=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 03-01-2017 18:00 − Mittwoch 04-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Technical details on the Fancy Bear Android malware (poprd30.apk) ***
---------------------------------------------
Background Recently, Crowdstrike has published details about a malicious Android APK file, named poprd30.apk or Попр-Д30.apk. It seems that the malware was created by the Fancy Bear group for tracking Ukrainian field ..
---------------------------------------------
http://blog.crysys.hu/2017/01/technical-details-on-the-fancy-bear-android-m…
*** Remote Code Execution in third party library swiftmailer ***
---------------------------------------------
https://typo3.org/news/article/remote-code-execution-in-third-party-library…
*** Real World FSociety Malware Is Giving Mr. Robot a Bad Name ***
---------------------------------------------
In the past few weeks, more or less talented malware authors have resorted to naming their newly launched threats using the "FSociety" brand, made famous by the Mr. Robot TV series.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/real-world-fsociety-malware-…
*** Microsoft to Add Bitcoin Support to Excel Later This Year ***
---------------------------------------------
https://www.bleepingcomputer.com/news/software/microsoft-to-add-bitcoin-sup…
*** Campaign Evolution: pseudo-Darkleech in 2016 ***
---------------------------------------------
Darkleech is long-running campaign that uses exploit kits (EKs) to deliver malware. First identified in 2012, this campaign has used different EKs to distribute various types of ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/12/unit42-campaign-evolutio…
*** The Download on the DNC Hack ***
---------------------------------------------
Over the past few weeks, Ive been inundated with questions from readers asking why I havent written much about two stories that have consumed the news media of late: The alleged ..
---------------------------------------------
https://krebsonsecurity.com/2017/01/the-download-on-the-dnc-hack/
*** l+f: Russische Hacker aus der postapokalyptischen Strahlenwüste ***
---------------------------------------------
https://heise.de/-3587018
*** Eindringling nimmt offenbar MongoDB-Datenbanken als Geisel ***
---------------------------------------------
Ein unbekannter Angreifer soll ungeschützte MongoDB-Datenbanken leeren und den Eigentümern eine Erpresser-Botschaft hinterlassen.
---------------------------------------------
https://heise.de/-3587479
*** Sicherheitslücke: Kaspersky schlampt bei TLS-Zertifikatsprüfung ***
---------------------------------------------
Die Antivirensoftware von Kaspersky liest bei TLS-Verbindungen mit und sorgt nebenbei dafür, dass die Zertifikatsprüfung ausgehebelt wird. Wieder einmal konnte Tavis Ormandy von Google damit zeigen, wie löchrig sogenannte Sicherheitssoftware ist.
---------------------------------------------
http://www.golem.de/news/sicherheitsluecke-kaspersky-schlampt-bei-tls-zerti…
*** Gefälschte Erste Bank/Sparkasse-Mail: Bestätigung erforderlich ***
---------------------------------------------
Mit einer gefälschten Erste Bank/Sparkasse-Nachricht wollen Kriminelle OnlineBanking-Zugangsdaten von Kund/innen stehlen. Damit sie das Ziel erreichen, behaupten sie in dem ..
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-erste-banksparkasse-…
*** Programmiersprachen: Sicheres NTP könnte von C auf Rust oder Go wechseln ***
---------------------------------------------
Mit NTPsec erstellt ein Team um den Open-Source-Pionier Eric S. Raymond eine sichere Implementierung für NTP. Das Team überlegt, sich komplett von dem C-Code zu trennen und stattdessen eine sichere Programmiersprache wie Rust oder Go zu verwenden.
---------------------------------------------
http://www.golem.de/news/programmiersprachen-sicheres-ntp-koennte-von-c-auf…
*** BlackBerry, Google und LG patchen unter anderem abermals kritische Stagefright-Lücke ***
---------------------------------------------
Bereits seit Juni 2015 kämpft Google gegen kritische Schwachstellen in Multimedia-Komponenten von Android. Der alleinige Empfang einer MMS kann ein Gerät schachmatt setzen. Nun liefern verschiedene Hersteller erneut Sicherheitsupdates.
