======================= = End-of-Shift report = =======================
Timeframe: Freitag 14-10-2016 18:00 − Montag 17-10-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl
*** pseudoDarkleech Rig EK *** --------------------------------------------- Since Monday 2016-10-03, the pseudoDarkleech campaign has been using Rig exploit kit (EK) to distribute Cerber ransomware." /> Shown above: An infection chain of events. Let" /> Shown above:" /> Shown above: UDP traffic seen .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21595
*** Sierra Wireless Mitigations Against Mirai Malware *** --------------------------------------------- NCCIC/ICS-CERT received a technical bulletin from the Sierra Wireless company, outlining mitigations to secure Airlink Cellular Gateway devices affected by (or at risk of) the “Mirai” malware. While the Sierra Wireless .. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-286-01
*** Vuln: Magento CMS Multiple Cross-Site Request Forgery Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/93576
*** Vuln: Magento CMS Flash File Uploader Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93575
*** Vuln: PHP password_verify() Function Out-of-Bounds Read Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/93578
*** Maldoc VBA Anti-Analysis *** --------------------------------------------- I was asked for help with the analysis of sample 7c9505f2c041ba588bed854258344c43. Turns out this malicious Word document has some anti-analysis tricks (here is an older diary entry with other anti-analysis tricks). Here is the analysis with oledump.py: Stream 8 contains VBA .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21599
*** Symantec observed a surge of spam emails using malicious WSF files *** --------------------------------------------- Symantec observed a significant increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments. Experts from Symantec are observing a significant increase in the number of email-based .. --------------------------------------------- http://securityaffairs.co/wordpress/52341/cyber-crime/spam-wsf-files.html
*** Analyzing Office Maldocs With Decoder.xls, (Sun, Oct 16th) *** --------------------------------------------- In my last diary entry, I show how to decode VBA maldoc strings with Excel. A similar technique can be used to decode a payload (like shellcode). I explain .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21601
*** Outlook-on-Android alternative Nine leaked Exchange Server creds *** --------------------------------------------- Patches slung to fix popular third-party email app Staff logging into Exchange Server through a popular app could have placed their enterprise credentials at risk through a since-closed vulnerability. --------------------------------------------- www.theregister.co.uk/2016/10/17/outlook_app_slapped_in_maninthemiddle_diddle/
*** VMSA-2016-0016 *** --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0016.html
*** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director (CVE-2016-0264, CVE-2016-3426) *** --------------------------------------------- There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version .. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024427
*** No More Ransom adds law enforcement partners from 13 new countries *** --------------------------------------------- Intel Security and Kaspersky Labs today announced that 13 law enforcement agencies have joined No More Ransom, a partnership between cybersecurity industry and law enforcement organizations to provide ransomware victims education and decryption tools through www.nomoreransom.org. Intel .. --------------------------------------------- https://blogs.mcafee.com/mcafee-labs/no-ransom-adds-law-enforcement-partners...