End-of-Shift report
Timeframe: Freitag 03-07-2015 18:00 − Montag 06-07-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
[20150602] - Core - CSRF Protection
http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html
[20150601] - Core - Open Redirect
http://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html
This 20-year-old Student Has Written 100 Malware Programs in Two Years
Security firm Trend Micro has identified a 20-year-old Brazilian college student responsible for developing and distributing over 100 Banking Trojans selling each for around ..
http://thehackernews.com/2015/07/student-hacker.html
A .BUP File Is An OLE File
Yesterday I mentioned that McAfee quarantine files on Windows (.BUP extension) are actually OLE files. Im going to write a couple of diary entries highlighting some file types that are OLE files, and ..
https://isc.sans.edu/diary.html?storyid=19869
MMD-0036-2015 - KINS (or ZeusVM) v2.0.0.0 tookit (builder & panel) leaked.
The background KINS (or ZeusVM to be precised) v2.0.0.0 tookit (builder & panel) was leaked and spread all over the internet. On Jun 26th 2015 we were informed about this and after several internal discussion, considering that: "so ..
http://blog.malwaremustdie.org/2015/07/mmd-0036-2015-kins-or-zeusvm-v2000.html
A fileless Ursnif doing some POS focused reco
http://malware.dontneedcoffee.com/2015/07/a-fileless-ursnif-doing-some-pos.html
BizCN gate actor changes from Fiesta to Nuclear exploit kit
Introduction An actor using gates registered through BizCN recently switched from Fiesta to Nuclear exploit kit (EK). This happened around last month, and we first noticed the change on 2015-06-15. I started writing about this actor in 2014 ..
https://isc.sans.edu/diary.html?storyid=19875
Don't Be Fooled By Phony Online Reviews
The Internet is a fantastic resource for researching the reputation of companies with which you may wish to do business. Unfortunately, this same ease-of-use can lull the unwary into falling for marketing scams originally perfected ..
http://krebsonsecurity.com/2015/07/dont-be-fooled-by-phony-online-reviews/
Spionagefirma Hacking Team: "Feind des Internets" selbst gehackt
Die italienische Überwachungsfirma Hacking Team wurde selbst Opfer eines massiven Hacks: Eindringlinge konnten rund 480 GB an internen Daten übernehmen und diese als Download bereitstellen. Auch der Twitter-Account des Unternehmens wurde übernommen und in "Hacked Team" umbenannt. Die veröffentlichten Informationen ..
http://derstandard.at/2000018630550
Blue-Pill-Lücke in Xen geschlossen
In der langen Liste der Sicherheits-Verbesserungen von Xen 4.5.1 finden sich auch eine Lücke, die den Ausbruch aus einer virtuellen Maschine erlaubt - und ein geheimnisvoller, noch undokumentierte Eintrag.
http://heise.de/-2736158
ManageEngine Password Manager Pro 8.1 SQL Injection
An authenticated user (even the guest user) is able to execute arbitrary SQL code using a forged request to the SQLAdvancedALSearchResult.cc. The SQL query is build manually and is not escaped properly in the AdvanceSearch.class of AdventNetPassTrix.jar.
http://cxsecurity.com/issue/WLB-2015070020
Insider Threats Defined
According to the second annual SANS survey on the security of the financial services sector, the number one threat companies are concerned about doesn’t relate to nation-states, organised criminal gangs or ‘APTs’. Rather the main worry revolves around insider threats – but what exactly is an insider threat and what can be done to detect and respond to these threats?
https://www.alienvault.com/blogs/security-essentials/insider-threats-defined
How to Deal with Reverse Domain Name Hijacking
The fact that one owns a trademark which is identical or confusingly similar to a domain name does not necessarily mean that she is entitled to that domain name. For ..
http://resources.infosecinstitute.com/how-to-deal-with-reverse-domain-name-hijacking/
Rätselaufgaben gegen DDoS-Angriffe auf TLS
Ein Akamai-Mitarbeiter beschreibt, wie mit einfachen Rechenaufgaben DDoS-Angriffe durch Clients auf TLS-Verbindungen minimiert werden könnten. Die Idee ist zwar noch ein Entwurf, könnte aber als Erweiterung für TLS 1.3 standardisiert werden.
http://www.golem.de/news/ietf-raetselaufgaben-gegen-ddos-angriffe-auf-tls-1507-115068.html
AWS Best Practices for DDoS Resiliency (PDF)
http://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf
No one expect command execution !
Unix is a beautiful world where your shell gives you the power of launching any command you like. But sometimes, command can be used to launch another commands, and thats sometimes unexpected.
http://0x90909090.blogspot.fr/2015/07/no-one-expect-command-execution.html