End-of-Shift report
Timeframe: Freitag 04-12-2015 18:00 − Montag 07-12-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
OpenSSL-Sicherheits-Update und Abschied von Altlasten
Im Rahmen eines Sicherheits-Updates verkündet das OpenSSL-Team, dass die Versionen 0.9.8 und 1.0.0 keine weiteren Updates mehr erhalten werden. Deren Nutzer sollten dringend auf neuere Versionen umsteigen.
http://heise.de/-3032678
Bundestags-Hacker greifen weitere Nato-Staaten an
Die professionellen Cyberattacken wurden mit hohem personellen und finanziellen Aufwand durchgeführt
http://derstandard.at/2000026983302
Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
Botconf 2015 Wrap-Up Day #3
And here is my wrap-up for the third day of the conference. Again a bunch of interesting talks. The first to join the floor was Yonathan Klijnsma who presented a nice history of the famous ransomware: Cryptowall. This ransomware has already ..
https://blog.rootshell.be/2015/12/04/botconf-2015-wrap-up-day-3/
Between a Rock and a Hard Link
In a previous blog post I described some of the changes that Microsoft has made to the handling of symbolic links from a sandboxed process. This has an impact on the exploitation of privileged file ..
http://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.html
Microsoft assists law enforcement to help disrupt Dorkbot botnets
Law enforcement agencies from around the globe, aided by Microsoft security researchers, have today announced the disruption of one of the most widely distributed malware families - Win32/Dorkbot. This malware family has infected more than ..
http://blogs.technet.com/b/mmpc/archive/2015/12/03/microsoft-assists-law-enforcement-to-help-disrupt-dorkbot-botnets.aspx
Variety Jones, Alleged Silk Road Mentor, Arrested in Thailand
Variety Jones, the alleged mentor and adviser to the Silk Roads creator, has finally been arrested in Thailand.
http://www.wired.com/2015/12/variety-jones-alleged-silk-road-mentor-arrested-in-thailand/
A Micro-view of Macro Malware
Dridex is a botnet with multiple features, it is most known for stealing people's credentials on finance-related web sites. Despite the arrest of the gang behind the ..
http://labs.bromium.com/2015/12/03/a-micro-view-of-macro-malware/
Augen auf beim Weihnachts-Phish
In der Hoffnung auf satte Gewinne haben Kriminelle kräftig in ein möglichst authentisches Erscheinungsbild ihrer Phishing-Kampagnen investiert. Es wird immer schwieriger, nicht auf die zum Teil fast perfekten Fälschungen hereinzufallen.
http://heise.de/-3032829
Hello Barbie: Sicherheitsalbtraum im Kinderzimmer
Interaktive Puppe für Kinder nun auch mit Lücken im Server und in der App
http://derstandard.at/2000027045918
Netzwerk-Tools: Wireshark 2.0 und Nmap 7 veröffentlicht
Passwort-Cracker hashcat nun Open-Source
http://derstandard.at/2000027085336
GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege
The application suffers from an unquoted search path issue impacting the service RelianceOpcDaWrapper for Windows deployed as part of Reliance 4 SCADA/HMI system installer including Reliance OPC Server. This could potentially allow an authorized ..
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5285.php
Web Analytics Service vulnerable to cross-site scripting
The JavaScript module for using Web Analytics Service which was provided by NTT DATA Smart Sourcing Corporation contains a cross-site scripting vulnerability.
http://jvn.jp/en/jp/JVN70083512/
Thriving Beyond The Operating System: Financial Threat Group TargetsVolume Boot Record
https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html
Yahoo Mail: Webbrowser führten beliebigen Code in E-Mails aus
Nutzer, die mobil E-Mails von ihrem Yahoo-Konto abrufen, waren bedroht und Angreifer hätten ihnen ohne viel Aufwand Schadcode unterschieben können.
http://heise.de/-3033689
UK research network Janet under ongoing and persistent DDoS attack
Attackers seem to be adjusting methods in response to Tweets Publicly-funded academic computer network Janet has come under a persistent DDoS attack today, which hobbled multiple ..
www.theregister.co.uk/2015/12/07/janet_under_persistent_ddos_attack/
Security Advisory: AOL Desktop MiTM Remote File Write and Code Execution
AOL Desktop is "the all-in-one experience with mail, instant messaging, browsing, search, content, and dial-up connectivity". It is the direct successor of the old Windows AOL clients from the 1990s. Issues in AOL Desktop, version ..
http://lizardhq.org/2015/12/05/aol-desktop.html
Aufgrund des Feiertages am morgigen Dienstag, den 08.12.2015, erscheint der nächste End-of-Shift Report erst am 09.12.2015.