======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 22-02-2017 18:00 − Donnerstag 23-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a
*** Criminals Monetizing Attacks Against Unpatched WordPress Sites *** --------------------------------------------- Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit. --------------------------------------------- http://threatpost.com/criminals-monetizing-attacks-against-unpatched-wordpre...
*** MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite *** --------------------------------------------- In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/02/22/msrt-february-2017-chuck...
*** Top 8 Reverse Engineering Tools for Cyber Security Professionals *** --------------------------------------------- Whether it is rebuilding a car engine or diagramming a sentence, people can learn about many things simply by taking them apart and putting them back together again. This process of breaking something down to understand it, build a copy to improve it, is known as reverse engineering. --------------------------------------------- http://resources.infosecinstitute.com/top-8-reverse-engineering-tools-cyber-...
*** Impact of New Linux Kernel DCCP Vulnerability Limited *** --------------------------------------------- Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks. --------------------------------------------- http://threatpost.com/impact-of-new-linux-kernel-dccp-vulnerability-limited/...
*** Java, Python FTP Injection Attacks Bypass Firewalls *** --------------------------------------------- Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. --------------------------------------------- http://threatpost.com/java-python-ftp-injection-attacks-bypass-firewalls/123...
*** Kollissionsangriff: Hashfunktion SHA-1 gebrochen *** --------------------------------------------- Forscher von Google und der Universität Amsterdam ist es gelungen, zwei unterschiedliche PDF-Dateien mit demselben SHA-1-Hash zu erzeugen. Dass SHA-1 unsicher ist, war bereits seit 2005 bekannt. (SHA-1, Google) --------------------------------------------- https://www.golem.de/news/kollissionsangriff-hashfunktion-sha-1-gebrochen-17...
*** Putty 0.68 released *** --------------------------------------------- http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
*** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998) *** http://www.ibm.com/support/docview.wss?uid=swg21998747 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ cluster channel definition causes denial of service to cluster (CVE-2016-9009) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998647 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza PureData System for Analytics (CVE-2016-8610) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997472 --------------------------------------------- *** IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995099 --------------------------------------------- *** IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH) *** http://www.ibm.com/support/docview.wss?uid=swg21998714 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (CVE-2016-2106, CVE-2016-2109) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998797 ---------------------------------------------