End-of-Shift report
Timeframe: Freitag 13-02-2015 18:00 − Montag 16-02-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client
Another patch released by Microsoft this month is causing problems. This time it is KB3023607,which was supposed to mitigate the POODLE vulnerability. Once applied, ..
https://isc.sans.edu/diary.html?storyid=19331
PostgreSQL Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Deny Service
Several vulnerabilities were reported in PostgreSQL. A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can cause denial of service conditions. A remote authenticated user can obtain ..
http://www.securitytracker.com/id/1031742
SSA-234789 (Last Update 2015-02-13): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) V13
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf
PowerShell: Better phishing for all!
PowerShell is able to import functions from any DLL, this allows you to use functions like VirtualAlloc, memset and CreateThread. This will allow you to allocate executable memory, fill it with your program and execute it.
http://d.uijn.nl/?p=116
Analysis of the Fancybox-For-WordPress Vulnerability
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the details explaining how attackers could use this ..
http://blog.sucuri.net/2015/02/analysis-of-the-fancybox-for-wordpress-vulnerability.html
Probleme mit Windows RT: Microsoft zieht PowerPoint-Patch zurück
Per Patch wollte Microsoft die Stabilität von PowerPoint verbessern. Nutzer von Windows RT-Geräten hatten jedoch nach der Installation des Patches berichtet, dass sich Powerpoint nicht mehr starten lasse. Jetzt hat Microsoft den Patch zurückgezogen.
http://www.heise.de/newsticker/meldung/Probleme-mit-Windows-RT-Microsoft-zieht-PowerPoint-Patch-zurueck-2550170.html
Sicherheitslücke in Gruppenrichtlinien: Mit dem Patchen allein ist es nicht getan
Admins aufgepasst: Eines der am Februar-Patchday ausgelieferten Updates schützt nur, wenn man eine Reihe von Anweisungen befolgt. Tut man das nicht, bleibt die Infrastruktur für Man-in-the-Middle-Angriffe anfällig.
http://heise.de/-2550209
The Great Bank Heist, or Death by 1,000 Cuts?
I received a number of media requests and emails from readers over the weekend to comment on a front-page New York Times story about an organized gang of cybercriminals pulling off 'one of the largest bank heists ever.' Turns out, I reported on this gang's activities in December 2014, although my story ran minus many of the superlatives in the Times piece.
http://krebsonsecurity.com/2015/02/the-great-bank-heist-or-death-by-1000-cuts/
The research: Mobile Internet traffic hijacking via GTP and GRX
Most users assume that mobile network access is much safer because a big mobile-telecoms provider will protect subscribers. Unfortunately, as practice shows, mobile Internet is a great opportunity for the attacker.
http://blog.ptsecurity.com/2015/02/the-research-mobile-internet-traffic.html
Angriffsziel Bitcoinbörse: Bter und Exco.in gehackt
Die Jagdsaison auf Bitcoinbörsen scheint wieder loszugehen: Unbekannte haben die Handelsplattform Bter um Coins im Wert von fast 1,5 Millionen Euro erleichtern können. Die Börse Exco.in wurde gleich aller Bitcoins beraubt.
http://heise.de/-2550175