=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 23-06-2016 18:00 − Freitag 24-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Crypto Wars: Neue Bundesbehörde soll Verschlüsselung knacken ***
---------------------------------------------
Immer mehr Kommunikationsdienste verschlüsseln Nachrichten und schützen sie vor fremden Zugriffen. Die Bundesregierung will dem offenbar nicht tatenlos zusehen und eine Behörde mit dem Knacken der Kryptographie beauftragen.
---------------------------------------------
http://heise.de/-3247957
*** PCI Compliance for eCommerce – Choosing Between SAQ A and A-EP ***
---------------------------------------------
The Payment Card Industry Data Security Standards (PCI DSS) is a set of security standards established in a joint venture between a number of the top credit card issuers in the world – Visa, MasterCard, American Express, ..
---------------------------------------------
https://blog.sucuri.net/2016/06/navigating-pci-self-assessment-questionnair…
*** How to: Testing Android Application Security, Part 2 ***
---------------------------------------------
The popularity of Android devices and applications makes it a target for malware and other threats. This post is the second in a short series on Android ..
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/testing-android-application-security-p…
*** Necurs Botnet is Back, Updated With Smarter Locky Variant ***
---------------------------------------------
After a mysterious three weeks off the grid, Necurs has returned to spewing massive volumes of email containing improved versions of the potent Locky ransomware and Dridex banking Trojan.
---------------------------------------------
http://threatpost.com/necurs-botnet-is-back-updated-with-smarter-locky-vari…
*** Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a resource management vulnerability in Rockwell Automation’s Allen-Bradley Stratix 5400 and Allen-Bradley Stratix 5410 industrial networking switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-175-01
*** Unitronics VisiLogic OPLC IDE vlp File Parsing Stack Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a buffer overflow vulnerability in the Unitronics VisiLogic.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-175-02
*** Meinberg NTP Time Server Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for a stack buffer overflow vulnerability and a privilege escalation vulnerability in Meinberg’s NTP Time Servers Interface.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03
*** About Lenovo Solution Center 3.3.002 Vulnerabilities (CVE-2016-5249) ***
---------------------------------------------
After patching set of issues reported by Trustwave SpiderLabs last month, Lenovo released another version of its Lenovo Solution Center software to address new security ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/About-Lenovo-Solution-Center…
*** Sicherheitslücke in Alarmanlagen von ABUS und Climax ***
---------------------------------------------
Vernetzte Alarmanlagen sollen für Sicherheit und mehr Bedienkomfort sorgen. Durch eine Sicherheitslücke können Angreifer jedoch auf viele Systeme zugreifen – übers Internet.
---------------------------------------------
http://heise.de/-3247868
*** WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting ***
---------------------------------------------
http://jvn.jp/en/jp/JVN55826471/
*** WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting ***
---------------------------------------------
http://jvn.jp/en/jp/JVN95082904/
*** WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection ***
---------------------------------------------
http://jvn.jp/en/jp/JVN47363774/
*** [2016-06-24] ASUS DSL-N55U cross site scripting and information disclosure vulnerability ***
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016…
*** Erpressungs-Trojaner: Neue Locky-Welle infiziert Computer ***
---------------------------------------------
Wer dieser Tage eine E-Mail mit Dateianhang bekommt, sollte diese noch kritischer als sonst beäugen: Aktuell verbreitet sich der Verschlüsselungs-Trojaner Locky erneut vornehmlich über vermeintliche Bewerbungs-Mails in Deutschland.
---------------------------------------------
http://heise.de/-3248277
*** How to Spot Ingenico Self-Checkout Skimmers ***
---------------------------------------------
A KrebsOnSecurity story last month about credit card skimmers found in self-checkout lanes at some Walmart locations got picked up by quite a few publications. Since then Ive heard from several readers who work at retailers that use ..
---------------------------------------------
http://krebsonsecurity.com/2016/06/how-to-spot-ingenico-self-checkout-skimm…
*** Pretty Good Privacy: 40 Jahre Diffie-Hellman ***
---------------------------------------------
Am 23. Juni 1976 präsentierten Whitfield Diffie und Martin Hellman ihren Ansatz eines asymmetrischen Verschlüsselungsverfahren auf dem "Symposium on Information Theory" im schwedischen Ronneby.
---------------------------------------------
http://heise.de/-3248793
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 22-06-2016 18:00 − Donnerstag 23-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** After Angler: Shift in Exploit Kit Landscape and New Crytpo-Ransomware Activity ***
---------------------------------------------
Early this year, we reported that in 2015, Angler came out as the top exploit kit, having contributed 59.5% in the total exploit kit activity for the year. Now, there's barely any pulse left.After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/angler-shift-ek-…
*** ZDI-16-373: Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery. Authentication is required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-373/
*** Fraudsters are Buying IPv4 Addresses ***
---------------------------------------------
IPv4 addresses are valuable, so criminals are figuring out how to buy or steal them.Hence criminals interest in ways to land themselves IP addresses, some of which were detailed this week by ARINs senior director of global registry knowledge, Leslie Nobile, at the North American Network Operators ..
---------------------------------------------
https://www.schneier.com/blog/archives/2016/06/fraudsters_are_.html
*** WordPress 4.5.3 release mends eight security flaws, 17 bugs ***
---------------------------------------------
WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs.
---------------------------------------------
http://www.scmagazine.com/wordpress-453-release-mends-eight-security-flaws-…
*** Cisco Unified Contact Center Enterprise Web-Based Management Interface Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** TLS Certificate Validation Vulnerability in Citrix iOS Receiver ***
---------------------------------------------
http://support.citrix.com/article/CTX213998
*** Rise of Darknet Stokes Fear of The Insider ***
---------------------------------------------
With the proliferation of shadowy black markets on the so-called "darknet" -- hidden crime bazaars that can only be accessed through special software that obscures ones true location online -- it has never been easier for disgruntled employees to harm their current or former employer. At least, this is the fear driving a growing stable of companies seeking technical solutions to detect would-be insiders.
