Friday 7 November 2014

Security Bytes 0x1335433 [Open Source Digest]

Forensics
> Carving for Cookies: Supersize your Internet History Timeline using Google Analytic Artifacts

Malware/APT
> Sandworm APT exploits, BlackEnergy malware
> Spin.com site sent visitors to Rig exploit kit to infect them with a range of malware including Infostealer.Dyranges and Trojan.Zbot.
> ROM – A New Version of the Backoff PoS Malware
> Apple iWorm Malware
> Dridex Banking Trojan
> Dyre/Dyreza packaged with PDF exploits (namely CVE-2013-2729)
> Rovnix Malware
  • [2014-10-10] http://www.infosecurity-magazine.com/news/rovnix-malware-reloads/
  • [2014-10-09] https://www.csis.dk/en/csis/news/4472/
  • [2012-02-22] http://www.welivesecurity.com/2012/02/22/rovnix-reloaded-new-step-of-evolution/
> WireLurker Apple iDevice Malware
  • [2014-11-06] http://www.forbes.com/sites/thomasbrewster/2014/11/06/china-wirelurker-ios-malware/
  • [?] https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf

Exploits/Vulnerabilities
> FreeBSD Vulnerability (CVE-2014-8517)
> "Rootpipe" Privilege Escalation Vulnerability in Mac OSX Yosemite
> CVE-2014-0569 Analysis (seen to be integrated into the Fiesta EK)
> CVE-2014-1772 Analysis (IE Use-After-Free Vulnerability)
> CVE-2014-4113 Analysis (Windows Kernel Mode Vulnerability, AKA Sandworm Vulnerability)
> CVE-2014-4115 Analysis (Malicious USB Disks Allow for Possible Whole System Control)

Phishing
> Operation Huyao