======================= = End-of-Shift report = =======================
Timeframe: Montag 16-01-2017 18:00 − Dienstag 17-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Who's winning the cyber war? The squirrels, of course *** --------------------------------------------- CyberSquirrel1 project shows fuzzy-tailed intruders cause more damage than "cyber" can. --------------------------------------------- http://arstechnica.com/information-technology/2017/01/whos-winning-the-cyber...
*** Dodgy Dutch developer built backdoors into thousands of sites *** --------------------------------------------- Then hoovered out users personal data, stole identities galore and spent up big Dutch police are this week warning 20,000 users that their email accounts were hacked after .. --------------------------------------------- www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/
*** [2017-01-17] Cross site scripting in TYPO3 CMS extension "Recommend page" *** --------------------------------------------- The "Recommend page" extension (pb_recommend_page) for the TYPO3 CMS does not sanitize input properly. Hence an attacker can inject malicious HTML/JavaScript content which can cause harm to the users. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170...
*** Erpressung ist (immer noch) in! *** --------------------------------------------- Das neue Jahr bringt sicherlich wieder viele technische Neuerungen und (potentiell unsägliche) Trends mit sich. Eines bleibt leider unverändert: Erpressung ist in.Neben DDoS-Drohungen und Ransomware in .. --------------------------------------------- http://www.cert.at/services/blog/20170117104444-1861.html
*** CryptoSearch: Tool findet und sammelt von Ransomware verschlüsselte Dateien zur Verwahrung ein *** --------------------------------------------- Wenn ein Erpressungs-Trojaner Daten in seine Gewalt gebracht hat, hoffen Opfer auf ein kostenloses Entschlüsselungstool - wann und ob überhaupt eins kommt, ist aber oft unklar. Ein Windows-Tool sammelt und archiviert bis dahin betroffene Dateien. --------------------------------------------- https://heise.de/-3597757
*** Citrix XenServer Multiple Security Updates *** --------------------------------------------- Security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to read a small part of ... --------------------------------------------- https://support.citrix.com/article/CTX219378
*** Free-to-Play: Forum von Clash-of-Clans-Betreiber gehackt *** --------------------------------------------- Erneut ist ein vBulletin-Forum gehackt worden. Betroffen sind vermutlich 1,1 Millionen Nutzer von Supercell-Foren. Der Spielehersteller vertreibt populäre Titel wie Clash of Clans und Clash Royale. --------------------------------------------- http://www.golem.de/news/free2play-forum-von-clash-of-clans-betreiber-gehack...
*** The Line of Death *** --------------------------------------------- When building applications that display untrusted content, security designers have a major problems if an attacker has full control of a block of pixels, he can make those pixels look .. --------------------------------------------- https://textslashplain.com/2017/01/14/the-line-of-death/