---------------------------------------------
https://heise.de/-3587867
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 02-01-2017 18:00 − Dienstag 03-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Aus der Filterbubble #33c3 zurück in die Realität ***
---------------------------------------------
Der 33. Chaos Communication Congress war mein erster. Was mich am meisten beeindruckt hat. Und wie es ist, wieder im Alltag anzukommen.
---------------------------------------------
https://futurezone.at/myfuzo/blog/aus-der-filterbubble-33c3-zurueck-in-die-…
*** Mac Malware of 2016 ***
---------------------------------------------
Lets analyse the malware that appeared in 2016, discussing the infection vector, persistence mechanism, feature, and disinfection for each.
---------------------------------------------
https://objective-see.com/blog/blog_0x16.html
*** Website Malware Targets Mobile Platforms ***
---------------------------------------------
Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can turn into the dangerous possibility ..
---------------------------------------------
https://blog.sucuri.net/2017/01/website-malware-targets-mobile-platforms.htm
*** Android tops 2016 vuln list, with 523 bugs ***
---------------------------------------------
Google joins Microsoft, Apple, Adobe in top of the pops Of any single product, CVE Details reckons, Android had the most reported vulnerabilities in 2016 – but as a vendor, Adobe still tops the list.
---------------------------------------------
www.theregister.co.uk/2017/01/03/android_tops_2016_vuln_list_with_523_bugs/
*** Lauri Love: Love gegen die Vereinigten Staaten von Amerika ***
---------------------------------------------
Der Anonymous-Aktivist und Hacker Lauri Love soll an die USA ausgeliefert werden. Dort drohen ihm wegen des unberechtigten Veränderns von Webseiten und Hacking fast 100 Jahre Haft. Wenn wir Lauri nicht retten können, können wir uns auch nicht selbst retten, warnen Aktivisten.
---------------------------------------------
http://www.golem.de/news/lauri-love-love-gegen-die-vereinigten-staaten-von-…
*** libpng-Entwickler schließen 21 Jahre alte Sicherheitslücke ***
---------------------------------------------
Praktisch alle Versionen der Programmbibliothek libpng sind verwundbar. Über eine Schwachstelle könnten Angreifer Systeme lahmlegen. Abgesicherte Versionen sind verfügbar.
---------------------------------------------
https://heise.de/-3585996
*** Top Secret -cleared SOCOM staff in 11GB Govt contractor breach ***
---------------------------------------------
Dismissed hacker calls US Govt buddy to nix exposed database A Pentagon subcontractor has exposed the names, locations, Social Security Numbers, and salaries of Military Special ..
---------------------------------------------
www.theregister.co.uk/2017/01/03/top_secret_cleared_socom_staff_in_11gb_gov…
*** Deprecation of Insecure Algorithms and Protocols in RHEL 6.9 ***
---------------------------------------------
Cryptographic protocols and algorithms have a limited lifetime—much like everything else in technology. Algorithms that provide cryptographic hashes and encryption as well as ..
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2787271
*** Doch keine Spur nach Russland nach Angriff auf US-Stromversorger ***
---------------------------------------------
Ermittler fanden keine Indizien – Mitarbeiter hatte mit eigenem Laptop Mails aufgerufen
---------------------------------------------
http://derstandard.at/2000050193323
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 30-12-2016 18:00 − Montag 02-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Sundown Exploit Kit now leverages on the steganography ***
---------------------------------------------
A new variant of the Sundown exploit kit leverages on steganography to hide exploit code in harmless-looking image files. Security experts from Trend Micro have spotted a new version of the Sundown exploit kit .. ---------------------------------------------
http://securityaffairs.co/wordpress/54886/cyber-crime/sundown-exploit-kit-2…
*** Russische Cyberattacken gegen USA: Junge Hackerin als Mastermind verdächtigt ***
---------------------------------------------
Soll Geheimdienst unterstützt haben – Alisa Schewtschenko sieht sich als Sündenbock in Konflikt zwischen Obama und Putin
---------------------------------------------
http://derstandard.at/2000050064533
*** Grizzly Steppe: Russischer Schadcode bei US-Stromversorger gefunden ***
---------------------------------------------
Zum Glück war es kein Steuerungsrechner: Ein US-Elektrizitätsversorger hat in einem Computer Schadcode gefunden, der von Grizzly Steppe stammen könnte. Die US-Behörden wollen jetzt untersuchen, ob weitere Versorgungsunternehmen betroffen sind.
