End-of-Shift report
Timeframe: Dienstag 25-08-2015 18:00 − Mittwoch 26-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Windows 10^H^H Symbolic Link Mitigations
For the past couple of years I've been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I've used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create ..
http://googleprojectzero.blogspot.com/2015/08/windows-10hh-symbolic-link-mitigations.html
VB2015 preview: advanced persistent threats
There was a time when analyses of malware and viruses at the Virus Bulletin conference used the number of infections as a measure of the harm done. And while there are still many talks on what is now referred to as opportunistic malware, targeted ..
http://www.virusbtn.com/blog/2015/08_25.xml
Dropbox Phishing via Compromised Wordpress Site, (Tue, Aug 25th)
I got a couple of emails today notifying me of a Compulsory Email Account Update for my Dropbox account. The e-mails do overall mimic the Dropbox look and feel, and use
dropbox at smtp.com ..
https://isc.sans.edu/diary.html?storyid=20073
Cisco TelePresence Video Communication Server Expressway TFTP Information Disclosure Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40620
FunWebProducts UserAgent Bloating Traffic
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get hacked. Sometimes though, the answer is not clear and we can only gather clues to make ..
https://blog.sucuri.net/2015/08/funwebproducts-useragent-bloating-traffic.html
Actor that tried Neutrino exploit kit now back to Angler
Last week, we saw the group behind a significant amount of Angler exploit kit (EK) switch to Neutrino EK. We didnt know if the change was permanent, and I also noted that criminal groups using EKs have quickly changed tactics ..
https://isc.sans.edu/diary.html?storyid=20075
l+f: https-fuer-Fortgeschrittene
Googles Chrome und die Open-Source-Basis Chromium laden eine Reihe von Web-Seiten immer via gesichertem HTTPS - darunter auch viele deutsche.
http://heise.de/-2790788
Endress+Hauser HART Device DTM Vulnerability
Alexander Bolshev and Svetlana Cherkasova of Digital Security have identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager (DTM) library used in Endress+Hauser HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which Endress+Hauser has begun to integrate.
https://ics-cert.us-cert.gov/advisories/ICSA-15-237-01
Dynamic DNS and You Part 2: Identifying the Threat
Greetings! You all really seemed to like my last post on Dynamic DNS, so Ive been invited to come back and talk more about it. In part 1 , we discussed the uses of Dynamic DNS, as well as the various providers of the service and how it all ..
https://www.alienvault.com/blogs/security-essentials/dynamic-dns-and-you-part-2-identifying-the-threat
Netflix Is Dumping Anti-Virus, Presages Death Of An Industry
For years, nails have been hammering down on the coffin of anti-virus. But none have really put the beast to bed. An industry founded in the 1980s, a time when John McAfee was known as a pioneer rather than a tequila-downing rascal, ..
http://www.forbes.com/sites/thomasbrewster/2015/08/26/netflix-and-death-of-anti-virus/
CryptoGirl on StageFright: A Detailed Explanation
Detecting the PoCs published by Zimperium is not difficult: you can fingerprint the PoCs, for example. Detecting variants of the PoCs, i.e., MP4s that use one of the discovered vulnerabilities, is far more difficult. Ill explain why in a ..
http://blog.fortinet.com/post/cryptogirl-on-stagefright-a-detailed-explanation