---------------------------------------------
http://krebsonsecurity.com/2016/06/rise-of-darknet-stokes-fear-of-the-insid…
*** Linux Kernel ROP - Ropping your way to # (Part 2) ***
---------------------------------------------
Introduction In Part 1 of this tutorial, we have demonstrated how to find useful ROP gadgets and build a privilege escalation ROP chain for our test system (3.13.0-32 kernel - Ubuntu 12.04.5 LTS). We have also developed a vulnerable kernel ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropp…
*** Kritische Sicherheitslücken in libarchive gefährden FreeBSD & Co. ***
---------------------------------------------
Sicherheitsforscher entdecken drei schwerwiegende Sicherheitslücken in der Open-Source-Biblitohek libarchive. Patches stehen noch nicht nicht für alle Tools bereit, die auf libarchive setzen.
---------------------------------------------
http://heise.de/-3246535
*** Krypto-Trojaner Cerber: Angebliche Mediamarkt-Bestellung kommt Empfänger teuer zu stehen ***
---------------------------------------------
Online-Erpresser verschicken derzeit Mails, die vorgeben, dass ein bei Mediamarkt.de besteller Artikel in Kürze geliefert wird. Wer die Bestellung einsehen oder stornieren will, handelt sich einen Krypto-Trojaner ein.
---------------------------------------------
http://heise.de/-3246780
*** RFC 7905: ChaCha20-Verschlüsselung für TLS standardisiert ***
---------------------------------------------
Mit RFC 7905 gibt es nun eine Spezifikation, um den Verschlüsselungsalgorithmus ChaCha20 im Poly1305-Modus in TLS zu nutzen. Der von Dan Bernstein entwickelte Algorithmus ist insbesondere auf ..
---------------------------------------------
http://www.golem.de/news/rfc-7905-chacha20-verschluesselung-fuer-tls-standa…
*** Apple gibt erstmals Einblick in Kern von iPhone-Betriebssystem iOS10 ***
---------------------------------------------
In der Beta-Variante der nächsten Version iOS 10 ist der Kernel nicht verschlüsselt
---------------------------------------------
http://derstandard.at/2000039668786
*** Unpatched Remote Code Execution Flaw Exists in Swagger ***
---------------------------------------------
Researchers at Rapid7 found a vulnerability in the Swagger Code Generator that could execute arbitrary code embedded in a Swagger document.
---------------------------------------------
http://threatpost.com/unpatched-remote-code-execution-flaw-exists-in-swagge…
*** Redefining how we share our security data. ***
---------------------------------------------
Red Hat Product Security has long provided various bits of machine-consumable information to customers and users via our Security Data page. Today we are pleased to announce that we have made it even easier to access and ..
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2387601
*** Defending Our Brand ***
---------------------------------------------
Some months ago, it came to our attention that Comodo Group, Inc., is attempting to register at least three trademarks for the term "Let's Encrypt" for a variety of CA-related services. These trademark applications were ..
---------------------------------------------
https://letsencrypt.org//2016/06/23/defending-our-brand.html
*** Fünf Millionen Zertifikate: Lets Encrypt wächst rasant ***
---------------------------------------------
Innerhalb von drei Monaten hat Let's Encrypt die Gesamtanzahl von kostenlos ausgestellten SSL-/TLS-Zertifikaten verfünffacht.
---------------------------------------------
http://heise.de/-3247077
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 21-06-2016 18:00 − Mittwoch 22-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection ***
---------------------------------------------
Macro malware continues to evolve and use new tricks to evade detection. This threat is responsible for downloading malicious Trojans such as Dridex and ransomware such as Locky. Recently McAfee Labs has encountered a new variant of macro ..
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/macro-malware-adds-tricks-uses-maxmind…
*** Advantech WebAccess ActiveX Vulnerabilities ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01
*** Schneider Electric PowerLogic PM8ECC Cross-site Scripting Vulnerability ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-02
*** DHL Packstation: Sicherheitslücke begünstigt Missbrauch der fast 3000 Paketautomaten ***
---------------------------------------------
Durch eine Sicherheitslücke konnten Online-Ganoven unnötig leicht auf die Paketfächer der rund acht Millionen Packstation-Nutzer zugreifen. Als DHL das Problem bestritt, hat c't es selbst versucht.
---------------------------------------------
http://heise.de/-3243343
*** Hacker, Bromium donate $30,000 in bug bounty cash to charity ***
---------------------------------------------
Google hacker Tavis Ormandy and security firm Bromium have handed Amnesty International US$30,000 in bug bounty cash awarded after the former broke the latters security controls.
---------------------------------------------
www.theregister.co.uk/2016/06/22/hacker_bromium_donate_30000_in_bug_bounty_…
*** ENISA discusses cyber challenges of the digital transformation ***
---------------------------------------------
https://www.enisa.europa.eu/news/executive-news/enisa-discusses-cyber-chall…
*** DNS-Sicherheitslücke bei Apple: Weitere Plattformen betroffen ***
---------------------------------------------
Neben den AirPort-Basisstationen sind auch iOS, OS X und watchOS von einer kritischen Lücke betroffen ..
---------------------------------------------
http://heise.de/-3244645
*** E-Mail-Verschlüsselung: EU-Kommission hat Angst vor verschlüsseltem Spam ***
---------------------------------------------
PGP ist sicher, aber in der Handhabung oft kompliziert, gerade in grossen Unternehmen. Die EU-Kommission will die Technik in einem Pilotprojekt für alle Mitarbeiter einführen. Eine Angst geht dabei um: die vor verschlüsselten Spammails.
