End-of-Shift report
Timeframe: Mittwoch 30-09-2015 18:00 − Donnerstag 01-10-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Updates for multiple Apple products, including iOS and OS X
https://support.apple.com/kb/HT205284
https://support.apple.com/kb/HT205267
https://support.apple.com/kb/HT205265
Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=41240
Mistakenly-deployed test patch leads to suspicious Windows update
Earlier today, various sources reporteda highly-suspicious Windows update. According to Ars Technica,a Microsoft spokesperson stated the company hadincorrectly published a test update and isin the process of removing it [1]. The update is no longer ..
https://isc.sans.edu/diary.html?storyid=20201
User Dashboard - SQL Injection - Critical - SA-CONTRIB-2015-152
https://www.drupal.org/node/2577901
Apple Gatekeeper Bypass Opens Door for Malicious Code
Gatekeeper is Mac OS X's guardian against rogue applications and malware sneaking into Apple's famous walled garden. It's also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow ..
https://threatpost.com/apple-gatekeeper-bypass-opens-door-for-malicious-code/114851/
Car-Hacking Tool Turns Repair Shops Into Malware 'Brothels'
A new hacking device finds vulnerabilities in auto diagnostic tools that could be used to spread malware to thousands of vehicles.
http://www.wired.com/2015/10/car-hacking-tool-turns-repair-shops-malware-brothels/
Jumping through the hoops: multi-stage malicious PDF spam
Weve recently encountered a number of malicious spam messages with PDFs attached. The PDFs themselves are not malicious as they dont contain executable code, but they do contain images with ..
http://trustwave.com/Resources/SpiderLabs-Blog/Jumping-through-the-hoops--multi-stage-malicious-PDF-spam/
Quaverse RAT: Remote-Access-as-a-Service
Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java RAT. As you might expect from a RAT, the tool is capable of grabbing passwords, key logging and browsing files on the victim's computer. On a regular basis for the past several months, we have observed the inclusion of QRAT in a number of spam campaigns.
http://trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-as-a-Service/
VMSA-2015-0006.1
VMware vCenter Server updates address a LDAP certificate validation issue
http://www.vmware.com/security/advisories/VMSA-2015-0006.html
Beta Bot Analysis: Part 2
This article is Part 2 in a two-part series. Extracting the Botnet Configuration: The bot configuration is encrypted inside the bot and decrypted while the bot is running. In 1.0.2.5, 1.5 and 1.6 versions, BetaBot uses RC4 and some XOR encryption; you ..
http://resources.infosecinstitute.com/beta-bot-analysis-part-2/
VMSA-2015-0007
VMware vCenter and ESXi updates address critical security issues.
http://www.vmware.com/security/advisories/VMSA-2015-0007.html
HTTPS Available as Opt-In for Blogspot
Google announced that it has made HTTPS available as an opt-in for its Blogspot blog-publishing service.
http://threatpost.com/https-available-as-opt-in-for-blogspot/114872/
German Users Hit By Dirty Mobile Banking Malware Posing As PayPal App
Additional analysis by Joachim Capiral Mobile banking is now used by more and more users, so it shouldn't be a surprise to see banking Trojans trying to hit these users as well. We've seen spammed mails that pretend to be an update notification for an official PayPal app. These mails ask the user to click on ..
http://blog.trendmicro.com/trendlabs-security-intelligence/german-users-hit-by-dirty-mobile-banking-malware-posing-as-paypal-app/
Important Security Notice from Patreon
Yesterday I learned that there was unauthorized access to a Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community.
https://www.patreon.com/posts/important-notice-3457485