[CERT-daily] Tageszusammenfassung - Donnerstag 22-12-2016

Thu Dec 22 18:17:39 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 21-12-2016 18:00 − Donnerstag 22-12-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** MS16-DEC - Microsoft Security Bulletin Summary for December 2016 - Version: 1.2 ***
---------------------------------------------
V1.2 (December21, 2016): The December 13, 2016, Security and Quality Rollups updates 3210137 and 3210138 contain a known issue that affects the .NET Framework 4.5.2 running on Windows 8.1, Windows Server 2012 R2, and Windows Server 2012. The issue was also present in the November 15, 2016, Preview of Quality rollup updates that were superseded by the December 13, 2016 Rollup updates. The issue causes applications that connect to an instance of Microsoft SQL Server on the same computer to generate the following error message: “provider: Shared Memory Provider, error: 15 - Function not supported”
For more information please refer to Knowledge Based Article 3214106
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-DEC


*** NIST Asks Public For Help With Quantum-Proof Cryptography ***
---------------------------------------------
chicksdaddy quotes a report from The Security Ledger: With functional, quantum computers on the (distant?) horizon, The National Institute of Standards and Technology (NIST) is asking the public for help heading off what it calls "a looming threat to information security:" powerful quantum computers capable of breaking even the strongest encryption codes used to protect the privacy of digital information. In a statement Tuesday, NIST asked the public to submit ideas for...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_VC9qbMlmm8/nist-asks-public-for-help-with-quantum-proof-cryptography


*** HTTPS-Zwang für Apps: Apple verlängert Deadline ***
---------------------------------------------
Eigentlich sollten iPhone- und iPad-Apps ab Jahresende nicht mehr über ungesicherte HTTP-Verbindungen kommunizieren, nun hat Apple zusätzliche Zeit für die Umstellung eingeräumt.
---------------------------------------------
https://heise.de/-3579891


*** vSphere Data Protection: VMware entfernt hart-codierten Root-Key ***
---------------------------------------------
Angreifer sollen die Backup- und Recovery-Lösung für virtuelle Maschinen mit vergleichsweise wenig Aufwand übernehmen können. Sicherheitspatches stehen zum Download bereit.
---------------------------------------------
https://heise.de/-3579872


*** Security Alert: Malicious Script Injections Spread Cerber Ransomware, Make Use of Nemucod Downloader ***
---------------------------------------------
This ongoing ransomware campaign packs a big punch against its victims, aiming for a high success rate in terms of infected systems. Using a malware cocktail to drive infection rates The cybercriminals behind the campaign are compromising legitimate websites by injecting malicious scripts. The injects then redirect the victims' Internet traffic to a Cerber gateway...
---------------------------------------------
https://heimdalsecurity.com/blog/security-alert-malicious-script-injections-cerber-nemucod/


*** Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units ***
---------------------------------------------
In June CrowdStrike identified and attributed a series of targeted intrusions at the Democratic National Committee (DNC), and other political organizations that utilized a well known implant commonly called X-Agent. X-Agent is a cross platform remote access toolkit, variants have been identified for various Windows operating systems, Apple's iOS, and likely the MacOS. Also known as Sofacy, X-Agent has been tracked by the security community for almost a decade, CrowdStrike associates the...
---------------------------------------------
https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/


*** Writing Burp Extensions (Shodan Scanner) ***
---------------------------------------------
In this article, we will have an overview of writing Burp extensions. At the end of the post, we will have an extension that will take any HTTP request, determine the IP address of domain and get specific information using Shodan API. I have divided the article in the following hierarchy so that you can...
---------------------------------------------
http://resources.infosecinstitute.com/writing-burp-extensions-shodan-scanner/