Tageszusammenfassung - Montag 25-08-2014

End-of-Shift report

Timeframe: Freitag 22-08-2014 18:00 − Montag 25-08-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Stiffed by Synolocker ransomware crims? Try F-Secures python tool

Unlock key doesnt always fit, says security biz Security firm F-Secure has released a tool to decrypt data scrambled by the Synolocker malware - assuming youve obtained the decryption key from the crooks.

http://go.theregister.com/feed/www.theregister.co.uk/2014/08/23/f_secure_synolocker_fix/


QEMU ACPI PCI code execution

QEMU could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds access error in ACPI PCI hotplug interface. An attacker could exploit this vulnerability to corrupt QEMU process memory and obtain sensitive information.

http://xforce.iss.net/xforce/xfdb/95419


HP Service Manager Bugs Let Remote Users Gain Elevated Privileges, Modify Data, and Deny Service and Conduct Cross-Site Scripting and Cross-Site Requset Forgery Attacks

http://www.securitytracker.com/id/1030756


OpenOffice Targeted Data Exposure Using Crafted OLE Objects

The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted document when it is opened. Data exposure is possible if the updated document is distributed to other parties.

http://cxsecurity.com/issue/WLB-2014080102


OpenOffice 4.1.0 Calc Command Injection

The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be used for command-injection attacks. Further exploits are possible but have not been verified.

http://cxsecurity.com/issue/WLB-2014080101


Fortinet FortiGate Flaw in FortiManager Protocol Service Lets Remote Users Deny Service

http://www.securitytracker.com/id/1030753


NIST to sysadmins: clean up your SSH mess

Too many keys, too badly managed - NIST has taken a look at how companies use Secure Shell (SSH), and doesnt much like what it sees.

http://go.theregister.com/feed/www.theregister.co.uk/2014/08/25/nist_to_sysadmins_clean_up_your_ssh_mess/


Ransomware mit leistungsfähigen Password Stealer

Ransomware auch als 'WinLocker' bekannt, sind nach wie vor in unserem digitalen Alltag gegenwärtig und wird zudem von Cyberkriminellen mit weiteren und komplexeren Funktionen ausgestattet. Um an Informationen zu Funktionen und evtl. Hintermänner dieser Ransomware zu gelangen, haben Experten von Avast bei der neusten Generation dieser Malware, Indizien zu leistungsfähigen Modulen u.a. zum Diebstahl von Passwort und Zugangsdaten gefunden.

http://blog.botfrei.de/2014/08/ransomware-mit-leistungsfaehigen-password-stealer/