---------------------------------------------
http://www.golem.de/news/e-mail-verschluesselung-eu-kommission-hat-angst-vo…
*** KSN Report: Ransomware from 2014-2016 ***
---------------------------------------------
The number of users attacked with ransomware is huge. But how big is it? Ransomware seems to be a global threat. But maybe there are regions at a higher risk of danger? There seem to be a lot of ransomware malware groups. But what are the most widespread and dangerous?
---------------------------------------------
http://securelist.com/analysis/publications/75145/pc-ransomware-in-2014-201…
*** Microsofts entrauscht homomorphe Krypto-Library SEAL ***
---------------------------------------------
Das Rechnen mit verschlüsselten Daten rückt heran. Durch einen Wechsel des zugrundeliegenden Krypto-Systems will Microsoft die homomorphe Verschlüsselung auf eine neue Stufe heben.
---------------------------------------------
http://heise.de/-3243299
*** Exploiting Public Information for OSINT ***
---------------------------------------------
Open source intelligence is an act of finding the information using publicly available sources; these sources could be anything, for instance; newspaper, business directories, annual reports, etc. And the scope of OSINT is not only limited to ..
---------------------------------------------
http://resources.infosecinstitute.com/exploiting-public-information-for-osi…
*** Online-Backup-Anbieter Carbonite fordert Nutzer zu Passwort-Reset auf ***
---------------------------------------------
Wegen einer vermehrten Anzahl von unautorisierten Zugriffen auf Accounts sollten Nutzer des Online-Backup-Services Carbonite ihr Passwort zurücksetzen.
---------------------------------------------
http://heise.de/-3245465
*** Return of Locky ***
---------------------------------------------
There's been a lot of discussion recently of the Necurs botnet being quiet. Today, Necurs activity resumed, and a new Locky malspam campaign began! Let's look at it!
---------------------------------------------
https://malcat.moe/?p=53
*** Interview with a Craigslist scammer ***
---------------------------------------------
Ever wondered what motivates people who swindle others on Craigslist? Read on for a fascinating look into the mind of a small-time ..
---------------------------------------------
http://www.infoworld.com/article/3086304/cyber-crime/interview-with-a-craig…
*** 105.386 Österreicher von LinkedIn-Datenleck betroffen ***
---------------------------------------------
In der Datenbank des Karriere-Netzwerks LinkedIn befanden sich insgesamt 15.386 österreichische Mail-Adressen und 76.344 Passwörter.
---------------------------------------------
http://futurezone.at/digital-life/105-386-oesterreicher-von-linkedin-datenl…
*** Vulnerability Spotlight: Pidgin Vulnerabilities ***
---------------------------------------------
Pidgin is a universal chat client that is used on millions of systems worldwide. The Pidgin chat client enables you to communicate on multiple chat networks simultaneously. Talos has identified multiple vulnerabilities in the way Pidgin handles the MXit ..
---------------------------------------------
http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 20-06-2016 18:00 − Dienstag 21-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Exploiting Recursion in the Linux Kernel ***
---------------------------------------------
On June 1st, I reported an arbitrary recursion bug in the Linux kernel that can be triggered by a local user on Ubuntu if the system was installed with home directory encryption support. If you want to see the crasher, the exploit ..
---------------------------------
http://googleprojectzero.blogspot.com/2016/06/exploiting-recursion-in-linux…
*** USN-3012-1: Wget vulnerability ***
---------------------------------------------
Dawid Golunski discovered that Wget incorrectly handled filenames whenbeing redirected from an HTTP to an FTP URL.
---------------------------------------------
http://www.ubuntu.com/usn/usn-3012-1/
*** USN-3011-1: HAProxy vulnerability ***
---------------------------------------------
Falco Schmutz discovered that HAProxy incorrectly handled the reqdenyfilter.
---------------------------------------------
http://www.ubuntu.com/usn/usn-3011-1/
*** Reverse-engineering DUBNIUM's Flash-targeting exploit ***
---------------------------------------------
The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we're going to examine the technical details of the exploit that targeted vulnerability CVE-2015-8651. For ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dub…
*** Cisco Integrated Services Routers OpenSSH TCP Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco 8800 Series IP Phone Directory Traversal Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Red Line Drawn: China Recalculates Its Use of Cyber Espionage ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2016/06/red-line-drawn-china-e…
*** Hacker erbeuten Kunden-Daten aus Acers Online-Shop ***
---------------------------------------------
Unbekannte Datendiebe haben offensichtlich den nordamerikanischen Online-Shop von Acer geentert und Daten von Kunden kopiert. Darunter könnten dem Hersteller zufolge auch Kreditkarten-Daten inklusive Sicherheitscodes sein.
---------------------------------------------
http://heise.de/-3242703
*** Unbefugte schleichen sich in GoToMyPC-Konten ***
---------------------------------------------
Aufgrund unbefugter Zugriffe auf Nutzer-Konten, hat der Anbieter der Fernwartungs-Software GoToMyPC die Passwörter ..
---------------------------------------------
http://heise.de/-3242747
*** Phishing mit gestohlenem iPhone ***
---------------------------------------------
Kriminelle stehlen iPhones. Nach rund einer Woche melden sie sich bei ihren Opfern mit einer vermeintlich echten SMS von Apple. In ihr ist davon die Rede, dass das ..
---------------------------------------------
https://www.watchlist-internet.at/phishing/phishing-mit-gestohlenem-iphone/
*** Apple: Mysteriöse Lücke in Airport-Router gepatcht ***
---------------------------------------------
Der Airport-Router und Time-Capsule von Apple haben offenbar Probleme mit bestimmten DNS-Anfragen. Die Sicherheitslücke wurde jetzt geschlossen, möglicherweise konnten Angreifer das Netzwerk der Nutzer kompromittieren.
