=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 06-10-2015 18:00 − Mittwoch 07-10-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Microsoft Edge Performance Object Lets Remote Users Detect Virtual Machines ***
---------------------------------------------
http://www.securitytracker.com/id/1033749
*** Microsoft Internet Explorer Performance Object Lets Remote Users Detect Virtual Machines ***
---------------------------------------------
http://www.securitytracker.com/id/1033748
*** Tripwire IP360 VnE Remote Administrative API Authentication Bypass ***
---------------------------------------------
The IP350 VnE is susceptible to a remote XML-RPC authentication
bypass vulnerability, which allows for specially crafted privileged
commands to be remotely executed without authentication. The RPC
service is available on the public HTTPS interface of the VnE by
default, and cannot be disabled.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015100053
*** Virus Bulletin : VB2015 Prague - conference slides ***
---------------------------------------------
The following are the presentation slides shown by speakers at the VB2015 conference in Prague. We are still waiting for some of the slides to be supplied to us - these will be added when they are submitted to us.
---------------------------------------------
https://www.virusbtn.com/conference/vb2015/slides/index
*** Outlook Web Access als Hintertür zum Firmennetz ***
---------------------------------------------
Viele Unternehmen sind sich nicht bewusst, welch verführerisches Ziel der Webdienst von Outlook darstellt. Sicherheitsforscher zeigen an einen aktuellen Fall, wie Angreifer darüber Domänen-Passwörter ausleiten können.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Outlook-Web-Access-als-Hintertuer-zu…
*** HTTP Evasions Explained - Part 4 - Doubly Compressed Content ***
---------------------------------------------
This is the fourth part in a series which will explain the evasions done by HTTP Evader. This article is about the products which successfully support deflate compression (where several products already fail) but fail if the content is ..
---------------------------------------------
http://noxxi.de/research/http-evader-explained-4-double-encoding.html
*** General HTML5 Security, Part 2 ***
---------------------------------------------
In the second part of the General HTML5 Security series, we are going to discuss the enhanced security in HTML5 with features such as the CSP (Content Security Policy) and sandboxed iframes. We ..
---------------------------------------------
http://resources.infosecinstitute.com/general-html5-security-part-2/
*** Kemoge: Another Mobile Malicious Adware Infecting Over 20 Countries ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.ht…
*** US-Provider Verizon weitet Nutzung seines Supercookies aus ***
---------------------------------------------
Mit dem Kauf von AOL will Verizon seine Kunden nun auch über dessen Werbenetzwerk weiterverfolgen. AOL erreicht mit seiner Werbung fast 600 Millionen Menschen weltweit.
---------------------------------------------
http://heise.de/-2840065
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 05-10-2015 18:00 − Dienstag 06-10-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** ZDI-15-456: Mozilla Firefox MPEG4 saio Chunk Integer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-456/
*** Trump Hotel Collection Confirms Card Breach ***
---------------------------------------------
The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, said last week that a year-long breach of its credit card system may have resulted in the theft of cards used at the hotels. The acknowledgement comes roughly three months after this author first reported that multiple financial institutions suspected the hotels were compromised.
---------------------------------------------
http://krebsonsecurity.com/2015/10/trump-hotel-collection-confirms-card-bre…
*** Google Pushes Stagefright 2.0 Patches to Nexus Devices ***
---------------------------------------------
Googles latest monthly over-the-air update for its Nexus Android devices include patches for the most recent vulnerabilities in Stagefright.
---------------------------------------------
http://threatpost.com/google-pushes-stagefright-2-0-patches-to-nexus-device…
*** Nuclear Plants Cybersecurity Is Bad, & Hard To Fix ***
---------------------------------------------
Very few nuclear plants patch software, and operations engineers dislike security pros.
---------------------------------------------
http://www.darkreading.com/risk/nuclear-plants-cybersecurity-is-bad-and-har…
*** I am HDRoot! Part 1 ***
---------------------------------------------
Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called 'HDRoot' after the original tool's name 'HDD Rootkit', is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool.
---------------------------------------------
http://securelist.com/analysis/publications/72275/i-am-hdroot-part-1/
*** Malware in comments ***
---------------------------------------------
There are many tricks to hide malicious code. One of them is placing it to the part of legitimate files where people dont normally expect to see executable code so they dont skip such places during manual reviews.
---------------------------------------------
http://labs.sucuri.net/?note=2015-10-05
*** Hintergrund: Analysiert: Google-Interna im Second-Hand-Shop ***
---------------------------------------------
Ein in Deutschland gekaufter Gebraucht-Router hatte offenbar einen prominenten Vorbesitzer. Es lieferte den neuen Besitzern interessante und brisante Einblicke in die Infrastruktur von Google - einschliesslich Zugangsdaten.
---------------------------------------------
http://heise.de/-2837379
*** OpenSMTPD Audit Report ***
---------------------------------------------
Topic: OpenSMTPD Audit Report Risk: High Text:(Sorry for the "CVE-2015-ABCD" place-holders in the report, but OpenSMTPDs developers were ready with the patches before MITR...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015100046
*** 2015 Internet Organised Crime Threat Assessment (IOCTA) ***
---------------------------------------------
The 2015 Internet Organised Crime Threat Assessment (IOCTA) is a law enforcement-centric threat assessment intended to inform priority setting for the EMPACT Operational Action Plan for 2016 in the three sub-priority areas of cybercrime (cyber attacks, child sexual exploitation online and payment fraud). The ..
