End-of-Shift report
Timeframe: Freitag 13-03-2015 18:00 − Montag 16-03-2015 18:00
Handler: Robert Waldner
Co-Handler: n/a
ICS-CERT Monitor Quarterly Report - Phishing Reigns Supreme (March 12, 2015)
According to a quarterly report from the US Industrial Control System Computer Emergency Response Team (ICS-CERT), industrial control systems were targets of cyber attacks at least 245 times in the 12-month period between October 1, 2013 and September 30, 2014.......
http://www.sans.org/newsletters/newsbites/r/17/20/200
Security Advisory - NTPd Security Vulnerability in Multiple Huawei Products
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet.
Multiple Huawei products have this vulnerability. ( Vulnerability ID: HWPSIRT-2014-1276)
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm
TeslaCrypt ransomware attacks gamers - "all your files are belong to us!"
TeslaCrypt is a new ransomware that goes above and beyond CryptoLocker in the types of files it seeks out to hold for ransom, including those related to video games. SophosLabs dug in to find out what TeslaCrypt has in store for gamers, and everyone else.
https://nakedsecurity.sophos.com/2015/03/16/teslacrypt-ransomware-attacks-gamers-all-your-files-are-belong-to-us/
Safari: Alte Sicherheitslücke speichert URLs auch im Private-Browsing-Modus
Normalerweise sollte ein Browser alle angesurften Adressen vergessen, wenn er im 'Privatmodus' genutzt wird. Apples Safari tut das allerdings nicht - die besuchten Adressen landen in einer ungeschützten Datenbank.
http://heise.de/-2575426
Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS
We provide new attacks against RC4 in TLS that are focussed on recovering user passwords, still the pre-eminent means of user authentication on the Web today. Our attacks enhance the statistical techniques used in the previous attacks and exploit specific features of the password setting to produce attacks that are much closer to being practical. We report on extensive simulations that illustrate this.
http://www.isg.rhul.ac.uk/tls/RC4mustdie.html
Talk at Troopers15
Peter Kieseberg and Sebastian Schrittwieser give a talk about 'iAnalyze - Automated security analysis of iOS apps' at the 'Hacking Mobiles Vol. 2.1 - MMA: Mobile Malicious Apps' workshop, which is held at Troopers15 conference in Heidelberg, Germany.
https://www.sba-research.org/2015/03/16/talk-at-troopers15/
Cisco Security Advisories
* Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=37863
* Cisco AnyConnect Secure Mobility Client Hostscan Path Traversal Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=37862
* Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=37861
* Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=37860