======================= = End-of-Shift report = =======================
Timeframe: Montag 13-02-2017 18:00 − Dienstag 14-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Shirebrook man arrested in connection to Sports Direct breach *** --------------------------------------------- A 27-year-old man has been arrested in connection with the hack of Sports .. --------------------------------------------- www.theregister.co.uk/2017/02/13/sports_direct_arrest/
*** A look into the Russian-speaking ransomware ecosystem *** --------------------------------------------- In other words, crypto ransomware is a fine tuned, user friendly and constantly developing ecosystem. In the last few years we, at Kaspersky Lab, have been monitoring the development of this ecosystem. This is what we’ve learned. --------------------------------------------- http://securelist.com/analysis/publications/77544/a-look-into-the-russian-sp...
*** Top phishing targets in 2016? Google, Yahoo, and Apple *** --------------------------------------------- For every new phishing URL impersonating a financial institution, there were more than seven impersonating technology companies. Comparison of most impersonated companies .. --------------------------------------------- https://www.helpnetsecurity.com/2017/02/14/top-phishing-targets/
*** Metadata: The secret data trail *** --------------------------------------------- Every phone call, text message, even activated cell phones, leaves a trail of data across a network. In many cases this data is aggregated with other data and metadata including .. --------------------------------------------- https://www.helpnetsecurity.com/2017/02/14/metadata-secret-data-trail/
*** Worried about hacks, senators want info on Trump’s personal phone *** --------------------------------------------- Two senators have written to the U.S. Department of Defense about reports that President Donald Trump may still be using an old unsecured Android phone, including to communicate .. --------------------------------------------- http://www.cio.com/article/3169577/security/worried-about-hacks-senators-wan...
*** 25% of web apps still vulnerable to eight of the OWASP Top Ten *** --------------------------------------------- 69 percent of web applications are plagued by vulnerabilities that could lead to sensitive data exposure, and 55 percent by cross-site request forgery flaws, the results .. --------------------------------------------- https://www.helpnetsecurity.com/2017/02/14/web-application-vulnerabilities/
*** Sicherheitslücke in GarageBand für den Mac *** --------------------------------------------- Apple hat einen potenziell problematischen Fehler in seiner populären Audioanwendung geschlossen. Angreifer hätten wohl Code ausführen können. --------------------------------------------- https://heise.de/-3624160
*** University DDoSed by Its Own IoT Devices *** --------------------------------------------- An unnamed university has suffered a DDoS attack at the hand of its own IoT devices, according to a sneak preview of Verizons upcoming yearly data breach report. --------------------------------------------- https://www.bleepingcomputer.com/news/security/university-ddosed-by-its-own-...
*** DSA-3788 tomcat8 - security update *** --------------------------------------------- It was discovered that a programming error in the processing of HTTPSrequests in the Apache Tomcat servlet and JSP engine may result indenial of service via an infinite loop. --------------------------------------------- https://www.debian.org/security/2017/dsa-3788
*** DSA-3787 tomcat7 - security update *** --------------------------------------------- It was discovered that a programming error in the processing of HTTPSrequests in the Apache Tomcat servlet and JSP engine may result indenial of service via an infinite loop. --------------------------------------------- https://www.debian.org/security/2017/dsa-3787
*** DSA-3786 vim - security update *** --------------------------------------------- Editor spell files passed to the vim (Vi IMproved) editormay result in an integer overflow in memory allocationand a resulting buffer overflow which potentiallycould result in the execution of arbitrary code or denial ofservice. --------------------------------------------- https://www.debian.org/security/2017/dsa-3786
*** Jetzt patchen! Angriffe auf WordPress-Seiten nehmen zu und werden gefährlicher *** --------------------------------------------- Nach der Verunstaltung von verwundbaren WordPress-Webseiten versuchen Angreifer nun Schadcode auszuführen, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-3624301
*** Staying safe online on Valentine’s Day *** --------------------------------------------- We give some advice on how to steer clear of scams and other bad things on Valentines Day. Everything from .. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/02/staying-safe-online-on-vale...
*** Chrome: Google zahlt 20 Millionen US-Dollar für Anti-Malware-Patente *** --------------------------------------------- Auch für Google sind 20 Millionen Dollar nicht wenig Geld. Ein US-Gericht verurteilte das Unternehmen zur Zahlung dieser Summe, weil es Patente zur Sicherung vor Malware im .. --------------------------------------------- https://www.golem.de/news/chrome-google-zahlt-20-millionen-us-dollar-fuer-an...
*** Tracking the Decline of Top Exploit Kits *** --------------------------------------------- The latter half of 2016 saw a major shift in the exploit kit landscape, with many established kits suddenly dropping operations or switching business models. Angler, which has .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/tracking-decline-...
*** Gefälschte Post.at-Sendungsverfolgung im Umlauf *** --------------------------------------------- Mit einer gefälschten Post.at-Sendungsverfolgung wollen Kriminelle Schadsoftware auf fremden Computern hinterlegen. Dazu fordern sie Empfänger/innen auf, Informationen .. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/gefaelschte-postat-sendungsv...
*** Security Bulletins posted for Flash Player, Digital Editions and Adobe Campaign *** --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB17-04), Adobe Digital Editions (APSB17-05) and Adobe Campaign (APSB17-06). Adobe recommends users update their .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1444
*** Nation States Distancing Themselves from APTs *** --------------------------------------------- Increasingly, governments are outsourcing state-sponsored attacks to mitigate risk and maximize intelligence. --------------------------------------------- http://threatpost.com/nation-states-distancing-themselves-from-apts/123711/
*** February 2017 security update release *** --------------------------------------------- Our top priority is to provide the best possible experience for customers in maintaining and protecting their .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-u...