreeBSD PAM Policy Parser Remote Authentication Bypass ***
---------------------------------------------
http://www.securitytracker.com/id/1030330


More information about the Daily mailing list