======================= = End-of-Shift report = =======================
Timeframe: Montag 10-04-2017 18:00 − Dienstag 11-04-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Longhorn: Tools used by cyberespionage group linked to Vault 7 *** --------------------------------------------- Spying tools and operational protocols detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn. Symantec has been protecting its .. --------------------------------------------- https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-gr...
*** Mirai Botnet Temporarily Adds Bitcoin Mining Component, Removes It After a Week *** --------------------------------------------- For around a week at the end of March, one of the many versions of the Mirai malware was spotted delivering a Bitcoin-mining module to its infected .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mirai-botnet-temporarily-adds...
*** Support-Ende erreicht: Tschüss, Vista *** --------------------------------------------- Am heutigen 11. April endet der Support für Windows Vista. Eine Träne wird deswegen wohl kaum jemand vergießen, dabei steckten viele tolle Neuerungen darin. --------------------------------------------- https://heise.de/-3675983
*** Understanding and Discovering Open Redirect Vulnerabilities *** --------------------------------------------- One of the most common and largely overlooked vulnerabilities by web developers is Open Redirect (also known as "Unvalidated Redirects and Forwards"). A website is vulnerable to .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Understanding-and-Discov...
*** Microsoft Word 0day used to push dangerous Dridex malware on millions *** --------------------------------------------- Blast could give a boost to Dridex, one of the Internets worst bank-fraud threats. --------------------------------------------- https://arstechnica.com/security/2017/04/microsoft-word-0day-used-to-push-da...
*** Malware belauscht Sensoren und knackt Handysperre *** --------------------------------------------- Von Forschern geschriebener Schädling nutzt Browserleck und neuronales Netzwerk, um Sperrcode zu errechnen --------------------------------------------- http://derstandard.at/2000055738573
*** Breaking Signal: A Six-Month Journey *** --------------------------------------------- Researchers spent six months poking holes in Signal and urge a bigger spotlight on security testing. --------------------------------------------- http://threatpost.com/breaking-signal-a-six-month-journey/124888/
*** DSA-3828 dovecot - security update *** --------------------------------------------- It was discovered that the Dovecot email server is vulnerable to adenial of service attack. When the dict passdb and userdb are usedfor user authentication, the .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3828
*** Security Bulletins posted *** --------------------------------------------- Adobe has published security bulletins for Adobe Campaign (APSB17-09), Adobe Flash Player (APSB17-10), Adobe Acrobat and Reader (APSB17-11), Adobe Photoshop (APSB17-12) and the Creative Cloud Desktop Application (APSB17-13). Adobe recommends users update their product installations to the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1457
*** Nach Hacker-Festnahme: FBI will Kelihos-Botnetz endgültig stilllegen *** --------------------------------------------- Schon kurz nachdem der mutmaßlich verantwortliche Cyberkriminelle in Spanien festgenommen wurde, haben US-Behörden offenbar mehrere Maßnahmen eingeleitet, um das Botnetz Kelihos ein für alle mal außer Gefecht zu setzen. --------------------------------------------- https://heise.de/-3682746