======================= = End-of-Shift report = =======================
Timeframe: Freitag 02-09-2016 18:00 − Montag 05-09-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl
*** DNS tunneling threat drills into nearly half of networks tested *** --------------------------------------------- InfoBloxs new report showed nearly half of all networks tested to show signs of DNS tunnelling --------------------------------------------- http://www.scmagazine.com/dns-tunneling-threat-drills-into-nearly-half-of-ne...
*** Android Patch Fixes Nexus 5X Critical Vulnerability *** --------------------------------------------- Google patched an undocumented vulnerability that allowed attackers to bypass Nexus 5X devices lock screen via a forced memory dump that exposed the device owners password. --------------------------------------------- http://threatpost.com/android-patch-fixes-nexus-5x-critical-vulnerability/12...
*** Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability *** --------------------------------------------- A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) server functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to access data from a packet buffer that was previously .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
*** Sundown EK – Stealing Its Way to the Top *** --------------------------------------------- Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Sundown-EK-%e2%80%93-Ste...
*** Mailman Access Control Flaw in User Options Page Lets Remote Users Conduct Cross-Site Request Forgery Attacks *** --------------------------------------------- Mailman Access Control Flaw in User Options Page Lets Remote Users Conduct Cross-Site Request Forgery Attacks --------------------------------------------- http://www.securitytracker.com/id/1036728
*** ‘Flash Hijacks’ Add New Twist to Muggings *** --------------------------------------------- A frequent crime in Brazil is a scheme in which thieves kidnap people as theyre leaving a bank, and free them only after theyve visited a number of ATMs to withdraw .. --------------------------------------------- http://krebsonsecurity.com/2016/09/flash-hijacks-add-new-twist-to-muggings/
*** Telnet is not dead – at least not on ‘smart’ devices *** --------------------------------------------- Depending on your age, you either might or might not have used Telnet to connect to remote computers in the past. But .. --------------------------------------------- http://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at-least-not-on-smart-de...
*** "Wenn Ihre Daten in der Cloud sind, hat sie auch die NSA" *** --------------------------------------------- Der Kryptologe Bart Preneel im futurezone-Interview über Verschlüsselung in der Nach-Snowden-Ära, Hintertüren und Quantenkryptographie. --------------------------------------------- https://futurezone.at/science/wenn-ihre-daten-in-der-cloud-sind-hat-sie-auch...
*** Microsoft thought of the children and decided to ban some browsers *** --------------------------------------------- Redmonds Family Settings now block browsers-without-filters by default, but which ones? Microsoft has updated its family filters to block some rival .. --------------------------------------------- www.theregister.co.uk/2016/09/05/microsoft_thought_of_the_children_and_decided_they_must_only_use_edge/
*** Hintergrund: Analysiert: Ransomware meets Info-Stealer - RAA und das diebische Pony, Teil II *** --------------------------------------------- Wie diese Analysiert:-Folge enthüllt, weist die scheinbar perfekte Verschlüsselung des RAA-Trojaners doch Lücken auf. Auch der von RAA gestartete Passwort-Dieb kann sich mit seinen Anti-Debugging-Tricks der Analyse nicht entziehen. --------------------------------------------- http://heise.de/-3303401
*** Fake attacks by insiders to fool companies *** --------------------------------------------- Famous cybercrime groups and hacktivists “brands” may be a smokescreen to cover sophisticated insider attacks. --------------------------------------------- https://www.htbridge.com/blog/fake-attacks-by-insiders-to-fool-companies.htm...
*** Security Advisory - Information Leak Vulnerability in Huawei eSpace IAD *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160905-0...
*** Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuite *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160905-0...
*** BKA geht mit SOKO Clavis gegen Ransomware vor *** --------------------------------------------- Nachdem sich in den vergangenen Wochen die Fälle häufen, will das Bundeskriminalamt nun gezielt gegen Ransomware vorgehen. Eine SOKO soll die Täter ausfindig machen. --------------------------------------------- https://futurezone.at/netzpolitik/bka-geht-mit-soko-clavis-gegen-ransomware-...
*** Sophos Windows users face black screens after false positive snafu *** --------------------------------------------- Black is the new BSOD Users of Sophos’s security software were confronted with a black screen on starting up .. --------------------------------------------- www.theregister.co.uk/2016/09/05/sophos_black_screen_snafu/
*** Vuln: Inspircd SSL Certificate Spoofing Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92737
*** Totgesagte leben länger: Adobe poliert NPAPI-Flash auf Linux auf *** --------------------------------------------- Entgegen so manch einem Meinungsartikel ist Flash noch lange nicht am Ende. Das muss wohl auch Adobe einsehen und frischt nun die veraltete NPAPI-Version unter Linux auf. --------------------------------------------- http://heise.de/-3314084
*** 800.000 Klartext-Passwörter der Pornoseite Brazzers veröffentlicht *** --------------------------------------------- Wieder ist ein großer Hack mit kopierten Nutzerdaten bekannt geworden und wieder scheint der Einbruch in die Server 2012 stattgefunden zu haben. --------------------------------------------- http://heise.de/-3314087
*** Malware Delivered via .pub Files *** --------------------------------------------- While searching for new scenarios to deliver their malwares[1][2], attackers launched a campaignto deliver malicious code embedded in Microsoft Publisher[3] (.pub) files. The .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21443
*** Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems *** --------------------------------------------- The Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. We are providing a .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-um...