End-of-Shift report
Timeframe: Donnerstag 28-01-2016 18:00 − Freitag 29-01-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Elaborate iCloud Phish Used To Activate Stolen iPhones
Lost your iphone? Beware of messages claiming it was found.Categories: Phishing(Read more...)
https://blog.malwarebytes.org/phishing/2016/01/elaborate-icloud-phish-used-to-activate-stolen-iphones-2/
New Attacks Linked to C0d0so0 Group
While recently researching unknown malware and attack campaigns using the AutoFocus threat intelligence platform, Unit 42 discovered new activity that appears related to an adversary group previously called "C0d0so0" or "Codoso". This group is well...
http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/
Ein Schlüssel fürs ungesicherte Smart Home
Experten warnen vor unsicheren Eigenheim-Lösungen, die mit dem Internet verbunden sind. Konsumenten sollten von den Herstellern mehr Sicherheit einfordern.
http://futurezone.at/digital-life/ein-schluessel-fuers-ungesicherte-smart-home/177.111.264
Trojan targeted dozens of games on Google Play
January 28, 2016 Doctor Web security researchers detected the Android.Xiny.19.origin Trojan that targeted dozens of games published on the Google Play store. The Trojan is designed to download, install, and run programs upon receiving a command from cybercriminals. Besides, it can display annoying advertisements. The Trojan was incorporated into more than 60 games that were then distributed via Google Play in the names of more than 30 game developers, including Conexagon Studio, Fun Color...
http://news.drweb.com/show/?i=9803&lng=en&c=9
OpenSSL-Lücke: Die Sache mit den sicheren Primzahlen
OpenSSL hat mit einem Sicherheitsupdate eine Sicherheitslücke im Diffie-Hellman-Schlüsselaustausch behoben, deren Risiko als "hoch" eingestuft wird. Allerdings dürfte kaum jemand von der Lücke praktisch betroffen sein.
http://www.golem.de/news/openssl-luecke-die-sache-mit-den-sicheren-primzahlen-1601-118812-rss.html
Auto mit bösartigem Lied gekapert
Ein Sicherheitsforscher, der bereits 2010 eine kritische Lücke in einem Automobil-System entdeckte, hat nun erklärt, wie sie funktioniert: mit Schadcode, der in einem Song versteckt wurde. Auch heute sind ähnliche Angriffe noch immer denkbar.
http://heise.de/-3087160
27% of all malware variants in history were created in 2015
Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year.That averages out to around 230,000 new malware samples a day, said Luis Corrons, technical director of Pandas PandaLabs unit. Or 27 percent of all malware ever created.Trojans continued to account for the main bulk of malware, at 51.45 percent, followed by viruses at 22.79 percent, worms at 13.22 percent, potentially...
http://www.cio.com/article/3027621/cyber-attacks-espionage/27-of-all-malware-variants-in-history-were-created-in-2015.html
From Linux to Windows - New Family of Cross-Platform Desktop Backdoors Discovered
Background Recently we came across a new family of cross-platform backdoors for desktop environments. First we got the Linux variant, and with information extracted from its binary, we were able to find the variant for Windows desktops, too. Not only...
http://securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/
Guest talk: "Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces"
February 02, 2016 - 11:00 am - 12:00 pm SBA Research Favoritenstraße 16 1040 Wien
https://www.sba-research.org/events/guest-talk-hidden-gems-automated-discovery-of-access-control-vulnerabilities-in-graphical-user-interfaces/
Security Advisory: Linux kernel vulnerability CVE-2015-7509
https://support.f5.com:443/kb/en-us/solutions/public/k/73/sol73189318.html?ref=rss
DSA-3459 mysql-5.5 - security update
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.47. Please see the MySQL 5.5 Release Notes and OraclesCritical Patch Update advisory for further details:
https://www.debian.org/security/2016/dsa-3459
Westermo Industrial Switch Hard-coded Certificate Vulnerability
This advisory contains mitigation details for a hard-coded certificate vulnerability in Westermo's industrial switches.
https://ics-cert.us-cert.gov/advisories/ICSA-16-028-01
JBoss Data Virtualization Object Deserialization FlawLets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1034815
Cisco Small Business 500 Series Switches Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs
Cisco Unity Connection User Search Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc
Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl
nginx DNS Processing Flaws Let Remote Users Deny Service
http://www.securitytracker.com/id/1034869
Bugtraq: ProjectSend multiple vulnerabilities
http://www.securityfocus.com/archive/1/537402
Telegram (API) Cross Site Request Forgery
Topic: Telegram (API) Cross Site Request Forgery Risk: Medium Text:Document Title: Telegram (API) - Cross Site Request Forgery Vulnerabilities References (Source): == http:/...
https://cxsecurity.com/issue/WLB-2016010208
HP Security Bulletins
HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04953244
HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS)
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04952480
HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS)
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04952488
HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
Bugtraq: [security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS)
http://www.securityfocus.com/archive/1/537401
Bugtraq: [security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities
http://www.securityfocus.com/archive/1/537400
Novell Patches
IDM 4.5 Engine & Remote Loader Service Pack 3 4.5.3
https://download.novell.com/Download?buildid=Rjs_0SapjGg~
IDM 4.5 Identity Applications 4.5.3
https://download.novell.com/Download?buildid=N63wVOwZf_s~
NetIQ Identity Manager Service Pack 3 - Designer 4.5.3
https://download.novell.com/Download?buildid=QgHXVOxv310~
iManager 2.7 Support Pack 7 - Patch 6 for Windows
https://download.novell.com/Download?buildid=RYH_EkORvU4~
eDirectory 8.8 SP8 Patch 7 for Linux
https://download.novell.com/Download?buildid=l6ulyqWxDv8~
eDirectory 8.8 SP8 Patch 7 for Windows
https://download.novell.com/Download?buildid=HTund35qCFk~
eDirectory 8.8 SP8 Patch 7 (non-root) for Linux
https://download.novell.com/Download?buildid=Drw3BqUXIo4~
iManager 2.7 Support Pack 7 - Patch 6 for Linux
https://download.novell.com/Download?buildid=E9m024HXLHw~