======================= = End-of-Shift report = =======================
Timeframe: Freitag 24-06-2016 18:00 − Montag 27-06-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl
*** Economical With The Truth: Making DNSSEC Answers Cheap *** --------------------------------------------- We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost. One of the ways we .. --------------------------------------------- https://blog.cloudflare.com/black-lies/
*** Security Advisory: Multiple Wireshark (tshark) vulnerabilities *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/87/sol87669052.html
*** Security Advisory: Multiple Wireshark (tshark) vulnerabilities *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/01/sol01837042.html
*** Option CloudGate Insecure Direct Object References Authorization Bypass *** --------------------------------------------- Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass .. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5333.php
*** Bart - a new Ransomware *** --------------------------------------------- Phishme is reporting the discovery of a new ransomwarewhich its creators have named Bart. Bart shares several commonalities with the Locky ransomware. Bart is delivered by thesame downloader, RockLoader. The payment .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21195
*** Zwei populäre Exploit-Kits schlagartig verschwunden *** --------------------------------------------- Sicherheitsforscher haben seit mehreren Wochen keine Aktivitäten mehr durch die vormals bei Cyber-Ganoven beliebten Exploit-Kits Angler und Nuclear festgestellt. --------------------------------------------- http://heise.de/-3248999
*** How executives really feel about infosec reports *** --------------------------------------------- More than half of IT and security executives will lose their jobs as a result of failing to provide useful, actionable information. While the majority of board members say they understand everything they�re being told by IT and security .. --------------------------------------------- https://www.helpnetsecurity.com/2016/06/27/executives-infosec-reports/
*** Hackers peer into Uber passenger privates, find and plot trips on maps *** --------------------------------------------- Brute force efforts reveal 1000 discount codes Three hackers have found eight holes in Uber that could allow fake drivers to be created and user email addresses reveal, .. --------------------------------------------- www.theregister.co.uk/2016/06/27/hackers_peer_into_uber_passenger_privates_find_and_plot_trips_on_maps/
*** Annual FiRST Conference Wrap-up *** --------------------------------------------- The 28th FiRST security event was held in - the land of morning calms' capital, Seoul this past June 12-17, 2016. This is the yearly conference for all CERT .. --------------------------------------------- https://blog.fortinet.com/2016/06/23/annual-first-conference-wrap-up
*** The Threatening Evolution of Exploit Kits *** --------------------------------------------- Exploit Kits, even more sophisticated and profitable Exploit kits are rapidly evolving, threat actors improve them on a daily basis by adding the code for the exploitation of the most recent vulnerabilities. In October 2015, .. --------------------------------------------- http://resources.infosecinstitute.com/the-threatening-evolution-of-exploit-k...
*** Unechte PayLife-Mail: Verdacht auf Ihre letzte Transaktion *** --------------------------------------------- Mit einer unechten Benachrichtigung von PayLife versuchen Kriminelle, an Kontoinformationen von Opfern zu gelangen. Um das Ziel zu erreichen, behaupten sie, dass es bei der letzten PayLife-Transaktion zu Unstimmigkeiten gekommen sei. Aus .. --------------------------------------------- https://www.watchlist-internet.at/phishing/unechte-paylife-mail-verdacht-auf...
*** EU finanziert Code-Review: Open-Source-Projekte gesucht *** --------------------------------------------- Mit einem Pilotprojekt will die EU die IT-Sicherheit verbessern. Nun sind die Nutzer gefragt: Welches Open Souce-Projekt sollte einen Sicherheits-Check bekommen? --------------------------------------------- http://heise.de/-3249615
*** How to Backdoor Diffie-Hellman *** --------------------------------------------- Abstract: Lately, several backdoors in cryptographic constructions, protocols and implementations have been surfacing in the wild: Dual-EC in RSAs B-Safe product, a modified Dual-EC in Junipers operating system ScreenOS and a .. --------------------------------------------- https://eprint.iacr.org/2016/644
*** The Curious Case of an Unknown Trojan Targeting German-Speaking Users *** --------------------------------------------- Last week, an unidentified malware was discovered and circulated on Twitter by researcher @JAMES_MHT. Many researchers - including us - were unable to identify the malware so we decided to dig a bit further. In this post, .. --------------------------------------------- https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-t...