BF-SIRT Newsletter 2013-50

This week, Brian Krebs have made a blog post where you can Meet Paunch: The Accused Author of the BlackHole Exploit Kit. It was also spotted that the French gov used fake Google certificate to read its workers’ traffic and how a Newly Patched Office 365 Vulnerability Used in “Ice Dagger” Targeted Attacks – Video.

As the Holiday season is coming closer and closer, the phishing mails also start to ramp up. Reading through how Popular holiday-themed phishing attacks works and how to avoid them is a good idea.

There are also vulnerabilities related to Solr, Ruby on Rails as well as the regular Patch Tuesday with patches from Adobe (related to Flash and Shockwave) and Microsoft.

Top 5 Security links
Four Arrested in the UK for Using Malware to Steal Money from Banks
Newly Patched Office 365 Vulnerability Used in “Ice Dagger” Targeted Attacks – Video
Meet Paunch: The Accused Author of the BlackHole Exploit Kit
DARPA Makes Finding Software Vulnerabilities Fun
Untouched P2P Communication Infrastructure Keeps ZeroAccess Up and Running

Top 5 Business Intelligence links
French gov used fake Google certificate to read its workers’ traffic
Popular holiday-themed phishing attacks
Russian-speaking Group Offers Bulletproof Hosting in Syria, Lebanon
Smarter cyber crime forces industry to change
Hackers infiltrate European ministry networks at G20 summit

BF-SIRT Posts
Patch Tuesday December 2013
Solr
Ruby on Rails vulnerability pre 3.2.16 and 4.0.2
December 13 – Improve your e-mail security
December 12 – Don’t enter your username and password on any computer you don’t control
December 11 – Learn to recognize the signs of malware
December 10 – Set up a Web Application Firewall
December 9 – Set up a separate log host
December 8 – Check your security on a regular basis
December 7 – Have an incident response plan in place