---------------------------------------------
https://www.europol.europa.eu/content/internet-organised-crime-threat-asses…
*** Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomware Alone ***
---------------------------------------------
Today, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit. Angler is one of the largest exploit kit found on the market and has been making news as it has been linked to several high profile malvertising/ransomware campaigns. This is the most advanced and concerning exploit kit on the market - designed to bypass security devices and ultimately attack the largest number of devices possible.
---------------------------------------------
http://talosintel.com/angler-exposed/
*** The MySpace Worm that Changed the Internet Forever ***
---------------------------------------------
Samy didn't want to be everyone's hero. He didn't even want new friends. But thanks to a few clever lines of code, in less than a day, he became the 'hero', and a 'friend', to more than a million people on what was, at the time, the most popular online social network, MySpace.
---------------------------------------------
http://motherboard.vice.com/read/the-myspace-worm-that-changed-the-internet…
*** Vigilante Malware, Dark Knight or Dangerous Joke? ***
---------------------------------------------
It's hard not to like the Batman story. Bruce Wayne, billionaire, playboy, philanthropist, bypasses the ineffectual and corrupt establishment to take the fight to the baddies. There's something romantic about the notion of taking matters into your own hands and getting stuff done where others can't. Now, according to research by Symantec, it seems we have our very ..
---------------------------------------------
https://blog.team-cymru.org/2015/10/vigilante-malware-dark-knight-or-danger…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 02-10-2015 18:00 − Montag 05-10-2015 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
*** Two Games Released in Google Play Can Root Android Devices ***
---------------------------------------------
By Wish Wu, Ecular Xu Android malware creators have recently been mixing business with play. We found two malicious gaming apps that were published on Google Play and are capable of rooting Android devices. If the apps Brain Test and RetroTetris ring a bell, better check your devices. RetroTetris can be installed in Android versions starting from...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/uDbQy75DLZo/
*** VMware vCenter and ESXi updates address critical security issues. ***
---------------------------------------------
Problem Description
a. VMware ESXi OpenSLP Remote Code Execution
b. VMware vCenter Server JMX RMI Remote Code Execution
c. VMware vCenter Server vpxd denial-of-service vulnerability
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0007.html
*** Patreon crowdfunding site hacked and data leaked online ***
---------------------------------------------
The Crowdfunding website Patreon has been hacked and about 15 gigabytes of data including names, addresses and donations have been published online. The data have been available on different servers online locations, including this source.
---------------------------------------------
http://securityaffairs.co/wordpress/40665/cyber-crime/patreon-crowdfunding-…
*** Samsung Decides Not To Patch Kernel Vulnerabilities In Some S4 Smartphones ***
---------------------------------------------
An anonymous reader writes: QuarksLAB, a security research company, has stumbled upon two kernel vulnerabilities for Samsung Galaxy S4 devices, which Samsung has decided to patch only for recent devices running Android Lollipop, but not Jelly Bean or KitKat. The two vulnerabilities (kernel memory disclosure and kernel memory corruption) were discovered in February 2014 and reported to Samsung in August 2014, affecting the samsung_extdisp driver of Samsung S4 (GT-I9500) devices.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xM6Nt9ttxc4/samsung-decides…
*** Virus oder Impfstoff? WiFatch befällt Router und schützt vor Malware ***
---------------------------------------------
"Linux.Wifatch" infiziert Router und mit dem Internet verbundene Geräte, bindet sie in ein Botnetz ein, entfernt Malware und stärkt sie gegen weiterere Infektion.
---------------------------------------------
http://heise.de/-2837158
*** Zertifikats-Schmu bei Windows Update beunruhigt Nutzer ***
---------------------------------------------
Zertifikate, mit denen Microsoft die SSL-Verbindungen zur Windows-Update-Webseite absichert und Dateien des Update-Prozesses signiert, sind nicht vertrauenswürdig. Das führt zu Warnungen und fehlgeschlagenen Updates.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Zertifikats-Schmu-bei-Windows-Update…
*** IBM ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in WSS4J affects IBM Cúram (CVE-2015-0226 & CVE-2015-0227 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21964133
---------------------------------------------
*** IBM Security Bulletin: Information disclosure vulnerability reported in IBM Emptoris Sourcing (CVE-2015-5024) ***
http://www.ibm.com/support/docview.wss?uid=swg21967255
---------------------------------------------
*** IBM Security Bulletin: Multiple Cross-Site scripting vulnerabilities in IBM Business Process Manager dashboards (CVE-2015-4955) ***
http://www.ibm.com/support/docview.wss?uid=swg21966010
---------------------------------------------
*** IBM Security Bulletin: IBM Cloud Manager with OpenStack Keystone Vulnerability (CVE-2015-3646) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022663
---------------------------------------------
*** IBM GNU C library (glibc) vulnerabilities affect IBM SmartCloud Entry (CVE-2013-7423 CVE-2015-1781) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022665
---------------------------------------------
*** Cisco ***
---------------------------------------------
*** VoIPshield Reported Vulnerabilities in Cisco Unity Server ***
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-…
---------------------------------------------
*** Cisco Secure ACS Denial Of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-…
---------------------------------------------
*** Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-…
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 01-10-2015 18:00 − Freitag 02-10-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Multiple XSS vulnerabilities in FortiSandbox WebUI ***
---------------------------------------------
http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortisan…
*** ZebOS routing remote shell service enabled ***
---------------------------------------------
http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabl…
*** Security advisory: Stored XSS in Jetpack ***
---------------------------------------------
During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugins in the WordPress ecosystem.
