======================= = End-of-Shift report = =======================
Timeframe: Montag 27-03-2017 18:00 − Dienstag 28-03-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl
*** Bugtraq: APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS *** --------------------------------------------- http://www.securityfocus.com/archive/1/540325
*** APT29 Used Domain Fronting, Tor to Execute Backdoor *** --------------------------------------------- APT29, a/k/a Cozy Bear, has used Tor and a technique called domain fronting in order to secure backdoor access to targets for nearly two years running. --------------------------------------------- http://threatpost.com/apt29-used-domain-fronting-tor-to-execute-backdoor/124...
*** New Clues Surface on Shamoon 2’s Destructive Behavior *** --------------------------------------------- Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks. --------------------------------------------- http://threatpost.com/new-clues-surface-on-shamoon-2s-destructive-behavior/1...
*** Vuln: GnuTLS GNUTLS-SA-2017-3 Multiple Security Vulnerabilities *** --------------------------------------------- GnuTLS GNUTLS-SA-2017-3 Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/97040
*** Neue Sicherheitslücke im Passwort-Manager LastPass *** --------------------------------------------- Bereits zum zweiten Mal innerhalb kurzer Zeit ist der populäre Passwort-Manager mit einer Schwachstelle konfrontiert. --------------------------------------------- https://futurezone.at/produkte/neue-sicherheitsluecke-im-passwort-manager-la...
*** Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates *** --------------------------------------------- A security researcher has disclosed critical issues in the processes and third-party API used by Symantec certificate resellers to deliver and manage Symantec SSL .. --------------------------------------------- https://thehackernews.com/2017/03/symantec-ssl-certificates.html
*** Threat Landscape for Industrial Automation Systems, H2 2016 *** --------------------------------------------- On average, in the second half of 2016 Kaspersky Lab products across the globe blocked attempted attacks on 39.2% of protected computers that Kaspersky Lab ICS CERT classifies as being part of industrial enterprise technology infrastructure. --------------------------------------------- http://securelist.com/analysis/publications/77842/threat-landscape-for-indus...
*** From DDoS to Server Ransomware: APACHE STRUTS 2 - CVE-2017-5638 Campaign *** --------------------------------------------- As soon as a zero-day remote code execution vulnerability is disclosed, it is common to see many scans in the wild. Some of these scans are researchers, but many of .. --------------------------------------------- https://f5.com/labs/articles/threat-intelligence/malware/from-ddos-to-server...
*** This book reads you - using JavaScript *** --------------------------------------------- Apple just released a fix for one issue I reported last year in iBooks that allowed access to files on a users system when a book was opened. iBooks on El Capitan would .. --------------------------------------------- https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-usi...
*** Gefahr durch Exploit für Zombie-IIS *** --------------------------------------------- Microsofts Internet Information Services 6.0 sind eigentlich Alteisen, für das es nicht einmal Sicherheits-Updates gibt. Trotzdem gibt es noch über 30.000 allein in Deutschland. Und die sind durch einen öffentlich bekannten Exploit akut bedroht. --------------------------------------------- https://heise.de/-3666599
*** Verschlüsselung: Schwachstellen in zahlreichen VoIP-Anwendungen entdeckt *** --------------------------------------------- Das ZRT-Protokoll soll für sichere Verbindungen und verschlüsselte VoIP-Telefonate sorgen. Forscher haben Schwachstellen in zahlreichen ZRTP-Anwendungen .. --------------------------------------------- https://www.golem.de/news/verschluesselung-schwachstellen-in-zahlreichen-voi...
*** IronWASP – Part 1 *** --------------------------------------------- Considering not all vulnerability scanners are open source, a great deal of them are available such as: IronWASP OpenVAS Retina CS Community W3af Grabber, etc. In this article, we shall be discussing more about IronWASP. --------------------------------------------- http://resources.infosecinstitute.com/ironwasp-part-1-2/
*** Docs.com-Nutzer teilen Kennwörter und vieles mehr mit der Welt *** --------------------------------------------- Über Microsofts Dienst Docs.com lassen sich Dokumente teilen. Allerdings sind diese oft öffentlich einsehbar. Viele Anwender scheinen sich dem nicht bewusst zu sein – zu einfach finden sich Informationen wie Kennwörter. --------------------------------------------- https://heise.de/-3665975
*** Apache / ModSecurity Tutorials *** --------------------------------------------- This is a series of Apache web server tutorials that will span from the basics to advanced topics like ModSecurity and logfile visualization. --------------------------------------------- https://www.netnea.com/cms/apache-tutorials/
*** Xen Security Advisory XSA-206 - xenstore denial of service via repeated update *** --------------------------------------------- Unprivileged guests may be able to stall progress of the control domain or driver domain, possibly leading to .. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-206.txt
*** With iOS 10.3, iDevices get new Apple File System with native encryption support *** --------------------------------------------- On Monday, Apple released updates for its various products. As usual, they fix flaws and add capabilities, but the iOS update (v10.3) is more noteworthy than usual, .. --------------------------------------------- https://www.helpnetsecurity.com/2017/03/28/apple-file-system-encryption/
*** Ransomware: Scammer erpressen Besucher von Porno-Seiten *** --------------------------------------------- Über einen Fehler in Apples Safari für iPhone blockieren Unbekannte den Browser mit einem immer wiederkehrenden Javascript-Popup. Darin werden Nutzer aufgefordert, Lösegeld zu zahlen. Mit einem einfachen Trick lässt sich der Falle aber entgehen. --------------------------------------------- https://www.golem.de/news/ransomware-scammer-erpressen-besucher-von-porno-se...