End-of-Shift report
Timeframe: Mittwoch 20-01-2016 18:00 − Donnerstag 21-01-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Asacub Android Trojan: Financial fraud and information stealing
Asacub is a new malware that targets Android users for financial gain. When first identified, Asacub displayed all the signs of an information stealing malware; however, some versions of the Trojan ar...
http://www.net-security.org/malware_news.php?id=3190
TeslaCrypt Decrypted: Flaw in TeslaCrypt allows Victims to Recover their Files
For a little over a month, researchers and previous victims have been quietly helping TeslaCrypt victims get their files back using a flaw in the TeslaCrypts encryption key storage algorithm. The information that the ransomware could be decrypted was being kept quiet so that that the malware developer would not learn about it and fix the flaw. Since the recently released TeslaCrypt 3.0 has fixed this flaw, we have decided to publish the information on how a victim could...
http://www.bleepingcomputer.com/news/security/teslacrypt-decrypted-flaw-in-teslacrypt-allows-victims-to-recover-their-files/
El Chapos Opsec
Ive already written about Sean Penns opsec while communicating with El Chapo. Heres the technique of mirroring, explained: El chapo then switched to a complex system of using BBM (Blackberrys Instant Messaging) and Proxies. The way it worked was if you needed to contact The Boss, you would send a BBM text to an intermediary (who would spend his days...
https://www.schneier.com/blog/archives/2016/01/el_chapos_opsec.html
Cyber fraudsters steal over $50 million from airplane systems manufacturer
Austrian company FACC, which develops and produces components and systems made of composite materials for aircraft and aircraft engine manufacturers such as Boeing and Airbus, has been hit by hackers who managed to steal approximately 50 million euros (around $54,5 million).
http://www.net-security.org/secworld.php?id=19356
http://www.net-security.org/secworld.php?id=18808 (An emerging global threat: BEC scams hitting more and more businesses)
Linux-Root-Exploit: Android-Bedrohung überschaubar
Ein Mitglied des Android-Sicherheitsteams geht davon aus, dass nur wenige Android-Versionen durch die lokale Rechtausweitungslücke im Linux-Kernel verwundbar sind. Ein Patch ist in Arbeit.
http://heise.de/-3080760
Captive-Portals: Das iPhone verrät Cookies
Die Nutzung von WLANs mit Captive-Portals kann für iPhone-Nutzer zur Sicherheitsgefahr werden. Einen entsprechenden Bug haben israelische Sicherheitsforscher gefunden. Apple hat die Sicherheitslücke mittlerweile behoben.
http://www.golem.de/news/captive-portals-das-iphone-verraet-cookies-1601-118672-rss.html
Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices
Your conference room, a watchful protector."AMX (www.amx.com) is part of the HARMAN Professional Division, and the leading brand for the business, education, and government markets for the company. As such, AMX is dedicated to integrating AV solutions for an IT World. AMX solves the complexity of managing technology with reliable, consistent and scalable systems comprising control and automation, system-wide switching and AV signal distribution, digital signage and technology management.
http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html
"Ermittlungen"
"Ermittlungen" | 21. Jänner 2016 | Wir (mit Hut GovCERT) sind mal wieder vor Ort im Einsatz und helfen einer Organisation bei der Ursachenforschung und bei der Wiederherstellung der Services nach einem Sicherheitsvorfall. So weit so gut, dafür sind wir da, das ist unsere Aufgabe. Die Strafverfolgung ist aber definitiv nicht unsere Aufgabe. Das ist ganz klar und da behauptet auch keiner was anderes. Problematisch wird es dann, wenn Begriffe verwendet werden, die im normalen...
http://www.cert.at/services/blog/20160121173915-1656.html
OpenVAS Greenbone Security Assistant Cross Site Scripting
Topic: OpenVAS Greenbone Security Assistant Cross Site Scripting Risk: Low Text:Vulnerability information Date: 13th January 2016 Product: Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 Vendor:...
https://cxsecurity.com/issue/WLB-2016010133
Security Advisory: BIG-IP file validation vulnerability CVE-2015-8021
https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49580002.html?ref=rss
Security Advisory: SNTP vulnerability CVE-2015-5219
https://support.f5.com:443/kb/en-us/solutions/public/k/60/sol60352002.html?ref=rss
LiteSpeed Web Server Input Validation Flaw Lets Remote Users Inject HTTP Headers
http://www.securitytracker.com/id/1034746
DFN-CERT-2016-0118: Moodle: Zwei Schwachstellen ermöglichen u.a. einen Cross-Site-Scripting-Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0118/