End-of-Shift report
Timeframe: Mittwoch 13-01-2016 18:00 − Donnerstag 14-01-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
SlemBunk Part II: Prolonged Attack Chain and Better-Organized Campaign
Our follow-up investigation of a nasty Android banking malware we identified at the tail end of last year has not only revealed that the trojan is more persistent than we initially realized - thus making for a much more dangerous threat - but that it is also being used as part of an ongoing and evolving campaign.
https://www.fireeye.com/blog/threat-research/2016/01/slembunk-part-two.html
Faulty ransomware renders files unrecoverable, even by the attacker
A cybercriminal has built a ransomware program based on proof-of-concept code released online, but messed up the implementation, resulting in victims files being completely unrecoverable.Researchers from antivirus vendor Trend Micro recently ..
http://www.cio.com/article/3022159/faulty-ransomware-renders-files-unrecoverable-even-by-the-attacker.html
As easy as Citrix123 - hacker claims he popped Citrixs CMS
And once he was in, it became possible to pour malware onto all customers, allegedly A Russian hacker claims he broke into systems run by Citrix, and gained access to potentially a huge number of customers.
www.theregister.co.uk/2016/01/13/ruskie_hacker_pops_citrix/
Ex-NSA-Chef: Hintertüren für Verschlüsselung sind eine furchtbare Idee
Michael Hayden widerspricht den Forderungen von FBI-Boss James Comey
http://derstandard.at/2000029033330
RedHen CRM - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-002
The Redhen set of modules allows you to build a CRM features in a Drupal site.When rendering individual Contacts, this module does not properly filter the certain data prior to display. When rendering listing of notes or engagement scores, ..
https://www.drupal.org/node/2649800
Cisco kämpft mit statischem Passwort und fixt kritische Lücken
In Ciscos Identity Services Engine klafft eine als kritisch und eine als hoch eingestufte Schwachstelle. Neben der Wireless-LAN-Controller-Software sind auch noch Aironet-Basisstationen der 1800-Serie verwundbar. Sicherheitsupdates stehen bereit.
http://heise.de/-3070756
Angriff der Cyber-Eichhörnchen
Eichhörnchen sind eine größere Gefahr für Internet- und Stromleitungen als Hacker. Das zeigt die Webseite CyberSquirrel1 auf augenzwinkernde Art und Weise.
http://www.golem.de/news/internet-und-stromausfaelle-angriff-der-cyber-eichhoernchen-1601-118533.html
OpenSSL version 1.1.0 pre release 2 published
OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 2 has now been made available. For details of changes and known issues see the release ..
https://mta.openssl.org/pipermail/openssl-announce/2016-January/000057.html
Triple-Seven: OpenSSH-Schwachstelle leakt geheime Schlüssel
Eine unfertige Option, die bei OpenSSH seit 2010 standardmäßig aktiviert ist, führt dazu, dass gekaperte Server die geheimen Schlüssel der sich verbindenden Nutzer auslesen können. Updates, welche die Lücke schließen, stehen bereit.
http://heise.de/-3071372
Ransomware a Threat to Cloud Services, Too
Ransomware -- malicious software that encrypts the victims files and holds them hostage unless and until the victim pays a ransom in Bitcoin -- has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.
http://krebsonsecurity.com/2016/01/ransomware-a-threat-to-cloud-services-too/