End-of-Shift report
Timeframe: Mittwoch 15-04-2015 18:00 − Donnerstag 16-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
Impacts of a Hack on a Magento Ecommerce Website
Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience In this post, I'll show you how a hacked website results in almost immediate loss of money. We are not talking about drive-by infections that can be prevented by using a good anti-virus, updated software, and extensions like NoScript. ... This time, we're talking about using legitimate sites that have absolutely no externally visible signs of compromise.
https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html
Services - Critical - Multiple Vulnerabilites - SA-CONTRIB-2015-096
Advisory ID: DRUPAL-SA-CONTRIB-2015-096
Project: Services (third-party module)
Version: 7.x
Date: 2015-April-15
Security risk: 16/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass, Arbitrary PHP code execution
https://www.drupal.org/node/2471879
Display Suite - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-095
Advisory ID: DRUPAL-SA-CONTRIB-2015-095
Project: Display Suite (third-party module)
Version: 7.x
Date: 2015-April-15
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting
https://www.drupal.org/node/2471733
The Delicate Art of Remote Checks - A Glance Into MS15-034
Recently, the research team posted a testing script for the MS15-034 vulnerability to pastebin for the greater community to test. We received some feedback about how exactly we figured out how to check, and remote checks in general.
http://blog.beyondtrust.com/the-delicate-art-of-remote-checks-a-glance-into-ms15-034
Denial of Service Attacks Possible with OpenSSL Vulnerability CVE-2015-1787
On March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited ...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Q6dMoVlcsE4/
Exploit kits (still) pushing Teslacrypt ransomware, (Thu, Apr 16th)
Teslacrypt is a form of ransomware that was first noted in January of this year. This malware apparently targets video game-related files. Ive seen Teslacrypt dropped by the Sweet Orange exploit kit (EK), and its also been dropped by Nuclear EK. McAfee saw it dropped by Angler EK last month.
https://isc.sans.edu/diary.html?storyid=19581&rss
New POS Malware Emerges - Punkey
During a recent United States Secret Service investigation, Trustwave encountered a new family of POS malware, that we named Punkey. It appears to have evolved from the NewPOSthings family of malware first discovered by Dennis Schwarz and Dave Loftus at...
https://www.trustwave.com/Resources/SpiderLabs-Blog/New-POS-Malware-EmergesPunkey/
IBM stellt seine Security-Datenbank ins Netz
IBM Security macht seine IT-Sicherheitsdatenbank künftig auf der Sharing-Plattform X-Force Exchange in der Cloud zugänglich.
http://heise.de/-2608795
crossdomain.xml : Beware of Wildcards
This blog entry will describe a wide spread Flash vulnerability that affected many big websites including paypal.com. The description will picture the state of the website paypal.com and ebay.com in 2013-2014. The vulnerabilities were completely fixed two weeks ago. Therefore, it is not possible to reproduce this vulnerability as-is.
http://blog.h3xstream.com/2015/04/crossdomainxml-beware-of-wildcards.html
Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38403
Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd
Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr