======================= = End-of-Shift report = =======================
Timeframe: Montag 18-07-2016 18:00 − Dienstag 19-07-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Third time (un)lucky – improved Petya is out *** --------------------------------------------- So far, we dedicated several articles to the interesting, low-level ransomware called Petya, hijacking the boot sector. Each of those versions was using Salsa20 algorithm to encrypt Master File Table and make disk inaccessible. However, .. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2016/07/third-time-unlucky-imp...
*** DSA-3622 python-django - security update *** --------------------------------------------- It was discovered that Django, a high-level Python web developmentframework, is prone to a cross-site scripting vulnerability in theadmins add/change related popup. --------------------------------------------- https://www.debian.org/security/2016/dsa-3622
*** World-Check terror suspect DB hits the web at just US$6750 *** --------------------------------------------- Last months borked Couchdb breach delivers more pain to Thomson Reuters The World-Check database that lists "heightened risk individuals and organizations" is reportedly up for sale on the dark web. --------------------------------------------- www.theregister.co.uk/2016/07/19/6750_buys_you_22_million_worldcheck_citizen_terror_records/
*** Carbanak Gang Tied to Russian Security Firm? *** --------------------------------------------- Among the more plunderous cybercrime gangs is a group known as "Carbanak," Eastern European hackers blamed for stealing more than a billion dollars from banks. Today .. --------------------------------------------- http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-fi...
*** Lauschangriff: Netzwerk-Geräte von Juniper akzeptierten selbst signierte Zertifikate *** --------------------------------------------- Juniper hat in seinem Betriebssystem Junos OS einen Bug geschlossen, der die Signatur-Prüfung von Zertifikaten aushebelte. --------------------------------------------- http://heise.de/-3270285
*** Apple aktualisiert alle seine Betriebssysteme *** --------------------------------------------- iOS 9.3.3, OS X El Captian 10.11.6, watchOS 2.2.2 und tvOS 9.2.2 stehen zum Download bereit – und beheben Fehler vor dem nächsten großen Update. --------------------------------------------- http://heise.de/-3270059
*** Malware History: Code Red *** --------------------------------------------- Fifteen years (5479 days) ago… Code Red hit its peak. An infamous computer worm, Code Red exploited a vulnerability in Microsoft Internet Information Server (IIS) to propagate. Infected servers displayed the following .. --------------------------------------------- https://labsblog.f-secure.com/2016/07/19/malware-history-code-red/
*** Cross-Site Scripting in third party library mso/idna-convert *** --------------------------------------------- https://typo3.org/news/article/cross-site-scripting-in-third-party-library-m...
*** Cross-Site Scripting vulnerability in typolinks *** --------------------------------------------- https://typo3.org/news/article/cross-site-scripting-vulnerability-in-typolin...
*** SQL Injection in TYPO3 Frontend Login *** --------------------------------------------- https://typo3.org/news/article/sql-injection-in-typo3-frontend-login/
*** Cross-Site Scripting in TYPO3 Backend *** --------------------------------------------- https://typo3.org/news/article/cross-site-scripting-in-typo3-backend-1/
*** Pokémon Go: Sicherheitsforscher stoßen auf 215 Fake-Apps *** --------------------------------------------- In verschiedenen Android-App-Stores sollen gefährliche Trittbrettfahrer-Apps lauern, die mit Pokémon Go bis auf den Namen nichts gemein haben. Im schlimmsten Fall spionieren sie Geräte aus. --------------------------------------------- http://heise.de/-3270676
*** Long lasting Magnitude EK malvertising campaign not affected by slowdown in EK activity *** --------------------------------------------- We have been tracking a malvertising campaign distributing the Cerber ransomware linked to the actor behind the Magnitude exploit kit for months. Despite a global slowdown in .. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/exploits/2016/07/long-lasting-magni...