---------------------------------------------
https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-jetpack.html
*** When Security Experts Gather to Talk Consensus, Chaos Ensues ***
---------------------------------------------
Tension between researchers and vendors over the disclosure of software security vulnerabilities has raged for two decades. A meeting to address that tension further highlighted the tension.
---------------------------------------------
http://www.wired.com/2015/10/security-experts-gather-talk-consensus-chaos-e…
*** Avast Antivirus X.509 Error Rendering Command Execution ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015100017
*** T-Mobile USA: Millionen Kundendaten gehackt ***
---------------------------------------------
Rund 15 Millionen Kunden von T-Mobile in den USA sind von einem Hack persönlicher Daten betroffen. Die Informationen wurden nicht bei T-Mobile direkt erbeutet, sondern bei Experian, einem Dienst zur Prüfung der Bonität potenzieller Kunden.
---------------------------------------------
http://www.golem.de/news/t-mobile-usa-millionen-kundendaten-gehackt-1510-11…
*** FourQ: Microsofts kryptografischer Standard will besser sein ***
---------------------------------------------
Microsoft steigt in die Elliptische-Kurven-Kryptografie ein und hat eine entsprechende Bibliothek veröffentlicht: FourQ soll teilweise deutlich schneller sein als bisherige Ansätze.
---------------------------------------------
http://heise.de/-2836389
*** IoT-Malware: Freundlicher Virus verspricht mehr Sicherheit ***
---------------------------------------------
Sicherheitstipps und deaktivierte Telnet-Daemons: Eine neue Malware möchte Internetnutzer erziehen. Die Entdecker raten trotzdem dazu, das Programm zu entfernen.
---------------------------------------------
http://www.golem.de/news/iot-malware-freundlicher-virus-verspricht-mehr-sic…
*** Cisco Wireless LAN Controller Devices 802.11i Management Frame Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41249
*** Cisco Unified Communications Manager IM and Presence Service REST API Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41242
*** Omron Multiple Product Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Omron Corporation CX-Programmer software, CJ2M series programmable logic controller (PLC), and CJ2H series PLC.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01
*** How Patreon got hacked ***
---------------------------------------------
TL;DR, Patreon got hacked. We reported a specific Remote Code Execution to them due to a public debugger before they were breached. We believe this was the attack method due to the simplicity and availability of the vulnerable endpoint. This is how you prevent this from happening to you.
---------------------------------------------
http://labs.detectify.com/post/130332638391/how-patreon-got-hacked-publicly…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 30-09-2015 18:00 − Donnerstag 01-10-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Updates for multiple Apple products, including iOS and OS X ***
---------------------------------------------
https://support.apple.com/kb/HT205284https://support.apple.com/kb/HT205267https://support.apple.com/kb/HT205265
*** Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41240
*** Mistakenly-deployed test patch leads to suspicious Windows update ***
---------------------------------------------
Earlier today, various sources reporteda highly-suspicious Windows update. According to Ars Technica,a Microsoft spokesperson stated the company hadincorrectly published a test update and isin the process of removing it [1]. The update is no longer ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20201
*** User Dashboard - SQL Injection - Critical - SA-CONTRIB-2015-152 ***
---------------------------------------------
https://www.drupal.org/node/2577901
*** Apple Gatekeeper Bypass Opens Door for Malicious Code ***
---------------------------------------------
Gatekeeper is Mac OS X's guardian against rogue applications and malware sneaking into Apple's famous walled garden. It's also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow ..
---------------------------------------------
https://threatpost.com/apple-gatekeeper-bypass-opens-door-for-malicious-cod…
*** Car-Hacking Tool Turns Repair Shops Into Malware 'Brothels' ***
---------------------------------------------
A new hacking device finds vulnerabilities in auto diagnostic tools that could be used to spread malware to thousands of vehicles.
---------------------------------------------
http://www.wired.com/2015/10/car-hacking-tool-turns-repair-shops-malware-br…
*** Jumping through the hoops: multi-stage malicious PDF spam ***
---------------------------------------------
Weve recently encountered a number of malicious spam messages with PDFs attached. The PDFs themselves are not malicious as they dont contain executable code, but they do contain images with ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Jumping-through-the-hoops--m…
*** Quaverse RAT: Remote-Access-as-a-Service ***
---------------------------------------------
Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java RAT. As you might expect from a RAT, the tool is capable of grabbing passwords, key logging and browsing files on the victim's computer. On a regular basis for the past several months, we have observed the inclusion of QRAT in a number of spam campaigns.
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-…
*** VMSA-2015-0006.1 ***
---------------------------------------------
VMware vCenter Server updates address a LDAP certificate validation issue
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0006.html
*** Beta Bot Analysis: Part 2 ***
---------------------------------------------
This article is Part 2 in a two-part series. Extracting the Botnet Configuration: The bot configuration is encrypted inside the bot and decrypted while the bot is running. In 1.0.2.5, 1.5 and 1.6 versions, BetaBot uses RC4 and some XOR encryption; you ..
---------------------------------------------
http://resources.infosecinstitute.com/beta-bot-analysis-part-2/
*** VMSA-2015-0007 ***
---------------------------------------------
VMware vCenter and ESXi updates address critical security issues.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0007.html
*** HTTPS Available as Opt-In for Blogspot ***
---------------------------------------------
Google announced that it has made HTTPS available as an opt-in for its Blogspot blog-publishing service.
---------------------------------------------
http://threatpost.com/https-available-as-opt-in-for-blogspot/114872/
*** German Users Hit By Dirty Mobile Banking Malware Posing As PayPal App ***
---------------------------------------------
Additional analysis by Joachim Capiral Mobile banking is now used by more and more users, so it shouldn't be a surprise to see banking Trojans trying to hit these users as well. We've seen spammed mails that pretend to be an update notification for an official PayPal app. These mails ask the user to click on ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/german-users-hit…
*** Important Security Notice from Patreon ***
---------------------------------------------
Yesterday I learned that there was unauthorized access to a Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community.
---------------------------------------------
https://www.patreon.com/posts/important-notice-3457485
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 29-09-2015 18:00 − Mittwoch 30-09-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Analyzing Black Hat URL Shorteners ***
---------------------------------------------
Hackers are known to use URL shortening services to obfuscate their real landing pages. It's very effective in clickbait scams on social networks. Some hackers think that using URL shorteners in site injections makes it less likely to be ..
---------------------------------------------
https://blog.sucuri.net/2015/09/analyzing-black-hat-url-shorteners.html
*** Updated PClock Ransomware Still Comes Up Short ***
---------------------------------------------
In recent years, ransomware families are often glamorized as being some of the most dangerous types of malware. They've certainly caused a wealth of damage to end users with some of the ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/09/updated-pclock-ransomwar…
*** New Tactic Finds RAT Operators Fast ***
---------------------------------------------
Low tolerance for latency makes RAT operators less likely to use proxies, easier to track back home.
---------------------------------------------
http://www.darkreading.com/analytics/new-tactic-finds-rat-operators-fast/d/…
*** Tricks for DLL analysis ***
---------------------------------------------
Very often I get questions on how to perform analysis on DLL files. The reason being that it is easier to perform behavioral analysis on executables, either using external sandboxes or a vmware with tools like the ones from the Sysinternals ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20195
*** Honeywell Experion PKS Directory Traversal Vulnerability ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01
*** Mitsubishi Electric MELSEC FX-Series Controllers Denial of Service ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-146-01
*** Baxter SIGMA Spectrum Infusion System Vulnerabilities ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01
*** RSA Web Threat Detection Bugs Let Remote Authenticated Users Obtain the AnnoDB Password and Local Users Gain Root Privileges ***
---------------------------------------------
Two vulnerabilities were reported in RSA Web Threat Detection. A local user can obtain root privileges on the target system. A remote authenticated user can obtain passwords on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1033672
*** RSA Certificate Manager and Registration Manager Input Validation Flaw in OneStep Component Lets Remote Users Traverse the Directory to View Files on the Target System ***
---------------------------------------------
A vulnerability was reported in RSA Certificate Manager and RSA Registration Manager. A remote user can view files on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1033671
*** freeswitch Heap Overflow ***
---------------------------------------------
A carefully crafted json string supplied to cJSON_Parse will trigger a
heap overflow with user controlled data. The underlying vulnerability occurs in the parse_string function.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015090190
*** Kontodaten via App ergaunert: Salzburgerin geschädigt ***
---------------------------------------------
http://derstandard.at/2000022994264
*** WordPress Malware - VisitorTracker Campaign Update ***
---------------------------------------------
For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially ..
---------------------------------------------
https://blog.sucuri.net/2015/09/wordpress-malware-visitortracker-campaign-u…
*** Companies leave vulnerabilities unpatched for up to 120 days ***
---------------------------------------------
Kenna studied the proliferation of non-targeted attacks and companies' ability to mitigate these threats through the timely remediation of security vulnerabilities ..
---------------------------------------------
http://www.net-security.org/secworld.php?id=18911
*** Security Advisory - Multiple Vulnerabilities in Huawei FusionServer Products ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor…
*** Multiple vulnerabilities in Typo3 extensions ***
---------------------------------------------
http://www.typo3.org/news/article/sql-injection-in-extension-httpbl-blockin…http://www.typo3.org/news/article/cross-site-request-forgery-in-extension-t…http://www.typo3.org/news/article/cross-site-scripting-in-extension-news-sy…http://www.typo3.org/news/article/information-disclosure-in-extension-ldap-…
*** Pwn The Docs: Vulnerability in readthedocs.org ***
---------------------------------------------
If youre not familiar with readthedocs.org its a really popular place for developers to post documentation on their open source code. Its a really great platform and we in fact use it regularly. Honestly, Ive struggled with whether I want to release this vulnerability because its maintained by a few dudes ..
---------------------------------------------
http://alex.hyperiongray.com/posts/302352-pwn-the-docs
*** The Cost of a Data Breach: How Harmful Can a Data Breach Be? ***
---------------------------------------------
There is this belief that businesses that have suffered a data security breach very often do not recover. But is that really so? What does it take to actually destroy a company with a data breach? Before we go to the analysis, ..
---------------------------------------------
http://resources.infosecinstitute.com/the-cost-of-a-data-breach-how-harmful…
*** That Big Security Fix for Credit Cards Won't Stop Fraud ***
---------------------------------------------
The new chip cards and readers wont stop card fraud but will simply shift it to a different area.
---------------------------------------------
http://www.wired.com/2015/09/big-security-fix-credit-cards-wont-stop-fraud/
*** User Education, Carrot vs. Stick ***
---------------------------------------------
It's a perennial problem, after hours of presentations, online training, reminder emails, poster campaigns and memos, the phone rings, and a senior member of staff has opened a malicious email attachment, ..
---------------------------------------------
https://blog.team-cymru.org/2015/09/user-education-carrot-vs-stick/
*** Sicherheitslücken gestopft: SAP macht HANA sicherer ***
---------------------------------------------
SAP hat im Mai und April dieses Jahres zwölf Sicherheitslücken in der In-Memory-Plattform HANA geschlossen. Onapsis hat die Lücken erst jetzt gebündelt offengeleg, geht aus einer am gestrigen Dienstag veröffentlichten Sicherheitswarnung von Onapsis hervor.
