End-of-Shift Report
Timeframe: Dienstag 29-12-2015 18:00 − Mittwoch 30-12-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Microsoft may have your encryption key; here's how to take it back
It doesnt require you to buy a new copy of Windows.
http://arstechnica.com/information-technology/2015/12/microsoft-may-have-your-encryption-key-heres-how-to-take-it-back/
Actor using Rig EK to deliver Qbot - update, (Wed, Dec 30th)
Introduction This diary is a follow-up to my previous diary on the actor using Rig exploit kit (EK) to deliver Qbot [1]. For this diary, Ive infected more Windows hosts from other compromised websites, so we have additional data on this actor. As previously noted, this actor has been delivering Qbot (also known as Qakbot) malware. The actor uses a gate to route traffic from the compromised website to the EK landing page. In this case, the gate returns a variable that is translated to a URL for...
https://isc.sans.edu/diary.html?storyid=20551&rss
The Truth is in Your Logs!
[The post The Truth is in Your Logs! has been first published on /dev/random]Keeping an eye on logs is boring... but mandatory! Hopefully, sometimes it can reveal funny stuffs! It looks like people at the CCC are having some fun too while their annual conference is ongoing... Here is what I got in my Apache logs this morning: 151.217.177.200 - - [30/Dec/2015:06:51:22 +0100] "DELETE your logs. \ Delete your installations. Wipe everything clean. Walk out into the...
https://blog.rootshell.be/2015/12/30/the-truth-is-in-your-logs/
Killed by Proxy: Analyzing Client-end TLS Interception Software
Topic: Killed by Proxy: Analyzing Client-end TLS Interception Software Risk: Medium Text:Abstract—To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the...
https://cxsecurity.com/issue/WLB-2015120310
32C3: Automatisierte Sicherheitstests für das Internet der Dinge
Ein französisch-deutsches Forscherteam hat eine Emulationsumgebung entwickelt, mit der sich dynamische Penetrationstests von Firmware vernetzter Elektronikgeräte maschinell durchführen lassen. Erste Ergebnisse sprechen für sich.
http://heise.de/-3056880
Cloud Computing: Attacks Vectors and Counter Measures
I can bet that some of you might have missed the news about Star Wars, but there will be hardly any who do not know what Cloud computing is, as this has been the buzz for last several years. In this article, we will learn about various types of attacks that are possible in a...
http://resources.infosecinstitute.com/cloud-computing-attacks-vectors-and-counter-measures/
Chrome: Google-Entwickler zerpflückt Antiviren-Addon
Eine Chrome-Erweiterung des Antiviren-Herstellers AVG habe so viele Sicherheitslücken gehabt, dass es auch Malware hätte sein können, schreibt ein Google-Entwickler. Die Fehler sind zwar behoben, das Addon könnte aber trotzdem aus dem Chrome-Store verbannt werden.
http://www.golem.de/news/chrome-google-entwickler-zerpflueckt-antiviren-addon-1512-118258-rss.html
Misconfigured databases, a growing threat
It has become commonplace to find misconfigured databases exposed to the public Internet. Last summer alone - 1,175 terabytes (approximately 1.1 petabytes) of data was left wide open for the amusement of inquiring minds and malicious hackers alike - ranging from SMBs to Fortune 500 companies.
http://darkmatters.norsecorp.com/2015/12/29/misconfigured-databases-a-growing-threat/
Mobile malware review for 2015
December 30, 2015 The last year proved to be another challenging period for the smartphones and tablets owners. Cybercriminals continued to target users of Android devices - thus, the majority of "mobile" threats and unwanted software discovered in 2015 were intended for this platform. In particular, banking Trojans, Android ransomware, advertising modules, and SMS Trojans expanded their activity. Besides, this year witnessed a growing number of malware pre-installed into...
http://news.drweb.com/show/?i=9779&lng=en&c=9
Using IDAPython to Make Your Life Easier: Part 1
As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2...
http://researchcenter.paloaltonetworks.com/2015/12/using-idapython-to-make-your-life-easier-part-1/
The weird and wacky of 2015: strange security and privacy stories
These wacky stories remind us how important cybersecurity and online privacy have become in all areas of our lives.
https://nakedsecurity.sophos.com/2015/12/29/the-weird-and-wacky-of-2015-strange-security-and-privacy-stories/
Steam blows as games websites security collapse
Christmas hiccup on gaming platform exposed user information to others
http://www.scmagazine.com/steam-blows-as-games-websites-security-collapse/article/462148/
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 52.0
https://technet.microsoft.com/en-us/library/security/2755801
PHP Class Name Format String Flaw Lets Remote Users Execute Arbitrary C ode
http://www.securitytracker.com/id/1034543
Security Advisory: Apache HTTPD vulnerability CVE-2010-2791
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23332326.html?ref=rss
Security Advisory: Apache vulnerability CVE-2011-3639
https://support.f5.com:443/kb/en-us/solutions/public/k/20/sol20979231.html?ref=rss
AVG Anti-Virus Flaws in Web TuneUp Chrome Extension Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1034547
Next End-of-Shift Report on 2016-01-04.