---------------------------------------------
http://www.golem.de/news/apple-mysterioese-luecke-in-airport-router-gepatch…
*** Poorly crafted LogMeIn password reset email looks phishy, but isn't ***
---------------------------------------------
LogMeIn has been sending out password reset emails to some of its customers, to prevent account hijacking fuelled by the recent spate of massive login credential leaks. Unfortunately, their own legitimate email ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/21/poorly-crafted-logmein-password-…
*** Zwei-Faktor-Authentifizierung: Smartphone als zweiter Schlüssel fürs Google-Konto ***
---------------------------------------------
Wer die Zwei-Faktor-Authentifizierung für sein Google-Konto nutzt, muss ab sofort neben seinem Passwort keine Codes mehr eingeben, sondern kann direkt sein Smartphone zur Anmeldung nutzen.
---------------------------------------------
http://heise.de/-3243338
*** Flash: Mac OS X blockiert wieder alte Versionen ***
---------------------------------------------
Apples Browser Safari unterstützt das Flash-Plug-in nur noch, wenn es auf dem aktuellen Stand ist. Adobe hatte vor wenigen Tagen kritische Schwachstellen geschlossen, darunter eine Zero-Day-Lücke.
---------------------------------------------
http://heise.de/-3243340
*** Finding Browser Extensions To Hunt Evil! ***
---------------------------------------------
Browser extensions, sometimes called plug-ins or add-ons, provide all types of wondrous functionality on top of the web browser, some of which may be actually wanted by the user! These little gems, however, have also proved valuable ..
---------------------------------------------
https://labs.opendns.com/2016/06/16/finding-browser-extensions-find-evil/
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 17-06-2016 18:00 − Montag 20-06-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Locky, Dridex, and Angler among cybercrime groups to experience fall in activity ***
---------------------------------------------
There has been a sudden drop off in activity relating to a number of major malware families in recent weeks. Dridex (W32.Cridex), Locky (Trojan.Cryptolocker.AF), the Angler exploit kit and Necurs (Backdoor.Necurs), are among the threats who appear affected by this development.
---------------------------------------------
http://www.symantec.com/connect/blogs/locky-dridex-and-angler-among-cybercr…
*** Erpressungs-Trojaner RAA kommt mit Passwort-Dieb im Huckepack daher ***
---------------------------------------------
Der Computer-Schädling RAA soll nicht nur Daten als Geisel nehmen und ein Lösegeld verlangen, sondern auch einen Trojaner mitbringen, der Passwörter abgreift.
---------------------------------------------
http://heise.de/-3242139
*** You Acer holes! PC maker leaks payment cards in e-store hack ***
---------------------------------------------
Lost info includes names, addresses, numbers and security codes Acers insecure customer database spilled peoples personal information - including full payment card numbers - into hackers hands for more than a year.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/06/17/what_a_pain…
*** New Ransomware Written Entirely In JavaScript ***
---------------------------------------------
An anonymous reader writes: Security researchers have discovered a new form of ransomware written entirely in JavaScript and using the CryptoJS library to encode a users files. Researchers say the file is being distributed through email attachments, according to SC Magazine, which reports that "Opening the attachment kicks off a series of steps that not only locks up the victims files, but also downloads some additional malware onto the target computer. ...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MLUCGZ3AfdM/new-ransomware-…
*** GoToMyPC remote desktop service resets all passwords in wake of attack ***
---------------------------------------------
GoToMyPC, a remote computer administration service offered by Citrix, has forced a password reset for all customers in the wake of what they call a 'very sophisticated password attack.' Effective immediately, you will be required to reset your GoToMyPC password before you can login again, the company told customers via email on Sunday, and advised them to use their regular GoToMyPC login link to reset the password, or go through the 'Forgot Password' link
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/20/gotomypc-resets-passwords/
*** Understanding Critical Windows Artifacts and Their Relevance During Investigation-Part 1 ***
---------------------------------------------
In this article, we will learn about critical Windows artifacts, what they mean, where they are located in the system, what can be inferred from them and how can they help in actual during the investigation. This will be a series of articles and in Part 1, we will learn about the NTFS timestamps which ...
---------------------------------------------
http://resources.infosecinstitute.com/understanding-critical-windows-artifa…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL and a vulnerability in GNU glibc affect IBM Security Proventia Network Enterprise Scanner ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984794
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0399) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984134
---------------------------------------------
*** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-0341) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985111
---------------------------------------------
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco IOS XE Software SNMP Subsystem Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 16-06-2016 18:00 − Freitag 17-06-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** SAP patches three-year-old vulnerability, plus 20 more flaws ***
---------------------------------------------
SAP this week patched 21 product vulnerabilities, including an information disclosure flaw that was originally disclosed more than three years ago.
---------------------------------------------
http://www.scmagazine.com/sap-patches-three-year-old-vulnerability-plus-20-…
*** X86 Shellcode Obfuscation - Part 3 ***
---------------------------------------------
Last time, Ive added obfuscation support for most common x86 instructions, which allowed to process the obfuscation output several times in order to get even better results. The obfuscated code output now, while being pretty well obfuscated, still is pretty easy to navigate as the execution flow is not changed. I will fix it this episode as I explain methods of implementing full blown execution flow obfuscation by injecting dozens of jumps to make the code output unrecognizable.
---------------------------------------------
https://breakdev.org/x86-shellcode-obfuscation-part-3/
*** ENISA: Free online tool for the notification of personal data breaches ***
---------------------------------------------
The purpose of the tool is to allow data controllers to complete and submit online a personal data breach notification to the competent authority (DPA/NRA). The tool covers all types of personal data breaches and business sectors, whether public or private. Based on the input of the notification, the tool also provides to the competent authority an assessment of the severity of the breach.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/free-online-tool-for-the-notifi…
*** GitHub: Anmeldeversuche mit auf anderen Sites gestohlenen Zugangsdaten ***
---------------------------------------------
Das GitHub-Team hat zahlreiche Log-in-Versuche festgestellt, die teilweise erfolgreich waren. Offensichtlich haben Hacker versucht, sich mit auf anderen Sites gestohlenen Zugangsdaten anzumelden.