---------------------------------------------
http://heise.de/-2835049
*** Europol: Cyber-Kriminelle werden immer aggressiver ***
---------------------------------------------
In Den Haag beraten 300 Experten von Europol und Interpol über wirksame Strategien gegen die Internet-Kriminalität.
---------------------------------------------
http://heise.de/-2835263
*** Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet ***
---------------------------------------------
Should have stayed under the skirt of Mother Russia. Just a thought Dimitry Belorossov - a Russian cyber-criminal who used the Citadel banking trojan - has been ..
---------------------------------------------
www.theregister.co.uk/2015/09/30/rainerfox_sentenced/
*** New 'Ghost Push' Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps ***
---------------------------------------------
Halloween is still a month from now and yet Android users are already being haunted by the previously reported 'Ghost Push' malware, which roots ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/new-ghost-push-v…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 28-09-2015 18:00 − Dienstag 29-09-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Hacker nutzen Imgur-Lücke beim Angriff auf Reddit und 8chan ***
---------------------------------------------
Eine Lücke in einem beliebten Bilder-Hoster wie Imgur kann fatale Folgen haben. Wie im vorliegenden Fall, als Hacker über Bande die Nutzer von Reddit und 8chan ins Visier nahmen.
---------------------------------------------
http://heise.de/-2828142
*** Revisiting Apple IPC: (1) Distributed Objects ***
---------------------------------------------
Earlier this year I gave a talk at the inaugural Jailbreak Security Summit entitled Auditing and Exploiting Apple IPC [ slides | video ]. As part of my research for that talk I wanted to find at least one bug involving each of the available IPC mechanisms on OS X/iOS; many of which remain unexplored and poorly-documented from ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/09/revisiting-apple-ipc-1-distri…
*** Regaining Control Over Edge ***
---------------------------------------------
Getting stuck in a loop is no fun especially when it makes your browser unusable. Microsoft Edge has a bigger chance of that happening due to its default settings.
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/09/regaining-control-ove…
*** CryptoWall's 'Customer Journey' Sounds Like A Real Nightmare ***
---------------------------------------------
The latest episode of Radiolab has what is without a doubt the best malware victim interview I've ever heard. Inna Simone's computer was infected by CryptoWall late last year and based on her telling of it, the worst part of the experience was trying to buy the Bitcoin she needed to pay off the extortionists.
---------------------------------------------
https://labsblog.f-secure.com/2015/09/28/cryptowalls-customer-journey/
*** ZDI-15-451: InduSoft Web Studio Remote Agent Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-451/
*** VeraCrypt Patched Against Two Critical TrueCrypt Flaws ***
---------------------------------------------
Two privilege escalation vulnerabilities in the last TrueCrypt build were discovered by James Forshaw of Google Project Zero, and patched in VeraCrypt.
---------------------------------------------
http://threatpost.com/veracrypt-patched-against-two-critical-truecrypt-flaw…
*** Oysters tablet comes preinstalled with Trojanized Android firmware ***
---------------------------------------------
Keeping your mobile device free of malware requires intentional care, but sometimes even that is not enough. As Dr. Web researchers recently pointed out, a device you buy from ..
---------------------------------------------
http://www.net-security.org/malware_news.php?id=3115
*** NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015090182
*** Lebenswichtige medizinische Geräte ungeschützt im Internet ***
---------------------------------------------
Herzschrittmacher, Infusionsgeräte, Magnetresonanztomographen: Sicherheitsforscher haben Zehntausende medizinische Geräte entdeckt, die über das Internet leicht angegriffen werden können - weil sie meist noch mit Windows XP laufen. Die Forscher setzten Defibrillatoren und MRTs als Honeypots ein.
---------------------------------------------
http://www.golem.de/news/it-sicherheit-lebenswichtige-medizinische-geraete-…
*** Abusing GDI for ring0 exploit primitives ***
---------------------------------------------
Not long ago I came across a certain font related vulnerability, it was a 0day being exploited in the wild. The vulnerability was in a driver I was somewhat familiar with ATFMD.SYS.
---------------------------------------------
https://blog.coresecurity.com/2015/09/28/abusing-gdi-for-ring0-exploit-prim…
*** Botnet preying on Linux computers delivers potent DDoS attacks ***
---------------------------------------------
XOR DDoS bombards as many as 20 targets per day, sometimes with 150 GBpS of traffic.
---------------------------------------------
http://arstechnica.com/security/2015/09/botnet-preying-on-linux-computers-d…
*** There is an app commandlet for that ***
---------------------------------------------
Allegedly dubbed as Microsoft's post-exploitation language powershell is Microsoft attempt to provide good command-line interface for administrators, developers and power users. Despite being 8 years old it only recently started getting widespread adoption with enterprises moving on to Windows 7 and 2008 environments.
---------------------------------------------
https://dfirblog.wordpress.com/2015/09/27/dissecting-powershell-attacks/
*** Reverse Engineering Virtual Machine Protected Binaries ***
---------------------------------------------
In code obfuscation, a virtual machine is a mechanism used to execute a different instruction set than the one used by machine that runs the program. For example, a virtual machine can support executing the ARM instruction set on a 32-bit x86 architecture. Virtual machines used in code obfuscation are completely ..