---------------------------------------------
http://www.golem.de/news/grizzly-steppe-russischer-schadcode-bei-us-stromve…
*** DSA-3750 libphp-phpmailer - security update ***
---------------------------------------------
Dawid Golunski discovered that PHPMailer, a popular library to sendemail from PHP applications, allowed a remote attacker to executecode if they were able to provide a crafted Sender address.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3750
*** Creepy Site Claims To Reveal Torrenting Histories ***
---------------------------------------------
Slashdot reader dryriver writes: The highly invasive and possibly Russian owned and operated website IKnowWhatYouDownload.com immediately shows [a] bittorent download history for ..
---------------------------------------------
https://yro.slashdot.org/story/16/12/31/0214203/creepy-site-claims-to-revea…
*** Zend Framework Input Validation Flaw in zend-mail Lets Remote Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037539
*** Linux Kernel sg_write() and bsg_write() Functions Let Local Users Obtain Root Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1037538
*** E-Mail-Dienst Lavabit kehrt zur Trump-Angelobung zurück ***
---------------------------------------------
Der ehemalige E-Mail-Anbieter, den Edward Snowden nutzte, könnte ausgerechnet zur Trump-Inauguration zurückkommen.
---------------------------------------------
https://futurezone.at/digital-life/e-mail-dienst-lavabit-kehrt-zur-trump-an…
*** Nach stundenlangem Ausfall: Bankomatkassen wieder in Betrieb ***
---------------------------------------------
Technische Probleme der Schweizer Firma SIX Payment Service behoben – Bankomaten nicht betroffen
---------------------------------------------
http://derstandard.at/2000050083333
*** Firefox 52 more privacy oriented with a Tor protection mechanism ***
---------------------------------------------
Mozilla development team announced a new privacy protection mechanism that will come with Firefox 52, it aims to prevent websites from fingerprinting users. Mozilla announced the introduction of a new privacy protection ..
---------------------------------------------
http://securityaffairs.co/wordpress/54938/digital-id/firefox-52-privacy.html
*** Thunderbird: Mozilla schließt mit Sicherheitsupdate kritische Lücken ***
---------------------------------------------
In Thunderbird klaffen mehrere Sicherheitslücken, deren Bedrohungsgrad Mozilla mit 'kritisch' und 'hoch' einstuft. Eine abgesicherte Version ist verfügbar.
---------------------------------------------
https://heise.de/-3583472
*** Erpresser-Botschaft in Dauerschleife: Smart TV von LG mit Ransomware infiziert ***
---------------------------------------------
Bisher warnten Sicherheitsforscher nur davor, dass Erpressungs-Trojaner auch Smart TVs mit Android-Betriebssystem befallen könnten. Nun ist es offensichtlich zu einer ersten dokumentierten Infektion gekommen.
---------------------------------------------
https://heise.de/-3584043
*** l+f: Lesen statt Lösegeld ***
---------------------------------------------
Ein Erpressungs-Trojaner zwingt seine Opfer, sich in puncto Computer-Sicherheit weiterzubilden.
---------------------------------------------
https://heise.de/-3585353
*** Russische Hacker nutzten laut FBI für Angriffe auch Rechner in Wien ***
---------------------------------------------
Server des Vereins "Funkfeuer" findet sich auf von US-Behörden veröffentlichter Liste an Angriffscomputern
---------------------------------------------
http://derstandard.at/2000050143907
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 29-12-2016 18:00 − Freitag 30-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Session Stealer Script Used In OpenCart ***
---------------------------------------------
With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few clicks you can set up an online storefront and sell your products. While the process to get the site up may be simple, there are .. ---------------------------------------------
https://blog.sucuri.net/2016/12/session-stealer-script-used-opencart.html
*** Recent Spam Runs in Germany Show How Threats Intend to Stay in the Game ***
---------------------------------------------
In early December, GoldenEye ransomware (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/recent-spam-runs…
*** Grizzly Steppe: FBI nennt 900 IP-Adressen russischer Hackerangriffe ***
---------------------------------------------
Nach den Sanktionen folgen die Indikatoren: Die US-Regierung veröffentlicht ihre Analyse zu den angeblich russischen Hackerattacken auf weltweite Institutionen. Auch über IP-Adressen aus Deutschland sollen die Angriffe gelaufen sein.