---------------------------------------------
http://heise.de/-3240522
*** Kryptowährung: Einbrecher stehlen 56 Millionen US-Dollar in Ether - fast ***
---------------------------------------------
Sicherheitslücke bei der Bitcoin-Alternative Ethereum: Angreifer konnten 3,5 Millionen Einheiten der Ether stehlen. Eine ungewöhnliche Maßnahme soll aber verhindern, dass das Geld auch wirklich ausgezahlt wird.
---------------------------------------------
http://www.golem.de/news/kryptowaehrung-einbrecher-stehlen-56-millionen-us-…
*** Security updates available for Adobe Flash Player (APSB16-18) and Adobe AIR (APSB16-23) ***
---------------------------------------------
Adobe has published a Security Bulletin (APSB16-18) regarding security updates that address critical vulnerabilities in Adobe Flash Player. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1371
*** Bugtraq: [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538699
*** Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Bugtraq: User enumeration in Skype for Business 2013 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538697
*** Bugtraq: [SECURITY] [DSA 3604-1] drupal7 security update ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538696
*** Python urllib HTTP Header Injection ***
---------------------------------------------
Topic: Python urllib HTTP Header Injection Risk: Low Text:Pythons built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016060130
*** Solarwinds Virtualization Manager 6.3.1 Java Deserialization ***
---------------------------------------------
Topic: Solarwinds Virtualization Manager 6.3.1 Java Deserialization Risk: High Text:Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Product: Solarwinds Virtualization Manager Vendor: Solarwin...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016060126
*** Json2Html Cross Site Scripting ***
---------------------------------------------
Topic: Json2Html Cross Site Scripting Risk: Low Text:# Exploit Title: Json2Html Javascript Library - Reflective/Persistant XSS # Date: 0 day # Exploit Author: David Silveiro # E...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016060123
*** Gemalto Sentinel License Manager 18.0.1 Directory Traversal ***
---------------------------------------------
Topic: Gemalto Sentinel License Manager 18.0.1 Directory Traversal Risk: Medium Text:Gemalto Sentinel License Manager 18.0.1 Directory Traversal Vulnerability Vendor: Gemalto NV | SafeNet, Inc Product we...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016060121
*** Security Advisory - Insufficient Input Validation Vulnerability in the FusionInsight ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160617-…
*** Moxa PT-7728 Series Switch Improper Authorization Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an improper authorization vulnerability in Moxa's Industrial Ethernet Switch PT-7728 series.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-168-01
*** sol64505405: NTP vulnerability CVE-2016-4956 ***
---------------------------------------------
This vulnerability can only be exposed if the ntp.conf file is manually edited to enable "broadcastclient" mode in network time protocol (NTP).
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/k/64/sol64505405.html
*** sol14969: BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024 ***
---------------------------------------------
The Edge Client components in F5 BIG-IP APM, BIG-IP Edge Gateway, and FirePass allow attackers to obtain sensitive information from process memory via unspecified vectors. (CVE-2013-6024) An attacker with sufficient local privileges on a client machine running Windows or Mac OS X may be able to gain access to a users APM password. Note: This vulnerability is limited to the BIG-IP Edge Client and FirePass legacy client for Windows and Mac OS X only; it does not impact the BIG-IP or FirePass host.
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html
*** sol82644737: NTP vulnerability CVE-2016-4954 ***
---------------------------------------------
Impact: The NTP service may be disrupted. Security Issue Status: F5 Product Development has assigned ID 597023 (BIG-IP), ID 598184 (BIG-IQ), ID 598186 (Enterprise Manager), and LRS-60784 (LineRate) to this vulnerability.
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/k/82/sol82644737.html
*** IBM Security Bulletin: Vulnerability identified in IBM Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2016-3426) ***
---------------------------------------------
A vulnerability in IBM SDK Java Technology Edition, Version 6 that is shipped with IBM WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-3426 Affected product(s) and affected version(s): WebSphere Service Registry and Repository Studio V8.5, V8.0, V7.5 and V7.0 are...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21985335
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) ***
---------------------------------------------
OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors. IBM b-type SAN firmware has addressed the applicable CVEs. CVE(s): CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794 Affected product(s) and affected version(s): IBM b-type switches and directors running FOS versions prior to 7.4.1c are affected.
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1006391
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 15-06-2016 18:00 − Donnerstag 16-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
*** Estonia - Cryptographic Algorithms Lifecycle Report 2016 published ***
---------------------------------------------
Estonian Information System Authority (RIA) and Cybernetica have published the "Cryptographic Algorithms Lifecycle Report 2016".
---------------------------------------------
https://www.enisa.europa.eu/about-enisa/structure-organization/national-lia…
*** TLS Certificate Validation Vulnerability in Citrix iOS Receiver ***
---------------------------------------------
A vulnerability has been identified in Citrix iOS Receiver that could result in TLS certificates being incorrectly validated.
This vulnerability has been assigned the following CVE number:
CVE-2016-5433: TLS Certificate Validation Vulnerability in Citrix iOS Receiver.
This vulnerability affects all versions of Citrix iOS Receiver earlier than 7.0.
This vulnerability does not affect Citrix Receivers on any other platforms.
---------------------------------------------
http://support.citrix.com/article/CTX213998
*** Citrix XenServer Security Update for CVE-2016-5302 ***
---------------------------------------------
A security vulnerability has been identified in XenServer 7.0 that may allow an attacker on the management network who is in possession of Active Directory credentials for an AD account that is not authorised to manage a XenServer host to compromise that host.
The following vulnerability has been addressed:
CVE-2016-5302 (Low): Incorrect host management AD authentication
---------------------------------------------
http://support.citrix.com/article/CTX213549
*** Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036 ***
---------------------------------------------
Project: Views (third-party module)
Version: 7.x
Date: 2016-June-15
Security risk: 7/25 ( Less Critical)
Vulnerability: Access bypass
DescriptionAn access bypass vulnerability exists in the Views module, where users without the "View content count" permission can see the number of hits collected by the Statistics module for results in the view.
