End-of-Shift report
Timeframe: Dienstag 29-09-2015 18:00 − Mittwoch 30-09-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Analyzing Black Hat URL Shorteners
Hackers are known to use URL shortening services to obfuscate their real landing pages. It's very effective in clickbait scams on social networks. Some hackers think that using URL shorteners in site injections makes it less likely to be ..
https://blog.sucuri.net/2015/09/analyzing-black-hat-url-shorteners.html
Updated PClock Ransomware Still Comes Up Short
In recent years, ransomware families are often glamorized as being some of the most dangerous types of malware. They've certainly caused a wealth of damage to end users with some of the ..
http://researchcenter.paloaltonetworks.com/2015/09/updated-pclock-ransomware-still-comes-up-short/
New Tactic Finds RAT Operators Fast
Low tolerance for latency makes RAT operators less likely to use proxies, easier to track back home.
http://www.darkreading.com/analytics/new-tactic-finds-rat-operators-fast/d/d-id/1322409
Tricks for DLL analysis
Very often I get questions on how to perform analysis on DLL files. The reason being that it is easier to perform behavioral analysis on executables, either using external sandboxes or a vmware with tools like the ones from the Sysinternals ..
https://isc.sans.edu/diary.html?storyid=20195
Honeywell Experion PKS Directory Traversal Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01
Mitsubishi Electric MELSEC FX-Series Controllers Denial of Service
https://ics-cert.us-cert.gov/advisories/ICSA-15-146-01
Baxter SIGMA Spectrum Infusion System Vulnerabilities
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01
RSA Web Threat Detection Bugs Let Remote Authenticated Users Obtain the AnnoDB Password and Local Users Gain Root Privileges
Two vulnerabilities were reported in RSA Web Threat Detection. A local user can obtain root privileges on the target system. A remote authenticated user can obtain passwords on the target system.
http://www.securitytracker.com/id/1033672
RSA Certificate Manager and Registration Manager Input Validation Flaw in OneStep Component Lets Remote Users Traverse the Directory to View Files on the Target System
A vulnerability was reported in RSA Certificate Manager and RSA Registration Manager. A remote user can view files on the target system.
http://www.securitytracker.com/id/1033671
freeswitch Heap Overflow
A carefully crafted json string supplied to cJSON_Parse will trigger a
heap overflow with user controlled data. The underlying vulnerability occurs in the parse_string function.
https://cxsecurity.com/issue/WLB-2015090190
Kontodaten via App ergaunert: Salzburgerin geschädigt
http://derstandard.at/2000022994264
WordPress Malware - VisitorTracker Campaign Update
For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially ..
https://blog.sucuri.net/2015/09/wordpress-malware-visitortracker-campaign-update.html
Companies leave vulnerabilities unpatched for up to 120 days
Kenna studied the proliferation of non-targeted attacks and companies' ability to mitigate these threats through the timely remediation of security vulnerabilities ..
http://www.net-security.org/secworld.php?id=18911
Security Advisory - Multiple Vulnerabilities in Huawei FusionServer Products
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-456219.htm
Multiple vulnerabilities in Typo3 extensions
http://www.typo3.org/news/article/sql-injection-in-extension-httpbl-blocking-mh-httpbl/
http://www.typo3.org/news/article/cross-site-request-forgery-in-extension-typo3-quixplorer-t3quixplorer/
http://www.typo3.org/news/article/cross-site-scripting-in-extension-news-system-news/
http://www.typo3.org/news/article/information-disclosure-in-extension-ldap-eu-ldap/
Pwn The Docs: Vulnerability in readthedocs.org
If youre not familiar with readthedocs.org its a really popular place for developers to post documentation on their open source code. Its a really great platform and we in fact use it regularly. Honestly, Ive struggled with whether I want to release this vulnerability because its maintained by a few dudes ..
http://alex.hyperiongray.com/posts/302352-pwn-the-docs
The Cost of a Data Breach: How Harmful Can a Data Breach Be?
There is this belief that businesses that have suffered a data security breach very often do not recover. But is that really so? What does it take to actually destroy a company with a data breach? Before we go to the analysis, ..
http://resources.infosecinstitute.com/the-cost-of-a-data-breach-how-harmful-can-a-data-breach-be/
That Big Security Fix for Credit Cards Won't Stop Fraud
The new chip cards and readers wont stop card fraud but will simply shift it to a different area.
http://www.wired.com/2015/09/big-security-fix-credit-cards-wont-stop-fraud/
User Education, Carrot vs. Stick
It's a perennial problem, after hours of presentations, online training, reminder emails, poster campaigns and memos, the phone rings, and a senior member of staff has opened a malicious email attachment, ..
https://blog.team-cymru.org/2015/09/user-education-carrot-vs-stick/
Sicherheitslücken gestopft: SAP macht HANA sicherer
SAP hat im Mai und April dieses Jahres zwölf Sicherheitslücken in der In-Memory-Plattform HANA geschlossen. Onapsis hat die Lücken erst jetzt gebündelt offengeleg, geht aus einer am gestrigen Dienstag veröffentlichten Sicherheitswarnung von Onapsis hervor.
http://heise.de/-2835049
Europol: Cyber-Kriminelle werden immer aggressiver
In Den Haag beraten 300 Experten von Europol und Interpol über wirksame Strategien gegen die Internet-Kriminalität.
http://heise.de/-2835263
Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet
Should have stayed under the skirt of Mother Russia. Just a thought Dimitry Belorossov - a Russian cyber-criminal who used the Citadel banking trojan - has been ..
www.theregister.co.uk/2015/09/30/rainerfox_sentenced/
New 'Ghost Push' Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps
Halloween is still a month from now and yet Android users are already being haunted by the previously reported 'Ghost Push' malware, which roots ..
http://blog.trendmicro.com/trendlabs-security-intelligence/new-ghost-push-variants-sport-guard-code-malware-creator-published-over-600-bad-android-apps