---------------------------------------------
http://www.golem.de/news/grizzly-steppe-fbi-nennt-900-ip-adressen-russische…
*** Apples iMessage anfällig für manipulierte Kontaktdateien ***
---------------------------------------------
Eine manipulierte vCard, die aktuell per iMessage und MMS im Umlauf ist, kann die Nachrichten-App auf dem iPhone oder iPad des Empfängers zum Absturz bringen – und komplett lahmlegen. Es gibt aber einen Ausweg.
---------------------------------------------
https://heise.de/-3582980
*** Vuln: Lenovo Transition CVE-2016-8227 Local Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95159
*** More on Protocol 47 denys ***
---------------------------------------------
Following up on yesterdays diary on an increase in Protocol 47 traffic. Thanks to everyone who sent the ISC PCAPs and more information. Current speculation is the Protocol 47 uptick is backscatter from a DDOS containing GRE traffic and using ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21867&rss
*** Cyber-Angriffe: Die schwierige Spurensuche ***
---------------------------------------------
Vorwürfe eher auf Basis eines Motivs denn auf Basis technischer Hinweise oder Beweise
---------------------------------------------
http://derstandard.at/2000050034274
*** Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF ***
---------------------------------------------
SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. The WAF was bypassed via form-based CSRF.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5393.php
*** Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS ***
---------------------------------------------
SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the curUserName GET parameter in the appFirewallSummary.html script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5391.php
*** Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass ***
---------------------------------------------
Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5390.php
*** Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities ***
---------------------------------------------
Dell SonicWALL GMS suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5389.php
*** Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection ***
---------------------------------------------
Dell SonicWALL GMS suffers from multiple SQL Injection vulnerabilities. Input passed via the GET parameters searchBySonicwall, firstChangeOrderID, secondChangeOrderID and coDomainID is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5388.php
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 28-12-2016 18:00 − Donnerstag 29-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** 33C3: Türsprechanlagen sind des Hackers fette Beute ***
---------------------------------------------
Immer mehr Hersteller von Sprechanlagen für Firmen- und Privathäuser setzen zur Kommunikationsübertragung auf den Mobilfunk statt leitungsgebundene Technik. Hackern wird es damit möglich, Türen zu öffnen oder Premiumnummern anzuwählen.
---------------------------------------------
https://heise.de/-3582807
*** IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-8934) ***
---------------------------------------------
There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21995995
*** IBM Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM Security Network Active Bypass (CVE-2016-3706, CVE-2016-4429) ***
---------------------------------------------
GNU C library (glibc) vulnerabilities were found that affect IBM Security Network Active Bypass. CVE(s): CVE-2016-3706, CVE-2016-4429 Affected product(s) and affected version(s): IBM Security ..
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21996174
*** IBM Security Bulletin: Vulnerabilies (17 total), in Oracle Outside In Technology (OIT) affect FileNet Content Manager, and IBM Content Foundation ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21988553
*** IBM Security Bulletin: Vulnerability in Apache PDFBox affects FileNet Content Manager and IBM Content Foundation (CVE-2016-2175) ***
---------------------------------------------
Security vulnerabilitiy exists in Apache PDFBox that affects IBM FileNet Content Manager and IBM Content ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21987188
*** 33C3: Bitcoin-Automaten sind noch kein lohnendes Angriffsziel ***
---------------------------------------------
Sicherheitsexperten haben auf dem Hamburger Hackertreffen beklagt, dass bei klassischen Geldautomaten weiterhin große Sicherheitslücken bestehen. Bitcoin-Tauschmaschinen hingegen seien für Kriminelle noch uninteressant.
---------------------------------------------
https://heise.de/-3582875
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 27-12-2016 18:00 − Mittwoch 28-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Bugtraq: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539967
*** Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161228-…
*** Android Trojan Switcher Infects Routers via DNS Hijacking ***
---------------------------------------------
A new Android Trojan, Switcher, uses victims devices to infect WiFi routers and funnel users of the network to malicious sites.