---------------------------------------------
https://www.drupal.org/node/2749333
*** Trend Micro: Sicherheitsfirma findet trojanisierte Teamviewer-Versionen ***
---------------------------------------------
Wurde Teamviewer gehackt oder nicht? In den vergangenen Wochen beschwerten sich Hunderte Nutzer über Kriminelle, die über Teamviewer Konten plünderten. Der Hersteller selbst verwies auf schlechte Passwörter - eine Sicherheitsfirma hat jetzt eine weitere Idee.
---------------------------------------------
http://www.golem.de/news/trend-micro-sicherheitsfirma-findet-trojanisierte-…
*** Deep Discovery Inspector vulnerable to remote code execution ***
---------------------------------------------
Deep Discovery Inspector provided by Trend Micro Incorporated contains a remote code execution vulnerability.
---------------------------------------------
http://jvn.jp/en/jp/JVN55428526/
*** Facebook Privacy & Security Guide: Everything You Need to Know [Updated] ***
---------------------------------------------
Facebook grew in the past years to become the largest online social network in the world. It spread so much that even our parents, neighbors and distant relatives, even from remote areas of the country, now constantly use it. It's the place where everybody is active, from friends, family, work colleagues, old school friends to ...
---------------------------------------------
https://heimdalsecurity.com/blog/facebook-security-privacy-guide/
*** Bugtraq: [security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information ***
---------------------------------------------
[security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information
---------------------------------------------
http://www.securityfocus.com/archive/1/538693
*** Bugtraq: [security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties ***
---------------------------------------------
[security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties
---------------------------------------------
http://www.securityfocus.com/archive/1/538692
*** Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-002 ***
---------------------------------------------
Project: Drupal core
Version: 7.x, 8.x
Security risk: 11/25 ( Moderately Critical)
Vulnerability: Access bypass, Multiple vulnerabilities
Description Saving user accounts can sometimes grant the user all roles
---------------------------------------------
https://www.drupal.org/SA-CORE-2016-002
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Cross-Site Request Forgery Vulnerability in IBM WebSphere Portal (CVE-2016-2901) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21983974
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application platform is vulnerable to a cross-site scripting attack. (CVE-2016-2883) ***
http://www.ibm.com/support/docview.wss?uid=swg21985158
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in BeanShell affects IBM Leads (CVE-2016-2510) ***
http://www.ibm.com/support/docview.wss?uid=swg21982167
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in InstallAnywhere affects IBM InfoSphere Optim Performance Manager for DB2 on LUW and IBM InfoSphere Optim Configuration Manager on Windows Platform (CVE-2016-4560) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984067
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager FastBack for Bare Machine Recovery (CVE-2016-2542) ***
http://www.ibm.com/support/docview.wss?uid=swg21984184
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager FastBack (CVE-2016-2542) ***
http://www.ibm.com/support/docview.wss?uid=swg21982809
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Notes KeyView PDF Filters (CVE-2016-0301, CVE-2016-0278, CVE-2016-0279, CVE-2016-0277) ***
http://www.ibm.com/support/docview.wss?uid=swg21982277
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 14-06-2016 18:00 − Mittwoch 15-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Security Advisory posted for Adobe Flash Player (APSA16-03) ***
---------------------------------------------
A Security Advisory (APSA16-03) has been published regarding a critical vulnerability (CVE-2016-4171) in Adobe Flash Player. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1367
*** Security Bulletins Posted ***
---------------------------------------------
Adobe has published security bulletins for the Adobe DNG SDK (APSB16-19), Adobe Brackets (APSB16-20), Adobe Creative Cloud Desktop Application (APSB16-21) and ColdFusion (APSB16-22). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1361
*** MS16-JUN - Microsoft Security Bulletin Summary for June 2016 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-JUN
*** DSA-3602 php5 - security update ***
---------------------------------------------
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3602
*** Where's the Macro? Malware authors are now using OLE embedding to deliver malicious files ***
---------------------------------------------
Recently, we've seen reports of malicious files that misuse the legitimate Office object linking and embedding (OLE) capability to trick users into enabling and downloading malicious content. Previously, we've seen macros used ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/06/14/wheres-the-macro-malwar…
*** Mofang: A politically motivated information stealing adversary ***
---------------------------------------------
Mofang is a threat actor that almost certainly operates out of China and is probably government-affiliated. It is highly likely that Mofang's targets are selected based on involvement with ..
---------------------------------------------
https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-informati…
*** Safari 10 blockiert Flash standardmäßig *** ----------------------------------------------
Ab Herbst gaukelt Apples Browser Webseiten in der Standardeinstellung vor, dass Plug-ins wie Flash, Silverlight oder Java gar nicht installiert seien. Der Schritt soll Strom sparen und für mehr Sicherheit sorgen.
---------------------------------------------
http://heise.de/-3238170
*** VMSA-2016-0009 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2016-0009.html
*** VMSA-2016-0005.4 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2016-0005.html
*** VMSA-2015-0009.3 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0009.html
*** VMSA-2015-0007.6 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0007.html
*** iOS-Apps müssen ab 2017 HTTPS verwenden ***
---------------------------------------------
Apple hat angekündigt, ab 1. Jänner 2017 HTTPS-Verbindungen für iOS-Apps zu verlangen. Daten sollen nur noch verschlüsselt übertragen werden.
---------------------------------------------
http://futurezone.at/apps/ios-apps-muessen-ab-2017-https-verwenden/204.603.…
*** Russische Spione hacken Computer von US-Demokraten ***
---------------------------------------------
http://derstandard.at/2000038962384-406
*** Adobe-Patchday lässt kritische Flash-Lücke ungepatcht ***
---------------------------------------------
Adobe schliesst Lücken in ColdFusion, der Creative Cloud, dem DNG Development Kit und seinem Texteditor Brackets. Nur eine kritische Flash-Lücke bleibt erst mal ungepatcht.
