End-of-Shift report
Timeframe: Mittwoch 27-01-2016 18:00 − Donnerstag 28-01-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Googles VirusTotal now picks out suspicious firmware
Googles VirusTotal service has added a new tool that analyzes firmware, the low-level code that bridges a computers hardware and operating system at startup.Advanced attackers, including the U.S. National Security Agency, have targeted firmware as a place to embed malware since its a great place to hide. Since antivirus programs "are not scanning this layer, the compromise can fly under the radar," wrote Francisco Santos, an IT security engineer with VirusTotal, in a blog post on...
http://www.cio.com/article/3027050/googles-virustotal-now-picks-out-suspicious-firmware.html
Critical Israel power grid attack was just boring ransomware
Minister puts nation on alert, SANS Institute says move along, nothing to see here ... The SANS Institute has moved to quell reports that Israels energy grid has been hit by malware, revealing instead that the attacks were ransomware infecting the nations utility regulatory authority.
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/28/israel_power_grid_attack_boring_ransomware/
ENISA Threat Landscape 2015, a must reading
ENISA has issued the annual ENISA Threat Landscape 2015 a document that synthesizes the emerging trends in cyber security I'm very happy to announce the publication of the annual ENISA Threat Landscape 2015 (ETL 2015), this is the fifth report issued by the European Agency. The ENISA Threat Landscape 2015 summarizes top cyber threats, experts have identified...
http://securityaffairs.co/wordpress/43998/cyber-crime/enisa-threat-landscape-2015.html
Techie on the ground disputes BlackEnergy Ukraine power outage story
And Russia? Thats too convenient A Ukrainian telecoms engineer has raised doubts about the widely reported link between BlackEnergy attacks and power outages in his country.
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/27/ukraine_blackenergy_analysis/
BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents
Few days ago, we came by a new document that appears to be part of the ongoing attacks BlackEnergy against Ukraine. Unlike previous Office files used in the recent attacks, this is not an Excel workbook, but a Microsoft Word document.
http://securelist.com/blog/research/73440/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents/
Java Serialization Bug Crops Up At PayPal
PayPal has rewarded two researchers with bug bounties for the discovery of a Java serialization vulnerability in manager.paypal.com
http://threatpost.com/java-serialization-bug-crops-up-at-paypal/116054/
LG closes data-theft hole affecting millions of G3 smartphones
Bug allows attackers to embed malicious code in data fed to phone.
http://arstechnica.com/security/2016/01/lg-closes-data-theft-hole-affecting-millions-of-g3-smartphones/
Oracle announces Java plugin deprecation, death
With a short post by a member of the Java strategy team, Oracle has announced the approaching death of the hated Java plugin. "Oracle plans to deprecate the Java browser plugin in JDK 9. This techn...
http://www.net-security.org/secworld.php?id=19385
DFN-CERT-2016-0166: OpenSSL: Zwei Schwachstellen ermöglichen das Umgehen von Sicherheitsmechanismen und das Ausspähen von Informationen
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0166/
Bugtraq: Netgear GS105Ev2 - Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/537389
Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
Security Advisory: IPSec vulnerability CVE-2015-4047
https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05013313.html?ref=rss
Filr 1.2 - Security Update 1
Abstract: Security Updates for openSSH on the Filr, Search and MySQL 1.2.0 appliances.Document ID: 5233830Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:MySQL-1.2.0.412.HP.zip (763.81 kB)Filr-1.2.0.857.HP.zip (763.86 kB)Search-1.2.0.996.HP.zip (763.83 kB)Products:Filr 1.2Superceded Patches: None
https://download.novell.com/Download?buildid=Sww_cAfKic0~
Filr 1.1 - Security Update 5
Abstract: Security Updates for openSSH on the Filr, Search and MySQL 1.1.0 appliances.Document ID: 5233810Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:MySQL-1.1.0.386.HP.zip (763.82 kB)Search-1.1.0.823.HP.zip (763.83 kB)Filr-1.1.0.677.HP.zip (763.91 kB)Products:Filr 1.1Superceded Patches: None
https://download.novell.com/Download?buildid=GGjGx_IhcY4~
phpMyAdmin 4.5.4, 4.4.15.3, and 4.0.10.13 are released
Welcome to phpMyAdmin 4.5.4, which contains regular bug fixes and a number of security fixes. The phpMyAdmin project also announces the release of versions 4.4.15.3 (a security release compatible with PHP versions as old as 5.3.7 and MySQL 5.5), and 4.0.10.13 (a security release compatible with PHP versions as old as 5.2 and MySQL 5). The security incidents will be documented in the upcoming PMASA-2016-1 through PMASA-2016-9, which will be available shortly at
https://www.phpmyadmin.net/news/2016/1/28/phpmyadmin-454-44153-and-401013-are-released/
Bugtraq: HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase
http://www.securityfocus.com/archive/1/537395
Bugtraq: Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability
http://www.securityfocus.com/archive/1/537396