[CERT-daily] Tageszusammenfassung - Mittwoch 26-08-2015
Daily end-of-shift report
team at cert.at
Wed Aug 26 18:04:58 CEST 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 25-08-2015 18:00 − Mittwoch 26-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Windows 10^H^H Symbolic Link Mitigations ***
---------------------------------------------
For the past couple of years I've been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I've used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/08/windows-10hh-symbolic-link-mitigations.html
*** VB2015 preview: advanced persistent threats ***
---------------------------------------------
There was a time when analyses of malware and viruses at the Virus Bulletin conference used the number of infections as a measure of the harm done. And while there are still many talks on what is now referred to as opportunistic malware, targeted ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/08_25.xml
*** Dropbox Phishing via Compromised Wordpress Site, (Tue, Aug 25th) ***
---------------------------------------------
I got a couple of emails today notifying me of a Compulsory Email Account Update for my Dropbox account. The e-mails do overall mimic the Dropbox look and feel, and use dropbox at smtp.com ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20073
*** Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40620
*** FunWebProducts UserAgent Bloating Traffic ***
---------------------------------------------
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make ..
---------------------------------------------
https://blog.sucuri.net/2015/08/funwebproducts-useragent-bloating-traffic.html
*** Actor that tried Neutrino exploit kit now back to Angler ***
---------------------------------------------
Last week, we saw the group behind a significant amount of Angler exploit kit (EK) switch to Neutrino EK. We didnt know if the change was permanent, and I also noted that criminal groups using EKs have quickly changed tactics ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20075
*** l+f: https-fuer-Fortgeschrittene ***
---------------------------------------------
Googles Chrome und die Open-Source-Basis Chromium laden eine Reihe von Web-Seiten immer via gesichertem HTTPS - darunter auch viele deutsche.
---------------------------------------------
http://heise.de/-2790788
*** Endress+Hauser HART Device DTM Vulnerability ***
---------------------------------------------
Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager (DTM) library used in Endress+Hauser HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Endress+Hauser has begun to integrate.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-237-01
*** Dynamic DNS and You Part 2: Identifying the Threat ***
---------------------------------------------
Greetings! You all really seemed to like my last post on Dynamic DNS, so Ive been invited to come back and talk more about it. In part 1 , we discussed the uses of Dynamic DNS, as well as the various providers of the service and how it all ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/dynamic-dns-and-you-part-2-identifying-the-threat
*** Netflix Is Dumping Anti-Virus, Presages Death Of An Industry ***
---------------------------------------------
For years, nails have been hammering down on the coffin of anti-virus. But none have really put the beast to bed. An industry founded in the 1980s, a time when John McAfee was known as a pioneer rather than a tequila-downing rascal, ..
---------------------------------------------
http://www.forbes.com/sites/thomasbrewster/2015/08/26/netflix-and-death-of-anti-virus/
*** CryptoGirl on StageFright: A Detailed Explanation ***
---------------------------------------------
Detecting the PoCs published by Zimperium is not difficult: you can fingerprint the PoCs, for example. Detecting variants of the PoCs, i.e., MP4s that use one of the discovered vulnerabilities, is far more difficult. Ill explain why in a ..
---------------------------------------------
http://blog.fortinet.com/post/cryptogirl-on-stagefright-a-detailed-explanation
More information about the Daily
mailing list