---------------------------------------------
http://resources.infosecinstitute.com/reverse-engineering-virtual-machine-p…
*** Disclosing Vulnerabilities, Using Data Dumps & Sharing Threat Intelligence ***
---------------------------------------------
In recent years, there has been an explosion in the number of information security conferences held around the world. Despite this, the weeks leading up to Black Hat in Las Vegas are still reserved for some of the most significant security announcements, advancements and hacks of ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/disclosing-vulnerabili…
*** ATM Skimmer Gang Firebombed Antivirus Firm ***
---------------------------------------------
Its notable whenever cybercime spills over into real-world, physical attacks. This is the story of a Russian security firm whose operations were pelted with Molotov cocktail attacks after exposing an organized crime gang that developed and sold malicious software to steal cash from ATMs.
---------------------------------------------
http://krebsonsecurity.com/2015/09/atm-skimmer-gang-firebombed-antivirus-fi…
*** Warning: Malicious emails claiming to be from Doctor Web ***
---------------------------------------------
Virus makers often use names of well-known anti-virus companies to gain their victims trust and make them install some malicious program on their computers. At the end of September, cybercriminals employed this method to distribute a dangerous Trojan designed ..
---------------------------------------------
http://news.drweb.com/show/?i=9631&lng=en&c=9
*** Security Advisory 2015-01: Vulnerability in OTRS iPhoneHandle interface allows user with valid session privilege escalation ***
---------------------------------------------
September 29, 2015 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security(a)otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2016-03-02] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22
---------------------------------------------
https://www.otrs.com/security-advisory-2015-01-vulnerability-in-otrs-iphone…
*** Security Advisory 2015-02: Scheduler Process ID File Access ***
---------------------------------------------
September 29, 2015 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security(a)otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2016-03-02] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22
---------------------------------------------
https://www.otrs.com/security-advisory-2015-02-scheduler-process-id-file-ac…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 25-09-2015 18:00 − Montag 28-09-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Fake online Avast scanner ***
---------------------------------------------
Thanks to a tip from a friend, we came across a fake online scanner that abuses the good name of Avast. The idea to get you to visit this site is by waiting for someone to make a typo and end up at facebooksecuryti(dot)com. The site shows a ..
---------------------------------------------
https://blog.malwarebytes.org/social-engineering/2015/09/fake-online-avast-…
*** Compromised WordPress Campaign - Spyware Edition ***
---------------------------------------------
The Zscaler security research team started investigating multiple WordPress related security events earlier this month and came across a new widespread compromised WordPress campaign leading to the download of unwanted applications. This has been briefly covered by dynamoo and has been reported by some users on official WordPress forums.
---------------------------------------------
http://research.zscaler.com/2015/09/compromised-wordpress-campaign-spyware.…
*** Cisco TelePresence Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability in the web interface of Cisco TelePresence Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41128
*** Banks: Card Breach at Hilton Hotel Properties ***
---------------------------------------------
Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States. Hilton says it is investigating the claims.
---------------------------------------------
http://krebsonsecurity.com/2015/09/banks-card-breach-at-hilton-hotel-proper…
*** Splunk Input Validation Flaw in Splunk Web Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1033655
*** McAfee Enterprise Security Manager Filename Processing Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1033654
*** Android Security Symposium - Videos online ***
---------------------------------------------
The Android Security Symposium was a huge success and we are happy that the Videos are available online now. Thank you to Usmile for making this possible!
---------------------------------------------
https://www.sba-research.org/2015/09/26/android-security-symposium-videos-o…
*** Yahoo! Launches Free Web Application Security Scanner ***
---------------------------------------------
Yahoo! has open-sourced Gryffin - a Web Application Security Scanner - in an aim to improve the safety of the Web for everyone. Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a ..
---------------------------------------------
https://thehackernews.com/2015/09/web-application-security-scanner.html
*** Android 6.0: Wie Google den Nutzern die Kontrolle zurückgeben will ***
---------------------------------------------
Das neue Berechtigungsmodell von "Marshmallow" bringt signifikante Verbesserungen
---------------------------------------------
http://derstandard.at/2000022756525
*** Git-1.9.5 ssh-agent.exe Buffer Overflow ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015090161
*** Kim Jong Un: Ein Mobilfunknetz nur für mich ***
---------------------------------------------
Ein eigenes Mobilfunknetz für die nordkoreanische Führung: Was nach einem merkwürdigen Statussymbol klingt, soll die Sicherheit der Regierungskommunikation in dem abgeschotteten Land erhöhen.
---------------------------------------------
http://www.golem.de/news/kimg-jong-un-ein-mobilfunknetz-nur-fuer-mich-1509-…
*** How I hacked my IP camera, and found this backdoor account ***
---------------------------------------------
The time has come. I bought my second IoT device - in the form of a cheap IP camera. As it was the cheapest among all others, my expectations regarding security was low. But this camera was still able to surprise me. Maybe I will disclose the camera model used in my hack in this blog later, but first ..
---------------------------------------------
http://jumpespjump.blogspot.co.at/2015/09/how-i-hacked-my-ip-camera-and-fou…
*** 332M Kick Ass pirates get asses kicked by scareware ass-kickers ***
---------------------------------------------
Welcome to internet technical support. Please give us your computer The worlds most popular pirate torrent site KickAss Torrents is serving scareware advertising, helping dodgy call centre operators con users into handing over remote access to their machines.
---------------------------------------------
www.theregister.co.uk/2015/09/28/332m_kick_ass_pirates_get_asses_kicked_by_…
*** HTTP Evasions Explained - Part 3 - Chunked Transfer ***
---------------------------------------------
This is the third article in a series which will explain the evasions done by HTTP Evader. It covers the failure of several firewalls (and some browsers) to support the Transfer-Encoding chunked in the correct way. For example it is possible to bypass ..