---------------------------------------------
http://heise.de/-3238271
*** DSA-3603 libav - security update ***
---------------------------------------------
Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3603
*** Cross-Site Scripting in extension "Bootstrap Package" (bootstrap_package) ***
---------------------------------------------
https://typo3.org/news/article/cross-site-scripting-in-extension-formhandle…
*** Microsoft-Patchday: Uralt-Lücke aus Windows-95-Zeiten geschlossen ***
---------------------------------------------
Microsoft hat für diesen Monat 16 Sicherheitsupdates herausgegeben. Fünf davon sind kritisch und eine wichtige Lücke namens "BadTunnel" betrifft alle Windows-Versionen seit Windows 95.
---------------------------------------------
http://heise.de/-3238328
*** xDedic - the shady world of hacked servers for sale ***
---------------------------------------------
Over the last two years, deep in the slums of the Internet, a different kind of underground market has flourished. The short, cryptic name perhaps doesnt say much about it: xDedic. However, on this obscure marketplace anyone can purchase more than 70,000 hacked servers from all around the Internet.
---------------------------------------------
http://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-…
*** Programmiersprache: Microsoft forscht an sicherer C-Erweiterung ***
---------------------------------------------
Einige Modifikationen an Syntax, Compiler und Laufzeitumgebung sollen C-Programme vor typischen Fehlern der Programmiersprache schützen. Microsoft erforscht diese Technik gemeinsam mit Universitäten in einem Open-Source-Projekt.
---------------------------------------------
http://www.golem.de/news/programmiersprache-microsoft-forscht-an-sicherer-c…
*** Next Steps for Legacy Plug-ins ***
---------------------------------------------
The web platform is capable of amazing things. Thanks to the ongoing hard work of standards bodies, browser vendors, and web developers, web standards are feature-rich and continuously improving. The WebKit project in particular ..
---------------------------------------------
https://webkit.org/blog/6589/next-steps-for-legacy-plug-ins/
*** Forenbetreiber gehackt: 45 Millionen Nutzer betroffen ***
---------------------------------------------
Cyberkriminelle haben 45 Millionen Datensätze von VerticalScope gestohlen. Die kanadische Firma hostet über 1.100 Webseiten und Online-Foren.
---------------------------------------------
http://futurezone.at/digital-life/forenbetreiber-gehackt-45-millionen-nutze…
*** TalkTalk-Kunden werden über TeamViewer-Zugänge angegriffen ***
---------------------------------------------
Nicht genug, dass die Daten der TalkTalk-Kunden im Netz sind: Jetzt werden diese auch noch Opfer von Ganoven. Diese versuchen, ..
---------------------------------------------
http://heise.de/-3238766
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 13-06-2016 18:00 − Dienstag 14-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** ATM Insert Skimmers In Action ***
---------------------------------------------
KrebsOnSecurity has featured several recent posts on "insert skimmers," ATM skimming devices made to fit snugly and invisibly inside a cash machines card acceptance slot. Im revisiting the subject again because Ive recently ..
---------------------------------------------
http://krebsonsecurity.com/2016/06/atm-insert-skimmers-in-action/
*** DSA-3601 icedove - security update ***
---------------------------------------------
Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors maylead to the execution of arbitrary code or denial of service.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3601
*** Virenscanner infiziert Systeme mit Sality-Virus ***
---------------------------------------------
Durch ein Update landete des Virenscanners Rising landet eine infizierte Datei auf den Systeme, die sich dann daran macht, den Sality-Virus weiter zu verbreiten.
---------------------------------------------
http://heise.de/-3237654
*** Vawtrak banking Trojan shifts to new targets ***
---------------------------------------------
The Vawtrak banking Trojan (aka Snifula) is slowly but surely becoming a serious threat. With version 2, the malware has acquired the capability to target ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/14/vawtrak-banking-trojan-shifts-ne…
*** Kritische Sicherheitslücke: Angreifer können Adminrechte in Oxid-E-Shop erlangen ***
---------------------------------------------
Eine Sicherheitslücke im E-Shop-System Oxid ermöglicht Angreifern den Zugriff auf das Admininterface, es kann auch Code ins Frontend injiziert werden. Aktuelle Versionen werden mit einem Patch abgesichert, für ältere existiert lediglich ein Workaround.
---------------------------------------------
http://www.golem.de/news/kritische-sicherheitsluecke-angreifer-koennen-admi…
*** Aufregung um Linkedin-Hack in .at: Nutzer sollten dringend Passwort ändern ***
---------------------------------------------
Vollständige Nutzerdatenbank aus dem Jahr 2012 kursiert, und sorgt nun auch hierzulande für Schlagzeilen.
---------------------------------------------
http://derstandard.at/2000038935519
*** Weaponizing Nessus ***
---------------------------------------------
Once in a blue moon we come across a client that has truly done security right (or at least, tried really hard to do so). All the low hanging fruit has ..
---------------------------------------------
http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus
*** The PhotoMiner Campaign ***
---------------------------------------------
Over the past few months, we've been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by ..
---------------------------------------------
https://www.guardicore.com/2016/06/the-photominer-campaign/
*** Finding pearls; fuzzing ClamAV ***
---------------------------------------------
Previously, I wrote about the general workflow to follow if you wanted to seriously begin fuzzing applications, while covering fuzzing a small YAML library. In this post, we will cover taking that workflow and applying it in real life to the open-source antivirus project ClamAV. This fuzz job was ..
---------------------------------------------
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
*** phpMyAdmin Project Successfully Completes Security Audit ***
---------------------------------------------
Software Freedom Conservancy congratulates its phpMyAdmin project on succesfuly completing completing a thorough security audit, as part of Mozillas Secure Open Source Fund. No serious issues were found in the phyMyAdmin codebase.