---------------------------------------------
http://threatpost.com/android-trojan-switcher-infects-routers-via-dns-hijac…
*** Security Advisory - Input Validation Vulnerability in Huawei VRP Platform ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161228-…
*** 33C3: Bluetooth-Schlösser: Smart, aber nicht sicher ***
---------------------------------------------
App statt Schlüssel: Immer mehr Hersteller bieten Schlösser mit Cloud-Anbindung an. Doch Lockpicker können die teuren Geräte ohne große Probleme knacken.
---------------------------------------------
https://heise.de/-3582323
*** IT-Sicherheit im Jahr 2016: Der Nutzer ist nicht schuld ***
---------------------------------------------
Geht es um IT-Sicherheitsprobleme, wird gern über die Nutzer geschimpft. Und auch wenn viele Nutzer tatsächlich Fehler machen, liegt die Verantwortung für Sicherheitslücken, Botnetze und mangelnden Datenschutz meist bei anderen.
---------------------------------------------
http://www.golem.de/news/it-sicherheit-im-jahr-2016-der-nutzer-ist-nicht-sc…
*** Bugtraq: [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539968
*** Using Guzzle and PHPUnit for REST API Testing ***
---------------------------------------------
APIs are increasingly becoming the backbone of the modern internet - whether youre ordering ..
---------------------------------------------
https://blog.cloudflare.com/using-guzzle-and-phpunit-for-rest-api-testing/
*** Vuln: Multiple Samsung Devices OTP Service Remote Heap Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95134
*** IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OS Command Injection (CVE-2016-6065) ***
---------------------------------------------
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. IBM Security Guardium Database Activity ..
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21995657
*** Hacker-Angriff auf OSZE in Wien: Daten gestohlen ***
---------------------------------------------
Die OSZE mit Sitz in Wien wurde Anfang November Ziel einer Hackerattacke. Daten und die Integrität des Netzwerkes der OSZE waren gefährdet, sagte eine Sprecherin.
---------------------------------------------
https://futurezone.at/netzpolitik/hacker-angriff-auf-osze-in-wien-daten-ges…
*** Reverse Engineering: Sicherheitsforscher öffnen Threema-Blackbox ***
---------------------------------------------
Zwei Sicherheitsforscher haben auf dem 33C3 einen genauen Blick in die innereien des Messengers Threema geworfen. Ihre Ergebnisse sind bei Github dokumentiert - und sollen sich für die Entwicklung von Bots eignen.
---------------------------------------------
http://www.golem.de/news/reverse-engineering-sicherheitsforscher-oeffnen-th…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 23-12-2016 18:00 − Dienstag 27-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** NetApp Snap Creator Framework Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037530
*** BMC Remedy Action Request System Password Reset Flaw Lets Remote Users Modify Passwords on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037529
*** Netgear-Router N300 mit massiver Sicherheitslücke ***
---------------------------------------------
Netgears Router N300 (Modell WNR2000) weist eine Schwachstelle auf, über die Angreifer Zugriff auf die Admin-Funktionen des Geräts erlangen können. Ein ..
---------------------------------------------
http://derstandard.at/2000049819772
*** [local] - OpenSSH < 7.4 - UsePrivilegeSeparation Disabled Forwarded Unix Domain Sockets Privilege Escalation ***
---------------------------------------------
This issue affects OpenSSH if privilege separation is disabled (config option UsePrivilegeSeparation=no). While privilege separation is enabled by default, it ..
---------------------------------------------
https://www.exploit-db.com/exploits/40962/
*** ZyXEL and Netgear Fail to Patch Seven Security Flaws Affecting Their Routers ***
---------------------------------------------
Router manufacturers such as Netgear and ZyXEL have failed to address seven security flaws reported ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-pa…
*** DFN-CERT-2016-2141/">Exim: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen und die Eskalation von Privilegien ***
---------------------------------------------
Ein entfernter, nicht authentifizierter Angreifer kann sensitive Informationen ausspähen und möglicherweise weitere Angriffe ausführen, wenn Exim unter bestimmten Bedingungen kompiliert wurde und ausgeführt wird. Dazu muss ..
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-2141/
*** 33C3: CCC-Kongress beginnt in Hamburg ***
---------------------------------------------
Unter dem Motto "Works for me" hat der Kongress des Chaos Computer Clubs in Hamburg begonnen. Vier Tage lang beschäftigen sich die 12.000 Teilnehmer mit Hacks, Politik und alternativen Lebensentwürfen.
