End-of-Shift report
Timeframe: Freitag 07-10-2016 18:00 − Montag 10-10-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Europe to Push New Security Rules Amid IoT Mess
The European Commission is drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.
https://krebsonsecurity.com/2016/10/europe-to-push-new-security-rules-amid-iot-mess/
Mehr Sicherheit für das Internet der Dinge
Die vernetzten Geräte des Internet of Things (IoT) sammeln und verarbeiten immer mehr Daten, versagen jedoch häufig beim Schutz dieser Daten. Ein ausführlicher Leitfaden will bei der Entwicklung sicherer Geräte helfen.
https://heise.de/-3343482
Security Economics of the Internet of Things
Brian Krebs is a popular reporter on the cybersecurity beat. He regularly exposes cybercriminals and their tactics, and consequently is regularly a target of their ire. Last month, he wrote about an online attack-for-hire service that resulted in the arrest of the two proprietors. In the aftermath, his site was taken down by a massive DDoS attack.In many ways, this is nothing new. Distributed denial-of-service attacks are a family of attacks that cause websites and other Internet-connected...
https://www.schneier.com/blog/archives/2016/10/security_econom_1.html
Mirai: DDoS per IoT
In den letzten Wochen wurde mal wieder ein neuer Rekord für den bisher stärksten gemessenen Distributed Denial of Service (DDoS) Angriff aufgestellt. Das ist soweit nicht überraschend, die verfügbare Bandbreite im Internet wächst immer noch stark, da ist klar, dass damit auch die Angriffsstärke zunehmen kann. Überraschend war aber, dass der Rekord nicht über einen "reflected DDoS" erreicht wurde. Diese Methode...
http://www.cert.at/services/blog/20161010095630-1789.html
Strange Loop - IP Spoofing
I recently gave a talk at the Strange Loop conference in St Louis. The recording and slides are available, but for easier consumption heres a transcript.
https://idea.popcount.org/2016-09-20-strange-loopip-spoofing/
VMware stopft Informationsleck in Horizon View
Wichtige Sicherheits-Updates sollen VMware Horizon View unter Windows sicherer machen.
https://heise.de/-3343678
Radare2: rahash2, (Mon, Oct 10th)
Radare2 is an open-source reverse-engineering framework. Some time ago I wrote about recovering ransomed pictures. By calculating the entropy of the ransomed files with my byte-stats tool, I could see that the file was not completely encrypted. rahash2 is one of the tools in the Radare2 framework. As it names implies, it calculates (cryptographic) hashes, but it is quite versatile. For example, it will also calculate entropy: And like my byte-stats.py tool, it can also split the file in blocks...
https://isc.sans.edu/diary.html?storyid=21577&rss
Remove ransomware infections from your PC using these free tools
A how-to on finding out what ransomware is squatting in your PC -- and how to get rid of it.
http://www.zdnet.com/article/remove-ransomware-infections-from-your-pc-using-these-free-tools/
Open-Source-Router: 1000 Turris Omnia ausgeliefert
Nachdem es ursprünglich im Sommer losgehen sollte, lieferte der Hersteller cz.nic doch erst Ende September die ersten Turris-Omnia-Router aus. Vor ein paar Tagen wurde bereits das tausendste Exemplar verschickt.
https://heise.de/-3344417
VU#338624: U by BB and T iOS banking application fails to properly validate SSL certificates
Vulnerability Note VU#338624 U by BB&T iOS banking application fails to properly validate SSL certificates Original Release date: 30 Sep 2016 | Last revised: 06 Oct 2016 Overview U by BB&T for iOS, version 1.5.4 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. Description CWE-295: Improper Certificate Validation - CVE-2016-6550U by BB&T is a banking application. On iOS...
http://www.kb.cert.org/vuls/id/338624
Vuln: GraphicsMagick CVE-2016-7997 NULL Pointer Denial of Service Vulnerability
http://www.securityfocus.com/bid/93467
DSA-3689 php5 - security update
Several vulnerabilities were found in PHP, a general-purpose scriptinglanguage commonly used for web application development.
https://www.debian.org/security/2016/dsa-3689
Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
FlashAir provided by Toshiba Corporation does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled.
http://jvn.jp/en/jp/JVN39619137/
IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services: Clickjacking (CVE-2016-3060)
http://www-01.ibm.com/support/docview.wss?uid=swg21992051
IBM Security Bulletin: HTTP Response Splitting in Liberty affects IBM MessageSight (CVE-2016-0359)
http://www-01.ibm.com/support/docview.wss?uid=swg21991096
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)
http://www.ibm.com/support/docview.wss?uid=isg3T1024350
IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Systems Director Storage Control ( CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=isg3T1024349