End-of-Shift report
Timeframe: Dienstag 24-11-2015 18:00 − Mittwoch 25-11-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Cisco Unified CallManager and Unified Presence Server ICMP Echo Request Handling Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20070328-CVE-2007-1834
A $10 Tool Can Guess (And Steal) Your Next Credit Card Number
A pattern in AmEx card numbers allows Samy Kamkars DIY gadget to predict and use new numbers for fraud as fast as the company can generate them.
http://www.wired.com/2015/11/samy-kamkar-10-dollar-tool-can-guess-and-steal-your-next-credit-card-number/
High-Security, Open-Source Router is a Hit on Indiegogo (Video)
The device is called the Turris Omnia, and its Indiegogo page says its a "hi-performance & open-source router." Their fundraising goal is $100,000. So far, 1,191 backers have pledged $248,446 (as of the moment this was typed), with 49 days left ..
http://linux.slashdot.org/story/15/11/24/1940251/high-security-open-source-router-is-a-hit-on-indiegogo-video
Hilton Acknowledges Credit Card Breach
Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems.
http://krebsonsecurity.com/?p=33068
Xen VPMU Feature May Let Local Users Deny Service, Obtain Information, and Gain Elevated Privileges
http://www.securitytracker.com/id/1034230
Unwanted Software and Harmful Programs
We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings including search engines, anti-virus programs, firewalls and and e-mail spam. Recently I came ..
https://blog.sucuri.net/2015/11/unwanted-software-and-harmful-programs.html
Google kann nicht ohne weiteres geschützte Geräte entsperren
Ein Sicherheitsbericht des Bezirksstaatsanwalts von Manhattan berichtet von einer Hintertür, durch die Google auf richterlichen Beschluss in den USA auf bestimmte passwortgeschützte Android-Smartphones zugreifen können soll. Dem widerspricht jetzt ein Mitarbeiter des Android-Sicherheitsteams.
http://www.golem.de/news/android-sicherheit-google-kann-nicht-ohne-weiteres-geschuetzte-geraete-entsperren-1511-117629.html
House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide
In the course of an internal research project we have analyzed the firmware images of more than 4000 embedded devices of over 70 vendors. The devices we have looked at include Internet gateways, routers, modems, IP cameras, VoIP phones, etc. We have specifically analyzed ..
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
DSDTestProvider: Weiteres gefährliches Dell-Zertifikat entdeckt
Auf Dell-Computern ist ein weiteres CA-Zertifikat mitsamt privatem Schlüssel entdeckt worden. Damit kann jeder gültige Zertifikate ausstellen und die Verschlüsselung von Webseiten ad absurdum führen. Der Patch zum Löschen von eDellRoot ist verfügbar.
http://heise.de/-3020134
Internet Explorer: Microsoft stellt Support für fast alle Versionen ein
Ab Mitte Jänner wird nur mehr der IE11 mit Sicherheitsupdates versorgt – Fast ein Viertel der Web-Nutzer betroffen.
http://derstandard.at/2000026383964
Amazon.com setzt Passwörter von Kunden zurück
Einige Amazon-Kunden in den USA und Großbritannien müssen sich ein neues Passwort ausdenken. Amazon hat die Passwörter zurückgesetzt - eine reine Vorsichtsmaßnahme, wie es heißt. Doch das Statement von Amazon ist teilweise widersprüchlich und lässt viele Fragen offen.
http://www.golem.de/news/security-amazon-com-setzt-passwoerter-von-kunden-zurueck-1511-117634.html
When Your CEO Won't Take Security Awareness Training
CEOs are often the busiest people in any organization. As security professionals, we should respect that: but what can we do when our CEO won't take security awareness training? This is not uncommon but it can be a hard nut for security ..
http://resources.infosecinstitute.com/when-your-ceo-wont-take-security-awareness-training/
Does prevalence matter? A different approach to traditional antimalware test scoring
Most well-known antimalware tests today focus on broad-spectrum malware. In other words, tests include malware that is somewhat indiscriminate (isnt necessarily targeted), at least somewhat prevalent and sometimes very prevalent. Typically,..
http://blogs.technet.com/b/mmpc/archive/2015/11/25/does-prevalence-matter-a-different-approach-to-traditional-antimalware-test-scoring.aspx
Moxa OnCell Central Manager Vulnerabilities
This advisory provides mitigation details for hardcoded credentials and authentication bypass vulnerabilities in the Moxa OnCell Central Manager Software.
https://ics-cert.us-cert.gov/advisories/ICSA-15-328-01
Tor-Betreiber starten Crowdfunding
Private Gelder sollen Abhängigkeit von US-Behörden reduzieren und Weiterentwicklung ermöglichen
http://derstandard.at/2000026409932
A Problem Shared
Information sharing has been a much discussed, but traditionally a hit-and-miss affair within the world of information security - after all, one's information can hardly be said to be secure if you're bandying it about to anyone who expresses ..
https://blog.team-cymru.org/2015/11/a-problem-shared/
Protecting Windows Networks - Dealing with credential theft
Credential theft is a huge problem, if you care to look at Verizon Data Breach reports over the years, you will see that use of stolen credentials was lingering at the top intrusion method for quite some time. They also prevalent in APT attacks. And why ..
https://dfirblog.wordpress.com/2015/11/24/protecting-windows-networks-dealing-with-credential-theft/
Ransomware Playbook - Guide for Handling Ransomware Infections
The following post demonstrates the writing process of a ransomware playbook for effective incident response and handling ransomware infections.
https://www.demisto.com/playbooks/playbook-for-handling-ransomware-infections/
Breach at IT Automation Firm LANDESK
LANDESK, a company that sells software to help organizations securely and remotely manage their fleets of desktop computers, servers and mobile devices, alerted employees last week that a data breach may have exposed their personal information. But LANDESK ..
http://krebsonsecurity.com/2015/11/breach-at-it-automation-firm-landesk