---------------------------------------------
https://heise.de/-3582149
*** Vuln: PyCrypto cryptmsg.py Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95122
*** IBM Security Bulletin: Vulnerabilities in Bind affect IBM SmartCloud Entry (CVE-2016-2776 CVE-2016-2848 ) ***
---------------------------------------------
IBM SmartCloud Entry is vulnerable to bind vulnerabilities. Remote attackers could exploit the vulnerabilities to trigger an assertion failures and make named ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1024649
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 22-12-2016 18:00 − Freitag 23-12-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Litauen entdeckt russische Spionage-Software auf Regierungsrechnern ***
---------------------------------------------
Schadsoftware wurde offenbar mittels infizierter USB-Sticks auf die Computer eingebracht
---------------------------------------------
http://derstandard.at/2000049749836
*** So somebody is throwing HTML at your sshd. What to do? ***
---------------------------------------------
Yes, its exactly as wrong as it sounds. Heres a distraction with bizarre twists for the true log file junkies among you. Happy reading for the holidays!As will probably not surprise ..
---------------------------------------------
http://bsdly.blogspot.com/2016/12/so-somebody-is-throwing-html-at-your.html
*** Cerber Ransomware Doesnt Delete Shadow Volume Copies Anymore, Prioritizes Office Docs ***
---------------------------------------------
Recent versions of the Cerber ransomware are behaving somewhat different from older variants, with the ransomware ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cerber-ransomware-doesnt-del…
*** Before You Pay that Ransomware Demand… ***
---------------------------------------------
A decade ago, if a desktop computer got infected with malware the chief symptom probably was an intrusive browser toolbar of some kind. Five years ago you were more likely to whacked ..
---------------------------------------------
https://krebsonsecurity.com/2016/12/before-you-pay-that-ransomware-demand/
*** Steganalysis, the Counterpart of Steganography ***
---------------------------------------------
In my last blog post I discussed the art of embedding secret messages in any file so that only the sender and the receiver ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Steganalysis,-the-Count…
*** New Guide to Fixing Google Blacklist Warnings ***
---------------------------------------------
One of the worst experiences a website owner can have is being blacklisted by Google. If you are one of the 10,000 websites that has been slapped with a ..
---------------------------------------------
https://blog.sucuri.net/2016/12/guide-to-fix-site-warnings.html
*** Fidelix FX-20 Series Controllers Path Traversal Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a path traversal vulnerability in Fidelix FX-20 series controllers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-357-01
*** WAGO Ethernet Web-based Management Authentication Bypass Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an authentication bypass vulnerability in WAGO’s Ethernet Web-based Management products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-357-02
*** Your password expiry policy may have reached its expiry date ***
---------------------------------------------
In cyber security as much as anywhere else, its important to use the right tools for the job at hand. However, sometimes we can get a bit too attached to particular tools, ..
---------------------------------------------
https://www.ncsc.gov.uk/blog-post/your-password-expiry-policy-may-have-reac…
*** As Bitcoin Price Surges, Phishing Attacks on Cryptocurrency Wallets Intensify ***
---------------------------------------------
Bitcoin price surge reverberates through cybercriminal landscape, as cyber-criminals ramp up phishing attacks ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/as-bitcoin-price-surges-phis…
*** Using Monitor Resolution as Obfuscation Technique ***
---------------------------------------------
A quick blog post about a malicious VBScript macro that I analysed. Bad guys have always plenty of ..
---------------------------------------------
https://blog.rootshell.be/2016/12/23/using-monitor-resolution-obfuscation-t…
*** Keine Belege für geplante russische Cyberangriffe auf die Bundestagswahl ***
---------------------------------------------
http://derstandard.at/2000049777463
*** Drastische Warnungen vor dem "Internet der Dildos" ***
---------------------------------------------
Neue Gruppe will auf Gefahren durch smarte Sexspielzeuge aufmerksam machen
---------------------------------------------
http://derstandard.at/2000049785388
*** Alle Jahre wieder: Netgear-Router N300 / WNR2000 angreifbar ***
---------------------------------------------
Eine Zero-Day-Lücke plagt mal wieder Router von Netgear. Das verwundbare Modell ist in der Vergangenheit auch schon Opfer gravierender Lücken geworden.
