End-of-Shift report
Timeframe: Freitag 30-10-2015 18:00 − Montag 02-11-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
CoinVault and Bitcryptor Ransomware Victims Can Now Recover Their Files For Free
itwbennett writes: Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, writes Lucian Constantin. Those keys have been uploaded to Kasperskys ransomware decrypt or service that was originally set up in April with a set of around 750 keys recovered from servers hosted in the Netherlands.
http://yro.slashdot.org/story/15/10/30/2341230/coinvault-and-bitcryptor-ransomware-victims-can-now-recover-their-files-for-free
Disaster Recovery Starts with a Plan, (Mon, Nov 2nd)
One of the security questions being asked of security professionals, by business executives these days, from both internal and external entities, is What is the status of our Disaster Recovery plan? The driving force behind the question varies, from compliance and our business partners are asking to I read an article about an earthquake. A disaster recovery plan is one of those things that you dont want to define the requirements as you go, this is one that is truly about the *plan*.
https://isc.sans.edu/diary.html?storyid=20325&rss
About Lenovo System Update Vulnerabilities and CVE-2015-6971
Over the past seven months, a number of vulnerabilities in Lenovo System Update software have come to light. Lenovo patched the first of a batch of these vulnerabilities in spring of this year. I decided to take a deeper look...
http://trustwave.com/Resources/SpiderLabs-Blog/About-Lenovo-System-Update-Vulnerabilities-and-CVE-2015-6971/
Useful tools for malware analysis
In early October, the international project 'Cyber Security in the Danube Region' organized training for security teams operating within the region. As sharing of information and knowledge are essential in the field of security, I decided to write a post ...
http://en.blog.nic.cz/2015/10/30/useful-tools-for-malware-analysis/
Debian: elasticsearch end-of-life (DSA 3389-1)
Security support for elasticsearch in jessie is hereby discontinued. The project no longer releases information on fixed security issues which allow backporting them to released versions of Debian and actively discourages from doing so. elasticsearch will also be removed from Debian stretch (the next stable Debian release), but will continue to remain in unstable and available in jessie-backports.
https://lists.debian.org/debian-security-announce/2015/msg00290.html
PageFair: Halloween Security Breach
I want to take some time here to describe exactly what happened, how it may have affected some of your visitors, and what we are doing to prevent this from ever happening again.
http://blog.pagefair.com/2015/halloween-security-breach/
RWSPS: WPA/2 Cracking Using HashCat
We will cover the following topics: WPA/2 Cracking with Dictionary attack using Hashcat. WPA/2 Cracking with Mask attack using Hashcat. WPA/2 Cracking with Hybrid attack using Hashcat. WPA/2 Cracking Pause/resume in Hashcat (One of the best features) WPA/2 Cracking save sessions and restore.
http://www.rootsh3ll.com/2015/10/rwsps-wpa2-cracking-using-hashcat-cloud-ch5pt2/
Protecting Windows Networks - Local administrative accounts management
There is a common problem in all environments with local administrative accounts, such as local Administrator account, root accounts or any kind of application specific built-in admin accounts set to a common password, shared across all systems.
https://dfirblog.wordpress.com/2015/11/01/protecting-windows-networks-local-administrative-accounts-management/
new Windows 10 cumulative update (3105210)
Bulletin revised to announce the release of a new Windows 10 cumulative update (3105210) to address an additional vulnerability, CVE-2015-6045, which has been added to this bulletin. Only customers running Windows 10 systems need to install this new update. Earlier operating systems are either not affected or have received the fix in the original updates of October 13, 2015.
https://technet.microsoft.com/library/security/ms15-106
5 signs your Web application has been hacked
When customers interact with your business, they most likely go through a Web application first. It's your company's public face -- and by virtue of that exposure, an obvious point of vulnerability.Most attacks against Web applications are stealthy and hard to spot.
http://www.csoonline.com/article/3000315/application-security/5-signs-your-web-application-has-been-hacked.html#tk.rss_applicationsecurity
How Much is a Zero-Day Exploit for an SCADA/ICS System?
Current scenario How much is a zero-day for an industrial control system? Where is it possible to buy them and who are the main buyers of these commodities? I can tell you that there isn't a unique answer to the above questions, but first all let us try to understand the current scenario ...
http://resources.infosecinstitute.com/how-much-is-a-zero-day-exploit-for-an-scadaics-system/
Cisco Security Advisories
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
Cisco Unified Communications Domain Manager URI Enumeration Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-ucd
Cisco FireSIGHT Management Center HTML Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc2
Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151029-fsmc1
Cisco ASR 5500 SAE Gateway BGP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-asr
Cisco Prime Service Catalog SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc
Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas
Cisco Unified Border Element Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151026-cube
Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1
Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1
Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac
Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss
Cisco Secure Access Control Server SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs
Cisco Wireless LAN Controller Client Disconnection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-wlc