---------------------------------------------
http://noxxi.de/research/http-evader-explained-3-chunked.html
*** Mobile Ad Networks as DDoS Vectors: A Case Study ***
---------------------------------------------
CloudFlare servers are constantly being targeted by DDoSes. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets.
---------------------------------------------
https://blog.cloudflare.com/mobile-ad-networks-as-ddos-vectors/
*** Android-Sicherheit: Fehlende Updates als Achillesferse ***
---------------------------------------------
Hersteller nehmen ihre Verantwortung nicht wahr - Zeit für die Politik zu handeln
---------------------------------------------
http://derstandard.at/2000022489460
*** Microsoft: Weniger als 1 Prozent aller Windows-PCs mit Malware infiziert ***
---------------------------------------------
Dem Leiter von Microsofts Antiviren-Abteilung zufolge finden sich lediglich auf 0,6 Prozent aller vom ihm untersuchten ..
---------------------------------------------
http://heise.de/-2824369
*** Saudi Arabia: They liked Hacking Team so much they tried to buy the company ***
---------------------------------------------
Might be nice to avoid new spy tech export laws The Saudi Arabian government came close to buying a majority stake in Italian surveillance software firm Hacking Team last year.
---------------------------------------------
www.theregister.co.uk/2015/09/28/saudi_arabia_hacking_team/
*** Cybercrime-Bekämpfung: "Kooperation ist der Schlüssel" ***
---------------------------------------------
Interpol-Direktor Noboru Nakatani sprach sich am Montag in Wien für eine bessere Zusammenarbeit zwischen Behörden und Wirtschaft bei der Bekämpfung von Cyberkriminalität aus.
---------------------------------------------
http://futurezone.at/digital-life/cybercrime-bekaempfung-kooperation-ist-de…
*** (Angebliche) Sicherheitslücke: Remote Code Execution durch infizierte Winrar-Archive ***
---------------------------------------------
Selbst entpackende Archive können mit einfachen Mitteln mit Schadcode infiziert werden, der dann auf dem Rechner der Nutzer ausgeführt wird. Die Winrar-Entwickler geben jedoch Entwarnung und kritisieren die Veröffentlichung.
---------------------------------------------
http://www.golem.de/news/angebliche-sicherheitsluecke-remote-code-execution…
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 24-09-2015 18:00 − Freitag 25-09-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Google's Three Tips for Sabotaging the Cybercrime Economy ***
---------------------------------------------
In a broad study, a team of Googlers and academic researchers suggest attacking the cybercrime supply chain.The post Google's Three Tips for Sabotaging the Cybercrime Economy appeared first on WIRED.
---------------------------------------------
http://www.wired.com/2015/09/google-offers-3-lessons-crippling-online-crime…
*** Facebook-Betrüger locken mit Dislike-Button ***
---------------------------------------------
Klicken Sie hier, wenn Sie als Erster den neuen Dislike-Knopf testen wollen: So funktioniert eine neue Betrugsmasche auf Facebook. Auf den Link sollten Sie aber nicht klicken.
---------------------------------------------
http://futurezone.at/digital-life/facebook-betrueger-locken-mit-dislike-but…
*** Multiple XSS vulnerabilities in FortiManager GUI ***
---------------------------------------------
http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortiman…
*** Microsoft puts a bullet in blundering D-Links leaked key that made malware VIPs on PCs ***
---------------------------------------------
Private code-signing cert revoked at last Microsoft has finally revoked D-Links leaked code-signing key, which gave malware the red carpet treatment on millions of Windows PCs.
---------------------------------------------
www.theregister.co.uk/2015/09/24/dlink_key_revoked/
*** SSL Malvertising Campaign Targets Top Adult Sites ***
---------------------------------------------
A long running malvertising campaign hits major adult sites with a carefully crafted advert.
---------------------------------------------
https://blog.malwarebytes.org/malvertising-2/2015/09/ssl-malvertising-campa…
*** Cryptowar: Hintertür für verschlüsselte Smartphone-Daten gesucht ***
---------------------------------------------
Experten haben im Auftrag der US-Regierung darüber nachgedacht, wie Behörden Zugang zu verschlüsselten Daten auf Smartphones bekommen können - und vier Optionen entwickelt. Doch alle bringen große technische Probleme mit sich.
---------------------------------------------
http://www.golem.de/news/cryptowar-hintertuer-fuer-verschluesselte-smartpho…
*** Security: Cookies können Sicherheitslücke sein ***
---------------------------------------------
Alle gängigen Browser sind über manipulierte Cookies angreifbar. Angreifer können mit einem Man-in-the-Middle-Angriff vertrauliche Nutzerdaten auslesen.
---------------------------------------------
http://www.golem.de/news/security-cookies-sind-eine-sicherheitsluecke-1509-…
*** Windows 10 IoT: Verschlüsselung für das Internet der Dinge ***
---------------------------------------------
Nutzer von IoT-Core können ihre Daten künftig mit Bitlocker verschlüsseln und Elektromotoren steuern. Ausserdem kann das Betriebssystem jetzt im Paket mit dem Raspberry-Pi 2 bestellt werden.
---------------------------------------------
http://www.golem.de/news/windows-10-iot-verschluesselung-fuer-das-internet-…
*** Aktuelle Masche: Spam über Bande ***
---------------------------------------------
Durch den Missbrauch von Beschwerde-Formularen oder Bug-Tracking-Systemen umgehen Spammer die Spam-Filter - auch die mühsam antrainierten der Anwender.