---------------------------------------------
https://heise.de/-3581275
*** Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware ***
---------------------------------------------
A new in-development variant of the Koolova Ransomware has been discovered that will decrypt your ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-…
Aufgrund des Feiertages am Montag, den 26.12.2016, erscheint der nächste End-of-Shift-Report erst am Dienstag, den 27.12.2016
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 21-12-2016 18:00 − Donnerstag 22-12-2016 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** MS16-DEC - Microsoft Security Bulletin Summary for December 2016 - Version: 1.2 ***
---------------------------------------------
V1.2 (December21, 2016): The December 13, 2016, Security and Quality Rollups updates 3210137 and 3210138 contain a known issue that affects the .NET Framework 4.5.2 running on Windows 8.1, Windows Server 2012 R2, and Windows Server 2012. The issue was also present in the November 15, 2016, Preview of Quality rollup updates that were superseded by the December 13, 2016 Rollup updates. The issue causes applications that connect to an instance of Microsoft SQL Server on the same computer to generate the following error message: “provider: Shared Memory Provider, error: 15 - Function not supported”
For more information please refer to Knowledge Based Article 3214106
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-DEC
*** NIST Asks Public For Help With Quantum-Proof Cryptography ***
---------------------------------------------
chicksdaddy quotes a report from The Security Ledger: With functional, quantum computers on the (distant?) horizon, The National Institute of Standards and Technology (NIST) is asking the public for help heading off what it calls "a looming threat to information security:" powerful quantum computers capable of breaking even the strongest encryption codes used to protect the privacy of digital information. In a statement Tuesday, NIST asked the public to submit ideas for...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_VC9qbMlmm8/nist-asks-publi…
*** HTTPS-Zwang für Apps: Apple verlängert Deadline ***
---------------------------------------------
Eigentlich sollten iPhone- und iPad-Apps ab Jahresende nicht mehr über ungesicherte HTTP-Verbindungen kommunizieren, nun hat Apple zusätzliche Zeit für die Umstellung eingeräumt.
---------------------------------------------
https://heise.de/-3579891
*** vSphere Data Protection: VMware entfernt hart-codierten Root-Key ***
---------------------------------------------
Angreifer sollen die Backup- und Recovery-Lösung für virtuelle Maschinen mit vergleichsweise wenig Aufwand übernehmen können. Sicherheitspatches stehen zum Download bereit.
---------------------------------------------
https://heise.de/-3579872
*** Security Alert: Malicious Script Injections Spread Cerber Ransomware, Make Use of Nemucod Downloader ***
---------------------------------------------
This ongoing ransomware campaign packs a big punch against its victims, aiming for a high success rate in terms of infected systems. Using a malware cocktail to drive infection rates The cybercriminals behind the campaign are compromising legitimate websites by injecting malicious scripts. The injects then redirect the victims' Internet traffic to a Cerber gateway...
---------------------------------------------
https://heimdalsecurity.com/blog/security-alert-malicious-script-injections…
*** Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units ***
---------------------------------------------
In June CrowdStrike identified and attributed a series of targeted intrusions at the Democratic National Committee (DNC), and other political organizations that utilized a well known implant commonly called X-Agent. X-Agent is a cross platform remote access toolkit, variants have been identified for various Windows operating systems, Apple's iOS, and likely the MacOS. Also known as Sofacy, X-Agent has been tracked by the security community for almost a decade, CrowdStrike associates the...
---------------------------------------------
https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian…
*** Writing Burp Extensions (Shodan Scanner) ***
---------------------------------------------
In this article, we will have an overview of writing Burp extensions. At the end of the post, we will have an extension that will take any HTTP request, determine the IP address of domain and get specific information using Shodan API. I have divided the article in the following hierarchy so that you can...
---------------------------------------------
http://resources.infosecinstitute.com/writing-burp-extensions-shodan-scanne…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 20-12-2016 18:00 − Mittwoch 21-12-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** PrestaShop Attack Steals Login Credentials ***
---------------------------------------------
Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources or gain SEO power, and in others they are seeking access to sensitive data, also known as data exfiltration. The ..
