End-of-Shift report
Timeframe: Donnerstag 16-04-2015 18:00 − Freitag 17-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
Internet broken as usual.
We continue to see active exploitation against MS15-034. But nothing different from yesterday, so back to Infocon Green for now. (Fri, Apr 17th)
https://isc.sans.edu/diary.html?storyid=19593&rss
USB Defense: Stop Data Walking Out The Door
The bad news is that internal data breaches are on the rise. And one of the biggest culprits? USB devices. In the past few years, there has been many organizations tracking down the loss of sensitive/confidential information due to the usage of USB drives and other mass storage media.
http://thehackernews.com/2015/04/usb-security-software.html
US-Polizei schickt Malware an Whistleblower-Anwalt
Drei Whistelblower beschuldigen eine Polizei in Arkansas der Korruption und des Mobbings. Das Gericht ordnet die Freigabe von Dokumenten an. Die Polizei schickt eine Festplatte mit Passwortlogger, Backdoor und Command&Control Software.
http://heise.de/-2610436
On false alarms in detection of DGA botnet domains - part 1
Domain Generation Algorithms are often used in botnets to create specially crafted domain names which point to C&C servers. The main purpose of this is to make it more difficult to block connections to these servers (for example with domain blacklists) or to protect the C&C channel (and botnet itself) from a takeover. Often domains generated this way are composed of random ..
http://www.cert.pl//news/9887/langswitch_lang/en
Google's April Fool's prank inadvertently broke their security
As part of its traditional series of April Fools day jokes, Google used its own .google gTLD to launch a backwards version of its home page from the domain com.google on 1st April. However, this years joke inadvertently undermined an important security feature on Googles real homepage, which made it vulnerable to user interface redressing attacks such as click-jacking. This vulnerability would have allowed a remote attacker to change a users search settings, including turning off SafeSearch
http://news.netcraft.com/archives/2015/04/17/googles-april-fools-prank-inadvertently-broke-their-security.html
GnuTLS Certificate Validation Flaw Lets Remote Users Force a Signature Algorithm Downgrade
A vulnerability was reported in GnuTLS. A remote user can force the use of a weaker signature algorithm.
The software does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm specified in the certificate. A remote user can exploit this to force the use of a weaker encryption algorithm.
http://www.securitytracker.com/id/1032148