End-of-Shift report
Timeframe: Donnerstag 10-09-2015 18:00 − Freitag 11-09-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Bundeslagebild Cybercrime: Crime-as-a-Service wächst weiter
Das Bundeskriminalamt hat auf seiner Cybercrime-Konferenz C³ das Lagebild Cybercrime veröffentlicht. Demnach steigt die Bedrohung auf allen Gebieten der computerunterstützen Kriminalität.
http://heise.de/-2810254
VMSA-2015-0003.11
Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE.
VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, ..
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
OpenLDAP Bug in ber_get_next() Lets Remote Users Cause the Target Service to Crash
A vulnerability was reported in OpenLDAP. A remote user can cause the target service to crash. A remote user can send a specially crafted packet to cause the target slapd service to crash.
http://www.securitytracker.com/id/1033534
Yokogawa Multiple Products Buffer Overflow Vulnerabilities
This advisory provides mitigation details for stack-based buffer overflow vulnerabilities in multiple Yokogawa products.
https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01
Von T-Systems: Der Bundestag bekommt eine neue IT-Infrastruktur
Als Reaktion auf den Hackerangriff werden im Bundestag nun mehr als 10.000 Webseiten dauerhaft gesperrt. Außerdem soll T-Systems ein neues Netzwerk aufbauen. Bundestags-Mitarbeiter müssen ihre USB-Sticks bald zu Hause lassen.
http://www.golem.de/news/von-t-systems-der-bundestag-bekommt-eine-neue-it-infrastruktur-1509-116255.html
Google veröffentlicht erstes monatliches Sicherheitsupdate
Nach der Entdeckung der Stagefright-Sicherheitslücke hatte Google angekündigt, einen monatlichen Patchday mit Sicherheitsupdates einzuführen. Jetzt sind die ersten Builds veröffentlicht worden.
http://www.golem.de/news/android-google-veroeffentlicht-erstes-monatliches-sicherheitsupdate-1509-116259.html
Simulation zeigte Millionen Hacker-Angriffe auf Zug-Steuersysteme
Falle "HoneyTrain": Wer würde tatsächlich versuchen, in die originalgetreue Nachbildung eines Zug-Steuerungssystems einzudringen?
http://derstandard.at/2000022056115
Cyber criminal crew DD4BC extorts businesses via DDoS
According to a report recently issued by Akamai, the DD4BC criminal group has been responsible for at least 114 DDoS attacks on its customers. According the Akamai firm, the criminal crews known as DD4BC has carried out at least 114 ..
http://securityaffairs.co/wordpress/40034/cyber-crime/dd4bc-group-extortion-ddos.html
Analysing a new eBanking Trojan called Fobber
Some weeks ago we read an interesting blog by Malwarebytes about Fobber, a new e-banking focussed malware in the arena that seems to be a Tinba spinoff. We decided to have a closer look at it to find out whether Swiss critical infrastructures are targeted by it. Wed like to share our findings with you, because it contains some interesting advanced techniques ..
http://www.govcert.admin.ch/blog/12/analysing-a-new-ebanking-trojan-called-fobber
SUCEFUL: Next Generation ATM Malware
You dip your debit card in an automated teller machine (ATM) and suddenly realize it is stuck inside, what happened?
https://www.fireeye.com/blog/threat-research/2015/09/suceful_next_genera.html
A Retrospective on Ashely Madison and the Value of Threat Modeling
One of my favourite authors in the field of computer security is Gary McGraw. If you are not familiar with him, I'd suggest you start by reading his book Software Security: Building Security In. One of the key points he makes is a distinction ..
https://littlemaninmyhead.wordpress.com/2015/09/08/a-retrospective-on-ashely-madison-and-the-value-of-threat-modeling/
A Peek Inside an Affiliate's Malspam Operation: Kovter and Miuref/Boaxxe Infections
In March of this year, reports of malspam campaigns utilizing an email attached '.doc.js' files, which tied back to the Kovter and Boaxxe clickfraud trojans. The analysis of these malware families have already been well documented ..
http://phishme.com/a-peek-inside-an-affiliates-malspam-operation-kovter-and-miurefboaxxe-infections/