---------------------------------------------
https://blog.sucuri.net/2016/12/prestashop-attack-steals-login-credentials.…
*** Data Center Physical Security ***
---------------------------------------------
A data center is the epicenter of any online infrastructure. A data center’s size can vary widely, depending on an organization’s needs. Broadly speaking, a ..
---------------------------------------------
http://resources.infosecinstitute.com/data-center-physical-security/
*** DSA-3741 tor - security update ***
---------------------------------------------
It was discovered that Tor, a connection-based low-latency anonymouscommunication system, ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3741
*** Kaspersky updates RannohDecryptor to decrypt CryptXXXs Crypt, Cryp1, and Crypz Extensions ***
---------------------------------------------
If you are a CryptXXX Ransomware victim who didnt pay the ransom and instead decided to store their encrypted files and ransom notes for future fixes then you ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/kaspersky-updates-rannohdecr…
*** 33c3-Programm: Was vom Hacker-Kongress zu erwarten ist ***
---------------------------------------------
Von 27. bis 30. Dezember findet in Hamburg zum 33. Mal das jährliche Hackertreffen des Chaos Computer Club (CCC) statt. Fahrplan und Wiki geben eine erste Programmübersicht.
---------------------------------------------
https://futurezone.at/netzpolitik/33c3-programm-was-vom-hacker-kongress-zu-…
*** Netgear-Sicherheitslücke: Updates für vier betroffene Router fertig ***
---------------------------------------------
Für die Router R6250, R6400, R7000 und R8000 stehen ab sofort Firmware-Updates zur Verfügung. Die Installation der Updates wird dringend empfohlen. Für weitere sieben Router mit Sicherheitslücke steht bisher nur die Beta-Version zum Download bereit.
---------------------------------------------
https://heise.de/-3578415
*** Antivirensoftware: Die Schlangenöl-Branche ***
---------------------------------------------
Antivirenprogramme gelten Nutzern und Systemadministratoren als unverzichtbar. Doch viele IT-Sicherheitsexperten sind extrem skeptisch. Antivirensoftware ist oft selbst voller Sicherheitslücken - und hat sehr grundsätzliche Grenzen.
---------------------------------------------
http://www.golem.de/news/antivirensoftware-die-schlangenoel-branche-1612-12…
*** Panasonic Plays Down Security Bugs Found in Airplane In-Flight Entertainment Systems ***
---------------------------------------------
Security firm IOActive published research yesterday detailing security flaws in ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/panasonic-plays-down-securit…
*** How Skype fixes security vulnerabilities ***
---------------------------------------------
This post describes my fruitless effort to convince Microsoft employees that their service is vulnerable, and the humiliation one has to go through should one’s account be blocked by a hacker. This is a story of ignorance, pain and despair.
---------------------------------------------
https://hub.zhovner.com/geek/how-skype-fixes-security-vulnerabilities/
*** Beliebte Passwörter: "Arschloch" unter den Top Ten ***
---------------------------------------------
http://derstandard.at/2000049660283
*** Berlin-Anschlag: DDOS-Angriff auf Hinweisportal ***
---------------------------------------------
http://derstandard.at/2000049672324
*** Linux/Rakos, the new Linux malware threatening devices and servers ***
---------------------------------------------
A new Linux malware, dubbed Linux/Rakos is threatening devices and servers. The malware searches for victims via SSH scan. A new Linux malware, dubbed ..
---------------------------------------------
http://securityaffairs.co/wordpress/54603/malware/linuxrakos-malware.html
*** XSA-203 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-203.html
*** XSA-202 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-202.html
*** Auswertung: "Hallo" ist Deutschlands meistgenutztes Passwort ***
---------------------------------------------
Eine Auswertung von Passwörtern aus frei zugänglichen Daten-Leaks hat ergeben, dass die meistgenutzten Passwörter in Deutschland alles andere als sicher sind. Nach "hallo" finden sich auch die Klassiker "passwort" und "passwort1" in der Liste.
---------------------------------------------
http://www.golem.de/news/auswertung-hallo-ist-deutschlands-meistgenutztes-p…
*** Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability ***
---------------------------------------------
A vulnerability in the Docker Engine configuration of Cisco CloudCenterOrchestrator (CCO; formely CliQr) could allow an unauthenticated, remote ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…