End-of-Shift report
Timeframe: Freitag 05-06-2015 18:00 − Montag 08-06-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
�UnfriendAlert� wants your Facebook Credentials
For our first "PUP Friday" post, we talked about UnfriendAlert, a program that purports to notify users ..
https://blog.malwarebytes.org/online-security/2015/06/unfriendalert-wants-your-facebook-credentials/
Changes in Oracle Database 12c password hashes
Oracle has made improvements to user password hashes within Oracle Database 12c. By using a PBKDF2-based SHA512 hashing algorithm, instead of simple SHA1 hash, password ..
http://trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-12c-password-hashes/
[Honeypot Alert] Fritz!Box � Remote Command Execution Exploit Attempt
Our web honeypots picked up some exploit attempts for a remote command execution vulnerability in FRITZ!Box, a series of routers produced by AVM. This exploit targets router ..
http://trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Fritz!Box-%e2%80%93-Remote-Command-Execution-Exploit-Attempt/
Checking for BACNet devices inside corporate networks
Building automation Networks are very common today for intelligent buildings. They interconnect several type of devices like escalators, elevators, power circuits, heating, ventilating and air conditioning (HVAC) to the main control ..
https://isc.sans.edu/diary.html?storyid=19771
Insider vs. Outsider Threats: Identify and Prevent
In my last article, we discussed on a step-by-step approach on APT attacks. The origin of any kind of cyber-attack is through an external or an internal source. Multiple sophisticated insider attacks resulted in the exfiltration of ..
http://resources.infosecinstitute.com/insider-vs-outsider-threats-identify-and-prevent/
Antiquated environment and bad security practices aided OPM hackers
By now, youve all heard about the massive breach at the US Office of Personnel Managements (OPM), and that the attackers have accessed (and likely made off with) personal information ..
http://www.net-security.org/secworld.php?id=18484
Plex verschl�sselt Verbindung zur eigenen Medienzentrale
Den bisher größte Einsatz von Sicherheitszertifikaten heftet sich die Medienzentrale Plex auf die eigenen Fahnen. In einer Kooperation mit DigiCert bekommen sämtliche Nutzer der Software ein kostenloses SSL/TLS-Zertifikat für ihren Server ausgestellt.
http://derstandard.at/2000017144835
DSA-3281 - Debian Security Team PGP/GPG key change notice
This is a notice that the Debian Security Team has changed its PGP/GPGcontact key because of a periodic regular key rollover.
https://www.debian.org/security/2015/dsa-3281
Matryoshka dolls: analysing a packer for CTB locker
We recently encountered a phishing campaign distributing CTB locker. Victims were sent an e-mail that appeared to be from a Dutch webshop, with the e-mail describing a Fifa15 order for Playstation 3. While no one uses PS3 anymore , there were users who ..
https://www.dearbytes.com/en/nieuws/matroesjka-poppen-ctb-locker/
Raub im Zug: Datendiebstahl - ganz analog
Banden stehlen Handys und Laptops von Managern, um die Besitzer oder deren Firmen mit den erbeuteten Daten zu erpressen.
http://www.golem.de/news/raub-im-zug-datendiebstahl-ganz-analog-1506-114530.html
Malware zapft Kreditkartendaten von Oracle-Kassensystemen ab
Ein weiterer Schädling nistet sich in Point-of-Sales-Terminals ein und kopiert die Daten ahnungsloser Kreditkarten-Nutzer. MalaumPOS hat es auf ein weit verbreitetes Kassensystem von Oracle abgesehen.
http://heise.de/-2680638
Bugtraq: strongswan security update
Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec
suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP,
the constraints on the ..
http://www.securityfocus.com/archive/1/535708
Zeus Isn�t Dead, New Version Evades All Antivirus Detection Tools
The venerable Zeus banking Trojan has been killed off many times; disappearing from the global Internet time and time again only to reappear with new modifications designed ..
http://www.pcrisk.com/internet-threat-news/9068-zeus-evades-all-antivirus-detection-tools
Many Drug Pumps Open to Variety of Security Flaws
In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to ..
http://threatpost.com/many-drug-pumps-open-to-variety-of-security-flaws/113202