======================= = End-of-Shift report = =======================
Timeframe: Freitag 17-06-2016 18:00 − Montag 20-06-2016 18:00 Handler: Robert Waldner Co-Handler: n/a
*** Locky, Dridex, and Angler among cybercrime groups to experience fall in activity *** --------------------------------------------- There has been a sudden drop off in activity relating to a number of major malware families in recent weeks. Dridex (W32.Cridex), Locky (Trojan.Cryptolocker.AF), the Angler exploit kit and Necurs (Backdoor.Necurs), are among the threats who appear affected by this development. --------------------------------------------- http://www.symantec.com/connect/blogs/locky-dridex-and-angler-among-cybercri...
*** Erpressungs-Trojaner RAA kommt mit Passwort-Dieb im Huckepack daher *** --------------------------------------------- Der Computer-Schädling RAA soll nicht nur Daten als Geisel nehmen und ein Lösegeld verlangen, sondern auch einen Trojaner mitbringen, der Passwörter abgreift. --------------------------------------------- http://heise.de/-3242139
*** You Acer holes! PC maker leaks payment cards in e-store hack *** --------------------------------------------- Lost info includes names, addresses, numbers and security codes Acers insecure customer database spilled peoples personal information - including full payment card numbers - into hackers hands for more than a year. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/06/17/what_a_pain_...
*** New Ransomware Written Entirely In JavaScript *** --------------------------------------------- An anonymous reader writes: Security researchers have discovered a new form of ransomware written entirely in JavaScript and using the CryptoJS library to encode a users files. Researchers say the file is being distributed through email attachments, according to SC Magazine, which reports that "Opening the attachment kicks off a series of steps that not only locks up the victims files, but also downloads some additional malware onto the target computer. ... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MLUCGZ3AfdM/new-ransomware-w...
*** GoToMyPC remote desktop service resets all passwords in wake of attack *** --------------------------------------------- GoToMyPC, a remote computer administration service offered by Citrix, has forced a password reset for all customers in the wake of what they call a 'very sophisticated password attack.' Effective immediately, you will be required to reset your GoToMyPC password before you can login again, the company told customers via email on Sunday, and advised them to use their regular GoToMyPC login link to reset the password, or go through the 'Forgot Password' link --------------------------------------------- https://www.helpnetsecurity.com/2016/06/20/gotomypc-resets-passwords/
*** Understanding Critical Windows Artifacts and Their Relevance During Investigation-Part 1 *** --------------------------------------------- In this article, we will learn about critical Windows artifacts, what they mean, where they are located in the system, what can be inferred from them and how can they help in actual during the investigation. This will be a series of articles and in Part 1, we will learn about the NTFS timestamps which ... --------------------------------------------- http://resources.infosecinstitute.com/understanding-critical-windows-artifac...
*** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL and a vulnerability in GNU glibc affect IBM Security Proventia Network Enterprise Scanner *** http://www-01.ibm.com/support/docview.wss?uid=swg21984794 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0399) *** http://www-01.ibm.com/support/docview.wss?uid=swg21984134 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-0341) *** http://www-01.ibm.com/support/docview.wss?uid=swg21985111 ---------------------------------------------
*** Cisco Security Advisories *** --------------------------------------------- *** Cisco IOS XE Software SNMP Subsystem Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... ---------------------------------------------