End-of-Shift report
Timeframe: Mittwoch 09-12-2015 18:00 − Donnerstag 10-12-2015 18:00
Handler: Taranis Admin
Co-Handler: n/a
Server Security: OSSEC Updated With GeoIP Support
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Host-Based Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates ..
https://blog.sucuri.net/2015/12/ossec-with-geoip.html
Cisco Unity Connection Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc
Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc
Cybercrime News Results In Cybercrime Blues
FireEye Labs recently spotted a 2011 article on cybercrime from the news site theguardian[.]com that redirects users to the Angler Exploit Kit. Successful exploitation by Angler resulted in a malware infection for readers of the article. A spokesperson for the guardian[.]com responded that they "are aware of FireEye's claims and are working to rectify the issue in question as soon as possible."
https://www.fireeye.com/blog/threat-research/2015/12/cybercrime-news.html
Inside Chimera Ransomware - the first 'doxingware' in wild
Ransomware have proven to be a good source of money for cybercriminals. The Chimera ransomware comes with several ideas that are novel and may slowly become a new trend.
https://blog.malwarebytes.org/intelligence/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/
PuTTY ECH Integer Overflow Lets Remote Users Execute Arbitrary Code on the Target Users System
http://www.securitytracker.com/id/1034308
MS15-DEC - Microsoft Security Bulletin Summary for December 2015 - Version: 1.1
https://technet.microsoft.com/en-us/library/security/MS15-DEC
American hacker duo throws pwns on IoT BBQs, grills open admin
Half-baked code a feast for attackers because Thing-builders are hopeless Kiwicon American hardware hackers have ruined Christmas cooks ups across Australia, revealing gaping ..
www.theregister.co.uk/2015/12/10/american_hacker_duo_throws_pwns_on_iot_bbqs_grills_open_admin/
Valve Software: 77.000 Nutzerkonten pro Monat auf Steam ausgeplündert
Um Nutzer vor dem Diebstahl virtueller Güter auf Steam zu schützen, führt Valve neue Regeln für den Verkauf ein. Das scheint nötig: Seitdem der Handel etwa mit Gegenständen aus Dota 2 möglich ist, sind immer mehr Nutzer ins Visier von Hackern geraten.
http://www.golem.de/news/valve-software-77-000-nutzerkonten-pro-monat-auf-steam-ausgepluendert-1512-117932.html
Kaspersky Security Bulletin 2015. Evolution of cyber threats in the corporate sector
The data collected from Kaspersky Lab products shows that the tools used to attack businesses differ from those used against home users. Let's have a look back at the major incidents of 2015 and at the new trends we have observed in information security within the business environment.
http://securelist.com/analysis/kaspersky-security-bulletin/72969/kaspersky-security-bulletin-2015-evolution-of-cyber-threats-in-the-corporate-sector/
Finale Version vom Passwortmanager KeePassX 2.0 erschienen
KeePassX ist nach rund dreieinhalb Jahren Entwicklungszeit in der finalen Version 2.0 angekommen.
http://heise.de/-3038771
HTTPS: Cloudflare und Facebook wollen SHA1 weiternutzen
Eigentlich sollen mit SHA1 signierte TLS-Zertifikate bald der Vergangenheit angehören. Doch in Entwicklungsländern sind noch viele Geräte in Benutzung, die den besseren SHA256-Algorithmus nicht unterstützen. Facebook und Cloudflare wollen daher alten Browsern ein anderes Zertifikat ausliefern.
http://www.golem.de/news/https-cloudflare-und-facebook-wollen-sha1-weiternutzen-1512-117939.html
Cisco untersucht eigenes Portfolio auf gefährliche Java-Lücke
Die weit verbreitete Java-Bibliothek Apache Common Collections ist verwundbar. Cisco untersucht nun, ob die Lücken in seinen Anwendungen und Geräten klafft. Außerdem wurden weitere potentiell angreifbare Java-Bibliotheken entdeckt.
http://heise.de/-3039533
[2015-12-10] Skybox Platform Multiple Vulnerabilities
The Skybox platform contains multiple security vulnerabilities which can be exploited by an attacker to execute arbitrary code and to read arbitrary files from the file system. Moreover a SQL injection and various Cross-Site scripting vulnerabilities have been identified. Attackers can exploit these issues to completely compromise affected Skybox appliances.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt
WordPress hosting biz confesses to breach, urgently contacts 30,000 users
We're 'proactively taking security measures' - WP Engine WordPress hosting outfit WP Engine has confessed to a security breach, prompting it to reset 30,000 customers passwords.
www.theregister.co.uk/2015/12/10/wordpress_hosting_biz_confesses_to_hack/