End-of-Shift report
Timeframe: Freitag 22-08-2014 18:00 − Montag 25-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Stiffed by Synolocker ransomware crims? Try F-Secures python tool
Unlock key doesnt always fit, says security biz Security firm F-Secure has released a tool to decrypt data scrambled by the Synolocker malware - assuming youve obtained the decryption key from the crooks.
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/23/f_secure_synolocker_fix/
QEMU ACPI PCI code execution
QEMU could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds access error in ACPI PCI hotplug interface. An attacker could exploit this vulnerability to corrupt QEMU process memory and obtain sensitive information.
http://xforce.iss.net/xforce/xfdb/95419
HP Service Manager Bugs Let Remote Users Gain Elevated Privileges, Modify Data, and Deny Service and Conduct Cross-Site Scripting and Cross-Site Requset Forgery Attacks
http://www.securitytracker.com/id/1030756
OpenOffice Targeted Data Exposure Using Crafted OLE Objects
The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted
document when it is opened. Data exposure is possible if the updated document is distributed to other parties.
http://cxsecurity.com/issue/WLB-2014080102
OpenOffice 4.1.0 Calc Command Injection
The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be used for
command-injection attacks. Further exploits are possible but have not been verified.
http://cxsecurity.com/issue/WLB-2014080101
Fortinet FortiGate Flaw in FortiManager Protocol Service Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030753
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed - NIST has taken a look at how companies use Secure Shell (SSH), and doesnt much like what it sees.
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/25/nist_to_sysadmins_clean_up_your_ssh_mess/
Ransomware mit leistungsfähigen Password Stealer
Ransomware auch als 'WinLocker' bekannt, sind nach wie vor in unserem digitalen Alltag gegenwärtig und wird zudem von Cyberkriminellen mit weiteren und komplexeren Funktionen ausgestattet. Um an Informationen zu Funktionen und evtl. Hintermänner dieser Ransomware zu gelangen, haben Experten von Avast bei der neusten Generation dieser Malware, Indizien zu leistungsfähigen Modulen u.a. zum Diebstahl von Passwort und Zugangsdaten gefunden.
http://blog.botfrei.de/2014/08/ransomware-mit-leistungsfaehigen-password-stealer/