======================= = End-of-Shift report = =======================
Timeframe: Donnerstag 26-03-2015 18:00 − Freitag 27-03-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Cisco Wireless LAN Controller Task Name aaaQueueReader Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=38076
*** Verschlüsselung: Kryptographen zeigen neue Angriffe gegen RC4 *** --------------------------------------------- Eine bislang wenig beachtete Schwäche von RC4 nutzt der Kryptograph Itsik Mantin für seine neue Angriffsmethode. Ein weiterer kürzlich vorgestellter Angriff betrifft IMAP-Verbindungen. --------------------------------------------- http://www.golem.de/news/verschluesselung-rc4-erneut-unter-beschuss-1503-113...
*** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Schneider Electric has released new patches that mitigate these vulnerabilities. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-15-085-01
*** Beta Bot Trojan *** --------------------------------------------- In this article, I would like to show how an analysis is performed on the Beta Bot trojan to identify its characteristics. The Beta Bot trojan, classified as Troj/Neurevt-A, is a dangerous trojan. This trojan is transferred to the victim machine through a phishing email, and the user downloads the files disguised .. --------------------------------------------- http://resources.infosecinstitute.com/beta-bot-trojan/
*** Cisco NX-OS Software DHCP Options Command Injection Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=38062
*** Microsoft will Windows-Lücke nicht schliessen *** --------------------------------------------- Google entdeckt Fehler, über den sich einfache Nutzer Systemrechte verschaffen können. --------------------------------------------- http://derstandard.at/2000013551658
*** The bizarre, pre-internet history of ransomware *** --------------------------------------------- Two months ago, I wrote a short article about helping my mother deal with CryptoWall 2.0., a form of computer virus more broadly known as ransomware. Basically what happens is this: You flip open your laptop to find you have been locked out of all your files. Then a ransom note hovers into view, written .. --------------------------------------------- https://medium.com/un-hackable/the-bizarre-pre-internet-history-of-ransomwar...
*** Baidu's traffic hijacked to DDoS GitHub.com *** --------------------------------------------- As a Chinese living outside of China, I frequently visit Chinese websites, many of which use advertising and visitor tracking provided by Baidu, the largest search engine available in China. As I was browsing one of the most popular .. --------------------------------------------- http://insight-labs.org/?p=1682
*** Vulnerability: CVE-2015-0932 *** --------------------------------------------- ANTLabs InnGate devices are a popular Internet gateway for visitor-based networks. They're commonly installed in hotels, convention centers and other places that provide temporary guests access to a WiFi connection. If you've ever used WiFi in a hotel, you're familiar with these types of devices as they are typically tied to a specific room number for billing purposes. --------------------------------------------- http://blog.cylance.com//spear-team-cve-2015-0932