---------------------------------------------
https://www.phpmyadmin.net/news/2016/6/13/phpmyadmin-project-successfully-c…
*** Netgear-Router dank festinstallierter Schlüssel einfach zu knacken ***
---------------------------------------------
Die Router D6000 und D3600 können von Angreifern gekapert werden, da sie fest installierte Krypto-Schlüssel nutzen, die immer gleich sind. Ausserdem lässt sich das Administrator-Passwort sehr einfach auslesen.
---------------------------------------------
http://heise.de/-3237907
*** Making Curl | Bash safe(r) ***
---------------------------------------------
You know those software installation instructions that tell you to download and run a script directly from the internet, as root, using something like the following?
---------------------------------------------
https://sysdig.com/blog/making-curl-bash-safer/
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 10-06-2016 18:00 − Montag 13-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Linux Kernel ROP - Ropping your way to # (Part 1) ***
---------------------------------------------
Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique that is often used to bypass restrictions associated with non-executable memory regions. For example, on default kernels1, it presents a practical approach for ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropp…
*** Siemens SIMATIC S7-300 Denial-of-Service Vulnerability ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01
*** Is it the End of Angler ? ***
---------------------------------------------
http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html
*** Visual Studio 2015 stopft ungefragt Tracing-Code in C++-Programme ***
---------------------------------------------
Microsofts aktuelle Entwicklungsumgebung baut ungefragt und automatisch Funktionsaufrufe in C++-Code ein, die dem Erfassen von Telemetrie-Daten dienen. Microsoft will das nun mit Updates abstellen.
---------------------------------------------
http://heise.de/-3235676
*** Blackberry verteilt Nutzerdaten weltweit an Behörden ***
---------------------------------------------
Blackberry entschlüsselt Nachrichten, die über seine Geräte verschickt und empfangen werden und teilt diese Informationen und andere Nutzerdaten mit Behörden in aller Welt.
---------------------------------------------
http://futurezone.at/netzpolitik/blackberry-verteilt-nutzerdaten-weltweit-a…
*** Petya and Mischa - Ransomware Duet (part 2) ***
---------------------------------------------
After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload - Mischa. Both are named after the satellites from the GoldenEye movie. They deploy ..
---------------------------------------------
https://blog.malwarebytes.org/threat-analysis/2016/06/petya-and-mischa-rans…
*** DNS Sinkhole ISO Version 2.0 ***
---------------------------------------------
After 4 years (previous version 1.3 Jun 2012), I containing the following changes: - Updated to Slackware 14.1 with Linux kernel 3.10.17 - Added inetsim in the /opt directory as a limited alternative to collect redirected sinkhole ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21153
*** Symantec übernimmt Blue Coat für 4,65 Milliarden Dollar ***
---------------------------------------------
Blue Coat wurde vom Sicherheitssoftwareanbieter Symantec gekauft und will sich fortan vor allem auf Anti-Viren-Software konzentrieren.
---------------------------------------------
http://futurezone.at/b2b/symantec-uebernimmt-blue-coat-fuer-4-65-milliarden…
*** Verschlüsselung: Lets Encrypt veröffentlicht 7.618 E-Mail-Adressen ***
---------------------------------------------
Lets Encrypt will Verbindungen im Internet besser absichern und so die privaten Daten der Nutzer besser schützen. Doch jetzt hat das Projekt durch eine Panne selbst zahlreiche Mailadressen preisgegeben.
---------------------------------------------
http://www.golem.de/news/verschuesselung-let-s-encrypt-verraet-7-618-e-mail…
*** FLocker Mobile Ransomware Crosses to Smart TV ***
---------------------------------------------
Using multiple devices that run on one platform makes life easier for a lot of people. However, if a malware affects one of these devices, the said malware may eventually affect the others, too. This appears to be the case when we came across an ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomwa…
*** Statt Backups: Britische Firmen horten Bitcoins für Erpressungstrojaner ***
---------------------------------------------
Anstatt für regelmäßige Backups zu sorgen, scheinen viele britische Firmen lieber Kryptogeldreserven anzulegen, um Lösegeld für ihre Daten bezahlen zu können. Laut einer Befragung sind viele Firmen bereit, bis zu 50.000 Pfund zu zahlen.
---------------------------------------------
http://heise.de/-3236563
*** Intel verankert Anti-Exploit-Technik in (CPU-)Hardware ***
---------------------------------------------
Mit der "Control-flow Enforcement Technology" will Intel dem Ausnutzen von Sicherheitslücken eine weitere Hürde in den Weg legen. Wann CET jedoch in Prozessoren debüttiert, steht noch in den Sternen.
---------------------------------------------
http://heise.de/-3236707
*** Microsoft kauft LinkedIn für 26,2 Milliarden Dollar ***
---------------------------------------------
Das Karriere-Netzwerk LinkedIn wird von Microsoft übernommen. Der Xing-Konkurrent werde dabei insgesamt mit 26,2 Milliarden Dollar bewertet, teilten die Unternehmen mit.
---------------------------------------------
http://futurezone.at/b2b/microsoft-kauf-linkedin-fuer-26-2-milliarden-dolla…
*** Process Explorer: Part 2 ***
---------------------------------------------
For Windows operating systems (OS), especially those up to and including Windows 7, Process Explorer is an excellent replacement for Task Manager. After publishing ..
---------------------------------------------
https://blog.malwarebytes.org/101/2016/05/process-explorer-part-2/
*** Empfehlungen für Cybersicherheitsgesetz veröffentlicht ***
---------------------------------------------
Ein Jahr lang haben Experten aus Wirtschaft, Wissenschaft und Behörden über das Cybersicherheitsgesetz diskutiert, das eine Meldepflicht bei Cyberangriffen bringen soll.
---------------------------------------------
http://futurezone.at/netzpolitik/empfehlungen-fuer-cyberischerheitsgesetz-v…