[CERT-daily] Tageszusammenfassung - Dienstag 31-03-2015

Tue Mar 31 18:05:21 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 30-03-2015 18:00 − Dienstag 31-03-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** New reconnaissance threat Trojan.Laziok targets the energy sector ***
---------------------------------------------
A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised ..
---------------------------------------------
http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector


*** WordPress Leads 1.6.1-1.6.2 - Persistent XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7871


*** Drive-by code and Phishing on Swiss websites in 2014 ***
---------------------------------------------
In 2014, about 1,800 Swiss websites were cleaned from drive-by code, compared with 2,700 in 2013, a decline of 33%. At the same time, the number of phishing cases affecting .ch and .li ..
---------------------------------------------
http://securityblog.switch.ch/2015/03/31/drive-by-phishing-swiss-websites-2014/


*** Citrix Command Center Bugs Let Remote Users Download Files and Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1031993


*** VB2015 conference programme announced ***
---------------------------------------------
>From drones to elephants: an exciting range of topics will be covered in Prague.In six months time, security researchers from around the world will gather in Prague for the 25th Virus Bulletin conference. Today we are excited to reveal the conference programme.As every year, the selection committees task ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/03_31.xml?rss


*** IoT Research - Smartbands ***
---------------------------------------------
One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report to shed some light on the current ..
---------------------------------------------
http://securelist.com/analysis/publications/69412/iot-research-smartbands/


*** Chinas Man-on-the-Side Attack on GitHub ***
---------------------------------------------
We have looked closer at this attack, and can conclude that China is using their active and passive network infrastructure in order to perform a man-on-the-side attack against GitHub. See our "TTL analysis" at the end of ..
---------------------------------------------
http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub


*** Hacking Browsers: Are Browsers the Weakest Link of the Security Chain? ***
---------------------------------------------
Current scenario The number of cyber attacks is constantly increasing, and according to security experts they grow even more sophisticated. The security firm Secunia has recently released its annual study of trends in software vulnerabilities, an interesting report that highlights the ..
---------------------------------------------
http://resources.infosecinstitute.com/hacking-browsers-are-browsers-the-weakest-link-of-the-security-chain/


*** The sad state of SMTP encryption ***
---------------------------------------------
This is a quick recap of why Im sad about SMTP encryption. It explains how TLS certificate verification in SMTP is useless even if you force it.
---------------------------------------------
https://blog.filippo.io/the-sad-state-of-smtp-encryption/