End-of-Shift report
Timeframe: Montag 16-02-2015 18:00 − Dienstag 17-02-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Multiple vulnerabilities in Cisco products
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8023
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0617
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0620
HITBSecConf2015 Amsterdam
Held once again at De Beurs van Berlage, HITB2015AMS takes place from the 26th till the 29th of May 2015 and runs alongside HITB Haxpo - our 3-day technology expo for hackers, makers, builders and breakers.
http://conference.hitb.org/hitbsecconf2015ams/
Anunak (aka Carbanak) Update
... basically Anunak is the name the malware author gave to the main malware used in these attacks. Carbanak is the name the AV industry gave to this malware, which is a combination of the ..
http://www.fox-it.com/en/press-releases/anunak-aka-carbanak-update/
HTTP Strict Transport Security comes to Internet Explorer
As part of our ongoing commitment to help build an interoperable, secure web that just works, were excited to announce support for HTTP Strict Transport Security (HSTS) in Internet Explorer. This change can be previewed using Internet Explorer in the Windows 10 Technical Preview, and will come to Project Spartan in a later update.
http://blogs.msdn.com/b/ie/archive/2015/02/16/http-strict-transport-security-comes-to-internet-explorer.aspx
TYPO3-EXT-SA-2015-005: Cross-Site Scripting in extension Gridelements (gridelements)
The extension fails to properly escape user input in HTML context. Backend Editor permissions with access to any text field within any data table are required to exploit this vulnerability.
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-005/
MongoDB: Tipps für sichere Benutzung veröffentlicht
Nach Schlagzeilen über ungesicherte Online-Installationen der Datenbank MongoDB gibt der Hersteller der kommerziellen Variante Sicherheits-Empfehlungen. Sie zeigen, wie man die populäre Software ohne Datenleck übers Netz nutzen kann.
http://www.heise.de/newsticker/meldung/MongoDB-Tipps-fuer-sichere-Benutzung-veroeffentlicht-2550645.html
TYPO3: Important Security-Bulletin Pre-Announcement
A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.
http://typo3.org/news/article/important-security-bulletin-pre-announcement/
Bericht: Lightning-Anschluss gehackt
Einem Entwickler hat es geschafft, den von Apple verwendeten Sicherheitschip für die Anschlusskabel von iPhone und Co. teilweise zu entschlüsseln und eine serielle Konsole aufzurufen. Das könnte zu ganz neuen Angriffsformen führen.
http://heise.de/-2550921
Defeating TrueCrypt: Practical Attacks against TrueCrypt Security
The need to defend confidentiality of our sensitive information against persistently rising cyber threats has turned most of us toward using encryption on a daily basis. This is facilitated by easy-to-use GUI tools like TrueCrypt that offer advanced encryption without hassles. TrueCrypt ..
http://resources.infosecinstitute.com/defeating-truecrypt-practical-attacks-truecrypt-security/
SSA-315836 (Last Update 2015-02-17): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) V12 and V13
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf
Vawtrack malware peddlers turn to malicious macros
Cybercriminals spreading new versions of the Vawtrak banking Trojan are the latest ones to use the once again popular macro-based attack. Popular in the early 2000s, this type of attack was abandon...
http://www.net-security.org/malware_news.php?id=2967
APT Groups Emerging in Middle East
Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But ..
http://threatpost.com/apt-groups-emerging-in-middle-east/111124
Inside nls_933w.dll, the Equation APT Persistence Module
The persistence module used by the Equation APT Group uncovered by researchers at Kaspersky Lab has been called the ultimate cyberattack tool.
http://threatpost.com/inside-nls_933w-dll-the-equation-apt-persistence-module/111128
Keeping Up with SSL
SSL is becoming an evermore important aspect of serving and consuming content on the Internet, so its only fit that Shodan extends the information that it gathers for every SSL-capable service. The banners for SSL services, such as HTTPS, have included the certificate in PEM format for a long time and youve been able to access that data through the REST API or real-time stream.
https://blog.shodan.io/ssl-update/