End-of-Shift report
Timeframe: Dienstag 03-02-2015 18:00 − Mittwoch 04-02-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
New Wave of CTB-Locker/Critroni Ransomware Hitting Victims
There is a new wave of attacks delivering the CTB-Locker or Critroni crypto ransomware, arriving through spam messages with a variety of lures in several different countries. CTB-Locker is one of the newer variants in the crypto ..
http://threatpost.com/new-wave-of-ctb-lockercritroni-ransomware-hitting-victims/110820
Advisory - Dangerous "nonce" leak in UpdraftPlus
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If you're a user of the UpdraftPlus plugin for WordPress, now is the time to update. During ..
http://blog.sucuri.net/2015/02/advisory-dangerous-nonce-leak-in-updraftplus.html/
UpdraftPlus <= 1.9.50 - Privilege Escalation
https://wpvulndb.com/vulnerabilities/7781
1,800 Domains Overtaken by Flash Zero Day
Researchers at Cisco say that a Flash zero day exploit has compromised 1,800 domains, the majority of those during a 48-hour period last week.
http://threatpost.com/1800-domains-overtaken-by-flash-zero-day/110835
Multiple vulnerabilities in Cisco Unified IP Phone 9900
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0601
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0603
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604
MIT Kerberos Multiple Flaws in kadmind Let Remote Users Obtain Potentially Sensitive Information and Remote Authenticted Users Execute Arbitrary Code
MIT Kerberos Multiple Flaws in kadmind Let Remote Users Obtain Potentially Sensitive Information and Remote Authenticted Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031691
Siemens SCALANCE X-200IRT Switch Family User Impersonation Vulnerability
This advisory provides mitigation details for a user impersonation vulnerability in the Siemens SCALANCE X-200IRT Switch Family.
https://ics-cert.us-cert.gov//advisories/ICSA-15-034-01
Siemens Ruggedcom WIN Vulnerability
This advisory provides mitigation details for multiple vulnerabilities in the Siemens Ruggedcom WIN firmware.
https://ics-cert.us-cert.gov//advisories/ICSA-15-034-02
An In-depth analysis of the Fiesta Exploit Kit: An infection in 2015
A while ago I blogged about the Fiesta exploit kit, this was back in September 2013 [Fiesta Exploit Kit analysis serving MSIE exploit CVE-2013-2551] in this blog I focused on the integration of the MSIE exploit and parts of the landing page.
http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploit-kit-an
Play Store: Weit verbreitete Apps zeigen Adware verzögert an
Apps aus Googles Play Store mit Downloadzahlen von stellenweise über 5 Millionen beinhalten Adware, die den Nutzer zu dubiosen Appstores oder Anwendungen mit Premium-SMS-Versand weiterleiten. Interessant ist dabei die Art und Weise, wie die Werbung an den Nutzer gebracht wird.
http://www.golem.de/news/play-store-weit-verbreitete-apps-zeigen-adware-verzoegert-an-1502-112136.html
Threat Analysis Template For BYOD Applications
Your IT department is certainly not at a loss when it comes to worrying about BYOD applications. Indeed, the list of threats to enterprise applications and the data they contain is a long one, and security professionals are ..
http://resources.infosecinstitute.com/threat-analysis-template-byod-applications/
So schützen Sie sich vor der Flash-Lücke
Während Adobe weiterhin keine konkreten Schutzmaßnahmen kennt oder nennt, rät das BSI ganz klar zur Deinstallation des Flash Player. Wer nicht handelt und Flash weiterhin aktiv lässt, geht ein großes Risiko ein.
http://heise.de/-2539858
Cisco WebEx Meetings Server Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx
Pawn Storm Update: iOS Espionage App Found
In our continued research on Operation Pawn Storm, we found one interesting poisoned pawn - spyware specifically designed for espionage on iOS devices. While spyware targeting Apple users is highly notable by itself, this particular spyware is also involved in a targeted attack. Background ..
http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/