End-of-Shift report
Timeframe: Freitag 23-10-2015 18:00 − Dienstag 27-10-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Botnets spreading Dridex still active, (Fri, Oct 23rd)
Introduction In early September 2015, we started seeing reports about arrests tied to Dridex malware [1, 2]. About that time, we noticed a lack of botnet-based malicious spam (malspam) pushing Dridex malware. During the month of September, Dridex disappeared from our radar. By the beginning of October 2015, malspam pushing Dridex came back [3], and its continued since then. However, organizations still discussed the Dridex takedown, even after Dridex came back. The most recent wave of reporting...
https://isc.sans.edu/diary.html?storyid=20295&rss
Unsichere App-TAN: Sparkasse verteidigt ihr pushTAN-Banking
Die Manipulationen beträfen "veraltete Versionsstände der S-pushTAN-App" und tatsächliche Schadensfälle seien unwahrscheinlich, heißt es in einer Stellungnahme der Sparkassen zu einem erfolgreichen Angriff auf ihr AppTAN-Verfahren.
http://www.heise.de/newsticker/meldung/Unsichere-App-TAN-Sparkasse-verteidigt-ihr-pushTAN-Banking-2854722.html?wt_mc=rss.ho.beitrag.rdf
Free and Commercial Tools to Implement the SANS Top 20 Security Controls, Part 5: Malware Defenses
This is Part 5 of a How-To effort to compile a list of tools (free and commercial) that can help IT administrators comply with SANS Security Controls. In Part 1 we looked at Inventory of Authorized and Unauthorized Devices. In Part 2 we looked at Inventory of Authorized and Unauthorized Software. In Part 3 we looked at Secure Configurations. In Part 4 we looked at Continuous Vulnerability Assessment and Remediation. Now in Part 5 well take on Malware Defenses. 5-1 Employ automated tools...
https://www.alienvault.com/blogs/security-essentials/free-and-commercial-tools-to-implement-the-sans-top-20-security-controls-part-5-malware-defenses-1
Beyond Automated Penetration Testing
#WarStoryWednesday Not too long ago, I was tasked with performing an Application Security Assessment while onsite at a client location. I had worked with this client before, and was eager to see how they had matured their applications over the past couple years. Originally, I had performed an Application Security Assessment on an older version...
http://resources.infosecinstitute.com/beyond-automated-penetration-testing/
Joomla SQL Injection Attacks in the Wild
Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows for an attacker to take over a vulnerable site with ease. We predicted that the attacks would start in the wild very soon, due to the popularity of the Joomla platform alongRead More The post Joomla SQL Injection Attacks in the Wild appeared first on Sucuri Blog.
https://blog.sucuri.net/2015/10/joomla-sql-injection-attacks-in-the-wild.html
Patch außer der Reihe: Adobe schließt kritische Lücke in Shockwave
Angreifer können den Shockwave Player verwenden, um aus der Ferne Schadcode auf Rechner zu schleusen. Adobe bewertet die Lücke mit der höchsten Prioritätsstufe.
http://heise.de/-2860125
Intel x86 considered harmful (new paper)
Oct 27, 2015 - Joanna Rutkowska | Back in summer I have read a new book published by one of the core Intel architects about the Management Engine (ME). I didnt quite like what I read there. In fact I even found this a bit depressing, even though Intel ME wasnt particular news to me as we, at the ITL, have already studied this topic quite in-depth, so to say, back in 2008... But, as you can see in the linked article, I believed we could use VT-d to protect the host OS from the potentially...
http://blog.invisiblethings.org/2015/10/27/x86_harmful.html
Patchday: Updates für Xen-Hypervisor
Xen hat einige Lücken in seinem Hypervisor geschlossen. Details werden, wie üblich, erst später bekannt gegeben.
http://www.golem.de/news/patchday-updates-fuer-xen-hypervisor-1510-117152-rss.html
Volkswagen: Hacker deaktivieren Airbag über gefälschte Diagnose-Software
Wieder gibt es manipulierte Software bei VW - doch dieses Mal ist der Konzern nicht selbst verantwortlich. Hackern ist es offensichtlich gelungen, die Steuersoftware eines Audi TT so zu manipulieren, dass der Airbag ohne Wissen der Nutzer abgeschaltet werden kann.
http://www.golem.de/news/volkswagen-hacker-deaktivieren-airbag-ueber-gefaelschte-diagnose-software-1510-117140-rss.html
The "Yes, but..." syndrome, (Tue, Oct 27th)
This weekend, I worked on a pentest report that was already pending for a while. Im honest: Im lazzy to write reports (like many of us, no?).During a pentest, it is mandatory to keep evidences of all your findings. No only the tools you used and how you used them but as much details as possible (screenshots, logs, videos, papers,etc). Every day, we had a quick debriefing meeting with the customer to make the point about the new findings. The first feedback was often a Yes, but...: Me: We were
https://isc.sans.edu/diary.html?storyid=20303&rss
JSA10711 - 2015-10 Out of Cycle Security Bulletin: NTP.org announcement of multiple vulnerabilities.
http://kb.juniper.net/index/content&id=JSA10711&actp=RSS
Bugtraq: [security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information
http://www.securityfocus.com/archive/1/536749
Bugtraq: [security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information
http://www.securityfocus.com/archive/1/536748
DSA-3377 mysql-5.5 - security update
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.46. Please see the MySQL 5.5 Release Notes and OraclesCritical Patch Update advisory for further details:...
https://www.debian.org/security/2015/dsa-3377
DSA-3378 gdk-pixbuf - security update
Several vulnerabilities have been discovered in gdk-pixbuf, a toolkitfor image loading and pixel buffer manipulation. The CommonVulnerabilities and Exposures project identifies the following problems:...
https://www.debian.org/security/2015/dsa-3378
Security Notice - Statement on the Huawei Honor phone Vulnerability Mentioned at the GeekPwn Conference
Oct 25, 2015 09:27
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-459238.htm
Cisco Security Advisories
Cisco Secure Access Control Server Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1033968
Cisco Secure Access Control Server Input Validation Flaw Lets Remote Authenticated Users Inject SQL Commands
http://www.securitytracker.com/id/1033967
Cisco Secure Access Control Server RBAC Flaw Lets Remote Authenticated Users Modify Dashboard Portlets on the Target System
http://www.securitytracker.com/id/1033971
Cisco Secure Access Control Server RBAC Flaw Lets Remote Authenticated Users Obtain System Administrator Reports and Status
http://www.securitytracker.com/id/1033970
Cisco Secure Access Control Server DOM Statement Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1033969
Siemens Rugged Operating System (ROS) Ethernet Frame Padding Bug Lets Remote Users on the Local Network Obtain Potentially Sensitive VLAN Information
http://www.securitytracker.com/id/1033973