---------------------------------------------
http://heise.de/-2826159
*** Endress+Hauser Fieldcare/CodeWrights HART Comm DTM XML Injection Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for two vulnerabilities within the Endress+Hauser HART DTM software libraries.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-267-01
*** Belkin vergisst PGP-Schlüssel in Lichtschalter-Firmware ***
---------------------------------------------
Ein Lichtschalter mit Linux-Firmware. Praktisch, dachte sich Linux-Kernelentwickler Matthew Garrett und warf einen Blick auf die Software. Was er fand, überraschte ihn allerdings sehr: Den PGP-Key, mit dem Belkin seine Firmware unterschreibt.
---------------------------------------------
http://heise.de/-2826218
*** l+f: Ormandy auf Killing Spree ***
---------------------------------------------
Nach NOD32 und Kaspersky ist nun Avast an der Reihe.
---------------------------------------------
http://heise.de/-2826654
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 23-09-2015 18:00 − Donnerstag 24-09-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the SSH version 2 (SSHv2) protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability ***
---------------------------------------------
A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local ..
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41135
*** Bidding for Breaches, Redefining Targeted Attacks ***
---------------------------------------------
A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of "targeted attacks." These bid-and-ask forums match crooks who are looking for access to specific data, resources or systems within major corporations with hired muscle who are up to the task or who already have access to those resources.
---------------------------------------------
http://krebsonsecurity.com/2015/09/bidding-for-breaches-redefining-targeted…
*** Custom Sidebars 2.1.0.1 - XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8196
*** Multiple vulnerabilities in Kaseya Virtual System Administrator ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-450/http://www.zerodayinitiative.com/advisories/ZDI-15-449/http://www.zerodayinitiative.com/advisories/ZDI-15-448/
*** Healthcare Organizations Twice As Likely To Experience Data Theft ***
---------------------------------------------
Bad guys very willing to invest in attacking medical data, but healthcare not very willing to invest in defending it.
---------------------------------------------
http://www.darkreading.com/risk/healthcare-organizations-twice-as-likely-to…
*** Chinese Actors Use '3102' Malware in Attacks on US Government and EU Media ***
---------------------------------------------
On May 6 and May 11, 2015, Unit 42 observed two targeted attacks, the first against the U.S. government and the second on a European media company. Threat actors delivered the same document via ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-…
*** An Update on Nuclear (Reverse) Engineering ***
---------------------------------------------
Although Angler continues to be the leading exploit kit, Nuclear is a significant threat to web surfers and seems to have been very active lately. ThreatLabZ recently encountered a Nuclear campaign originating from a variety of compromised ..
---------------------------------------------
http://research.zscaler.com/2015/09/an-update-on-nuclear-reverse-engineerin…
*** Quaverse RAT: Remote-Access-as-a-Service ***
---------------------------------------------
Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java RAT. As you might expect from a RAT, the tool is capable of grabbing passwords, ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Ac…
*** UltraEdit 22.20 Buffer Overflow ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015090142
*** Fingerabdrücke von Millionen US-Bediensteten gestohlen ***
---------------------------------------------
Eine China zugeschriebene Hacker-Attacke auf die US-Bundespersonalbehörde OPM war noch schwerer als ohnehin schon gedacht. Demnach verschafften sich die Cyber-Angreifer neben ..
---------------------------------------------
http://derstandard.at/2000022711754
*** Tracking Administrator Sessions in Windows Environments ***
---------------------------------------------
Tracking users with privileged access is a critical task in your security policy (SANS Critical Security Control #12). If the key point is to restrict the number of 'power users' to the lowest, it's not always easy. Most of them ..
---------------------------------------------
https://blog.rootshell.be/2015/09/24/tracking-administrator-sessions-in-win…
*** Exploiting Corporate Printers ***
---------------------------------------------
Printer exploitation and vulnerability in printers are serious problems, similar to those faced with computers and other hard drive devices, since they are connected to the network like other devices. Nowadays, most corporate offices or organizations ..
---------------------------------------------
http://resources.infosecinstitute.com/exploiting-corporate-printers/
*** General HTML5 Security ***
---------------------------------------------
HTML5 is a living standard and new features are being added as we speak. New features will continue to arrive and browsers will keep becoming better and better at supporting them. However, those new features also bring with them new opportunities for ..
---------------------------------------------
http://resources.infosecinstitute.com/general-html5-security/
*** XcodeGhost: Apple veröffentlicht "Top 25" der infizierten Apps ***
---------------------------------------------
Apple hat die 25 populärsten unter den kompromittierten Apps genannt, für manche ist bereits ein Update erhältlich. Die Einschätzungen zur Gesamtzahl der durch XcodeGhost betroffenen iOS-Programme variieren weiterhin deutlich.
---------------------------------------------
http://heise.de/-2824927
*** Kovter malware learns from Poweliks with persistent fileless registry update ***
---------------------------------------------
A variant of the Kovter malware is the first to use Trojan.Poweliks' pioneering tricks by residing only in the registry to evade detection.
---------------------------------------------
http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persis…
*** One Year After Shellshock, Are Your Servers and Devices Safer? ***
---------------------------------------------
Security researchers were the first to respond during the Shellshock attacks of 2014. After news of the fatal flaw in the prevalent Bash (Bourne Again Shell)- found in most versions of the Unix and Linux operating systems as well as in Mac OSX - was released, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/one-year-after-s…