======================= = End-of-Shift report = =======================
Timeframe: Freitag 03-07-2015 18:00 − Montag 06-07-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** [20150602] - Core - CSRF Protection *** --------------------------------------------- http://developer.joomla.org/security-centre/618-20150602-core-remote-code-ex...
*** [20150601] - Core - Open Redirect *** --------------------------------------------- http://developer.joomla.org/security-centre/617-20150601-core-open-redirect....
*** This 20-year-old Student Has Written 100 Malware Programs in Two Years *** --------------------------------------------- Security firm Trend Micro has identified a 20-year-old Brazilian college student responsible for developing and distributing over 100 Banking Trojans selling each for around .. --------------------------------------------- http://thehackernews.com/2015/07/student-hacker.html
*** A .BUP File Is An OLE File *** --------------------------------------------- Yesterday I mentioned that McAfee quarantine files on Windows (.BUP extension) are actually OLE files. Im going to write a couple of diary entries highlighting some file types that are OLE files, and .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19869
*** MMD-0036-2015 - KINS (or ZeusVM) v2.0.0.0 tookit (builder & panel) leaked. *** --------------------------------------------- The background KINS (or ZeusVM to be precised) v2.0.0.0 tookit (builder & panel) was leaked and spread all over the internet. On Jun 26th 2015 we were informed about this and after several internal discussion, considering that: "so .. --------------------------------------------- http://blog.malwaremustdie.org/2015/07/mmd-0036-2015-kins-or-zeusvm-v2000.ht...
*** A fileless Ursnif doing some POS focused reco *** --------------------------------------------- http://malware.dontneedcoffee.com/2015/07/a-fileless-ursnif-doing-some-pos.h...
*** BizCN gate actor changes from Fiesta to Nuclear exploit kit *** --------------------------------------------- Introduction An actor using gates registered through BizCN recently switched from Fiesta to Nuclear exploit kit (EK). This happened around last month, and we first noticed the change on 2015-06-15. I started writing about this actor in 2014 .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19875
*** Don't Be Fooled By Phony Online Reviews *** --------------------------------------------- The Internet is a fantastic resource for researching the reputation of companies with which you may wish to do business. Unfortunately, this same ease-of-use can lull the unwary into falling for marketing scams originally perfected .. --------------------------------------------- http://krebsonsecurity.com/2015/07/dont-be-fooled-by-phony-online-reviews/
*** Spionagefirma Hacking Team: "Feind des Internets" selbst gehackt *** --------------------------------------------- Die italienische Überwachungsfirma Hacking Team wurde selbst Opfer eines massiven Hacks: Eindringlinge konnten rund 480 GB an internen Daten übernehmen und diese als Download bereitstellen. Auch der Twitter-Account des Unternehmens wurde übernommen und in "Hacked Team" umbenannt. Die veröffentlichten Informationen .. --------------------------------------------- http://derstandard.at/2000018630550
*** Blue-Pill-Lücke in Xen geschlossen *** --------------------------------------------- In der langen Liste der Sicherheits-Verbesserungen von Xen 4.5.1 finden sich auch eine Lücke, die den Ausbruch aus einer virtuellen Maschine erlaubt - und ein geheimnisvoller, noch undokumentierte Eintrag. --------------------------------------------- http://heise.de/-2736158
*** ManageEngine Password Manager Pro 8.1 SQL Injection *** --------------------------------------------- An authenticated user (even the guest user) is able to execute arbitrary SQL code using a forged request to the SQLAdvancedALSearchResult.cc. The SQL query is build manually and is not escaped properly in the AdvanceSearch.class of AdventNetPassTrix.jar. --------------------------------------------- http://cxsecurity.com/issue/WLB-2015070020
*** Insider Threats Defined *** --------------------------------------------- According to the second annual SANS survey on the security of the financial services sector, the number one threat companies are concerned about doesn’t relate to nation-states, organised criminal gangs or ‘APTs’. Rather the main worry revolves around insider threats – but what exactly is an insider threat and what can be done to detect and respond to these threats? --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/insider-threats-defined
*** How to Deal with Reverse Domain Name Hijacking *** --------------------------------------------- The fact that one owns a trademark which is identical or confusingly similar to a domain name does not necessarily mean that she is entitled to that domain name. For .. --------------------------------------------- http://resources.infosecinstitute.com/how-to-deal-with-reverse-domain-name-h...
*** Rätselaufgaben gegen DDoS-Angriffe auf TLS *** --------------------------------------------- Ein Akamai-Mitarbeiter beschreibt, wie mit einfachen Rechenaufgaben DDoS-Angriffe durch Clients auf TLS-Verbindungen minimiert werden könnten. Die Idee ist zwar noch ein Entwurf, könnte aber als Erweiterung für TLS 1.3 standardisiert werden. --------------------------------------------- http://www.golem.de/news/ietf-raetselaufgaben-gegen-ddos-angriffe-auf-tls-15...
*** AWS Best Practices for DDoS Resiliency (PDF) *** --------------------------------------------- http://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf
*** No one expect command execution ! *** --------------------------------------------- Unix is a beautiful world where your shell gives you the power of launching any command you like. But sometimes, command can be used to launch another commands, and thats sometimes unexpected. --------------------------------------------- http://0x90909090.blogspot.fr/2015/07/no-one-expect-command-execution.html