End-of-Shift report
Timeframe: Donnerstag 26-11-2015 18:00 − Freitag 27-11-2015 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter, Robert Waldner
Reader's Digest and other WordPress Sites Compromised, Push Angler EK
Readers Digest is among the latest compromised sites pushing Angler EK.
https://blog.malwarebytes.org/online-security/2015/11/readers-digest-and-other-wordpress-sites-compromised-push-angler-ek/
Known 'Good' DNS, An Observation, (Thu, Nov 26th)
This has come up enough it seems worth noting for this U.S. Thanks Giving Holiday. The concept of public Domain Name Service (DNS) is not new, but worth discussing both the merits and pitfalls. Weve discussed DNS here quite a bit over the years, for a prospectus. There are a few (this is not an endorsement *quickly looks around for legal counsel and dodges them*) good services around that are known.
https://isc.sans.edu/diary.html?storyid=20419&rss
DSA-3407 dpkg - security update
Hanno Boeck discovered a stack-based buffer overflow in the dpkg-debcomponent of dpkg, the Debian package management system. This flaw couldpotentially lead to arbitrary code execution if a user or an automatedsystem were tricked into processing a specially crafted Debian binarypackage (.deb) in the old style Debian binary package format.
https://www.debian.org/security/2015/dsa-3407
Apache Cordova vulnerable to improper application of whitelist restrictions
Apache Cordova contains a vulnerability where whitelist restrictions are not properly applied.
http://jvn.jp/en/jp/JVN18889193/
ManageEngine Firewall Analyzer fails to restrict access permissions
ManageEngine Firewall Analyzer provided by Zoho Corporation contains a vulerability where access permissions are not restricted.
http://jvn.jp/en/jp/JVN12991684/
ManageEngine Firewall Analyzer vulnerable to directory traversal
ManageEngine Firewall Analyzer provided by Zoho Corporation contains a directory traversal vulnerability.
http://jvn.jp/en/jp/JVN21968837/
Defending against Actual IT Threats
Roger Grimes has written an interesting paper: "Implementing a Data-Driven Computer Security Defense." His thesis is that most organizations dont match their defenses to the actual risks. His paper explains how it got to be this way, and how to fix it....
https://www.schneier.com/blog/archives/2015/11/defending_again_4.html
Adobe will Weiterverteilung von Flash Player einschränken
Ab Januar 2016 können nur noch Business-Anwender mit einer gültigen Lizenz den Flash Player zur Weiterverteilung herunterladen, verkündet Adobe.
http://heise.de/-3025473
Paper: Optimizing ssDeep for use at scale
Brian Wallace presents tool to optimize ssDeep comparisons.Malware rarely comes as a single file, and to avoid having to analyse each sample in a set individually, a fuzzy hashing algorithm tool like ssDeep can tell a researcherwhether two files are very similar - or not similar at all.When working with a large set of samples, the number of comparisons (which grows quadratically with the set size) may soon become extremely large though. To make this task more manageable, Cylance
http://www.virusbtn.com/blog/2015/11_27.xml?rss