End-of-Shift report
Timeframe: Freitag 19-06-2015 18:00 − Montag 22-06-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Owning Internet Printing - A Case Study in Modern Software Exploitation
Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs become unexploitable, ..
http://googleprojectzero.blogspot.com/2015/06/owning-internet-printing-case-study-in.html
Cacti Input Validation Flaw Permits Cross-Site Scripting and SQL Injection Attacks
The software does not properly filter HTML code from user-supplied input before displaying the input [CVE-2015-2665]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The ..
http://www.securitytracker.com/id/1032672
Multiple vulnerabilities in Cisco products
http://tools.cisco.com/security/center/viewAlert.x?alertId=39432
http://tools.cisco.com/security/center/viewAlert.x?alertId=39431
http://tools.cisco.com/security/center/viewAlert.x?alertId=39422
http://tools.cisco.com/security/center/viewAlert.x?alertId=39424
http://tools.cisco.com/security/center/viewAlert.x?alertId=39423
Banking Trojan has targeted Bundestag
After the initial reports on the attacks on the Bundestag (German Federal Parliament), variants of the Swatbanker family are now putting the Bundestags intranet on a watch list. The operators of the botnet are apparently trying to steal access data and server responses associated with this ..
https://blog.gdatasoftware.com/blog/article/banking-trojan-has-targeted-bundestag.html
Microsoft website dedicated to online privacy gets hacked
Digital Constitution was running outdated of version of WordPress.
http://arstechnica.com/security/2015/06/microsoft-website-dedicated-to-online-privacy-gets-hacked/
Microsoft: Meine Lücken schließ' ich nicht
Sicherheitsexperten geben Details zu Lücken in Internet Explorer heraus, weil Microsoft die Lücken nicht schließen will.
http://heise.de/-2718449
Standardschlüssel gefährdet SAPs Datenbank Hana
Bei der Installation wird die Benutzerdatenbank in SAPs Hana mit dem stets gleichen Standardschlüssel abgesichert. Weil dieser nur selten geändert wird, könnten sich Unberechtigte leicht Zugriff auf die dort gespeicherten Administratorkonten verschaffen.
http://www.golem.de/news/it-sicherheit-standardschluessel-gefaehrdet-saps-datenbank-hana-1506-114783.html
VMware Workstation: Der Einbruch �über Port COM1
Über Schwachstellen in VMwares Workstation und Player ist ein vollständiger Zugriff auf das Wirtssystem aus einem Gastsystem heraus möglich. VMware hat bereits Updates veröffentlicht.
http://www.golem.de/news/vmware-workstation-der-einbruch-ueber-port-com1-1506-114784.html
Advertising: The Digital Turf War on your Desktop
https://blog.malwarebytes.org/privacy-2/2015/06/advertising-the-digital-turf-war-on-your-desktop/
XARA-Lücke: Apple kündigt Fix für iOS und OS X an
Das Sicherheitsproblem, über das unter anderem Passwörter ausgelesen werden könnten, soll demnächst in der Software behoben werden. Zudem versucht sich der iPhone-Hersteller an anderen Lösungen.
http://heise.de/-2718624
The most common information security mistakes of e-commerces
Almost every month a new incident involving a big retailer, e-commerce or web platform makes the news headlines. Most retail fraud is now committed online, and in 2014 alone hackers managed to steal more than 61 million records from ..
https://www.htbridge.com/blog/the-most-common-information-security-mistakes-of-e-commerces.html
Adware for OS X distributes Trojans
Lately, reports about distribution of new malicious and potentially dangerous programs for OS X have been emerging with great frequency. Doctor Web security researches have registered a growing number of various adware and installers ..
http://news.drweb.com/show/?i=9502&lng=en&c=9
Steal That Car in 60 Seconds
Introduction Cars are everywhere and they are being upgraded with new technology as often as any other device we use. Taking some inspiration from the movie Knight and Day, ..
http://resources.infosecinstitute.com/the-car-in-60-seconds/
NSA spionierte österreichische Antiviren-Hersteller aus
Ikarus und Emsisoft genannt – NSA überwachte E-Mails an Firmen, um Entdeckung von Schadprogrammen mitzubekommen
http://derstandard.at/2000017842807
Magnitude EK: Traffic Analysis
Hello and welcome! Recently I have been skilling up in malware analysis. Specifically, my focus has been centred on client-side exploit kits, such common kits include: Angler, Nuclear, Magnitude, Neutrino, RIG... There are quite a few reasons for my new found ..
http://www.fuzzysecurity.com/tutorials/21.html
Android Activtity Security
Each Android Application is made up of Activity, Service, Content Provider and Broadcast Receiver, which are the basic components of Android. Among those components, An Activity is ..
http://translate.wooyun.io/2015/06/22/android-activtity-security.html
A month with BADONIONS
A few weeks ago I got the idea of testing how much sniffing is going on in the Tor network by setting up a phishing site where I login with unique password and then store them. I ..
https://chloe.re/2015/06/20/a-month-with-badonions/
Poseidon and Backoff POS � the links and similarities
Poseidon, also known as FindPOS, is a malware family designed for Windows point-of-sale systems. Poseidon scans the memory for running processes and employs keystroke logging ..
https://blog.team-cymru.org/2015/06/poseidon-and-the-backoff-pos-link
Bypassing Microsoft EMET 5.2 - a neverending story?
The experts of the SEC Consult Vulnerability Lab managed to adapt the EMET 5.0 / 5.1 bypasses to additionally work against the latest Microsoft EMET version which is 5.2. Results of the research were already presented this year at ..
http://blog.sec-consult.com/2015/06/bypassing-microsoft-emet-52-neverending.html