End-of-Shift report
Timeframe: Mittwoch 23-09-2015 18:00 − Donnerstag 24-09-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
A vulnerability in the SSH version 2 (SSHv2) protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability
A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local ..
http://tools.cisco.com/security/center/viewAlert.x?alertId=41135
Bidding for Breaches, Redefining Targeted Attacks
A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of "targeted attacks." These bid-and-ask forums match crooks who are looking for access to specific data, resources or systems within major corporations with hired muscle who are up to the task or who already have access to those resources.
http://krebsonsecurity.com/2015/09/bidding-for-breaches-redefining-targeted-attacks/
Custom Sidebars 2.1.0.1 - XSS
https://wpvulndb.com/vulnerabilities/8196
Multiple vulnerabilities in Kaseya Virtual System Administrator
http://www.zerodayinitiative.com/advisories/ZDI-15-450/
http://www.zerodayinitiative.com/advisories/ZDI-15-449/
http://www.zerodayinitiative.com/advisories/ZDI-15-448/
Healthcare Organizations Twice As Likely To Experience Data Theft
Bad guys very willing to invest in attacking medical data, but healthcare not very willing to invest in defending it.
http://www.darkreading.com/risk/healthcare-organizations-twice-as-likely-to-experience-data-theft/d/d-id/1322312
Chinese Actors Use '3102' Malware in Attacks on US Government and EU Media
On May 6 and May 11, 2015, Unit 42 observed two targeted attacks, the first against the U.S. government and the second on a European media company. Threat actors delivered the same document via ..
http://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media
An Update on Nuclear (Reverse) Engineering
Although Angler continues to be the leading exploit kit, Nuclear is a significant threat to web surfers and seems to have been very active lately. ThreatLabZ recently encountered a Nuclear campaign originating from a variety of compromised ..
http://research.zscaler.com/2015/09/an-update-on-nuclear-reverse-engineering.html
Quaverse RAT: Remote-Access-as-a-Service
Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java RAT. As you might expect from a RAT, the tool is capable of grabbing passwords, ..
https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-as-a-Service/
UltraEdit 22.20 Buffer Overflow
https://cxsecurity.com/issue/WLB-2015090142
Fingerabdrücke von Millionen US-Bediensteten gestohlen
Eine China zugeschriebene Hacker-Attacke auf die US-Bundespersonalbehörde OPM war noch schwerer als ohnehin schon gedacht. Demnach verschafften sich die Cyber-Angreifer neben ..
http://derstandard.at/2000022711754
Tracking Administrator Sessions in Windows Environments
Tracking users with privileged access is a critical task in your security policy (SANS Critical Security Control #12). If the key point is to restrict the number of 'power users' to the lowest, it's not always easy. Most of them ..
https://blog.rootshell.be/2015/09/24/tracking-administrator-sessions-in-windows-environments/
Exploiting Corporate Printers
Printer exploitation and vulnerability in printers are serious problems, similar to those faced with computers and other hard drive devices, since they are connected to the network like other devices. Nowadays, most corporate offices or organizations ..
http://resources.infosecinstitute.com/exploiting-corporate-printers/
General HTML5 Security
HTML5 is a living standard and new features are being added as we speak. New features will continue to arrive and browsers will keep becoming better and better at supporting them. However, those new features also bring with them new opportunities for ..
http://resources.infosecinstitute.com/general-html5-security/
XcodeGhost: Apple veröffentlicht "Top 25" der infizierten Apps
Apple hat die 25 populärsten unter den kompromittierten Apps genannt, für manche ist bereits ein Update erhältlich. Die Einschätzungen zur Gesamtzahl der durch XcodeGhost betroffenen iOS-Programme variieren weiterhin deutlich.
http://heise.de/-2824927
Kovter malware learns from Poweliks with persistent fileless registry update
A variant of the Kovter malware is the first to use Trojan.Poweliks' pioneering tricks by residing only in the registry to evade detection.
http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update
One Year After Shellshock, Are Your Servers and Devices Safer?
Security researchers were the first to respond during the Shellshock attacks of 2014. After news of the fatal flaw in the prevalent Bash (Bourne Again Shell)- found in most versions of the Unix and Linux operating systems as well as in Mac OSX - was released, ..
http://blog.trendmicro.com/trendlabs-security-intelligence/one-year-after-shellshock-are-your-servers-and-devices-safer/