End-of-Shift report
Timeframe: Freitag 14-10-2016 18:00 − Montag 17-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
pseudoDarkleech Rig EK
Since Monday 2016-10-03, the pseudoDarkleech campaign has been using Rig exploit kit (EK) to distribute Cerber ransomware." /> Shown above: An infection chain of events. Let" /> Shown above:" /> Shown above: UDP traffic seen ..
https://isc.sans.edu/diary.html?storyid=21595
Sierra Wireless Mitigations Against Mirai Malware
NCCIC/ICS-CERT received a technical bulletin from the Sierra Wireless company, outlining mitigations to secure Airlink Cellular Gateway devices affected by (or at risk of) the “Mirai” malware. While the Sierra Wireless ..
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-286-01
Vuln: Magento CMS Multiple Cross-Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/93576
Vuln: Magento CMS Flash File Uploader Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/93575
Vuln: PHP password_verify() Function Out-of-Bounds Read Denial of Service Vulnerability
http://www.securityfocus.com/bid/93578
Maldoc VBA Anti-Analysis
I was asked for help with the analysis of sample 7c9505f2c041ba588bed854258344c43. Turns out this malicious Word document has some anti-analysis tricks (here is an older diary entry with other anti-analysis tricks). Here is the analysis with oledump.py: Stream 8 contains VBA ..
https://isc.sans.edu/diary.html?storyid=21599
Symantec observed a surge of spam emails using malicious WSF files
Symantec observed a significant increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments. Experts from Symantec are observing a significant increase in the number of email-based ..
http://securityaffairs.co/wordpress/52341/cyber-crime/spam-wsf-files.html
Analyzing Office Maldocs With Decoder.xls, (Sun, Oct 16th)
In my last diary entry, I show how to decode VBA maldoc strings with Excel. A similar technique can be used to decode a payload (like shellcode). I explain ..
https://isc.sans.edu/diary.html?storyid=21601
Outlook-on-Android alternative Nine leaked Exchange Server creds
Patches slung to fix popular third-party email app Staff logging into Exchange Server through a popular app could have placed their enterprise credentials at risk through a since-closed vulnerability.
www.theregister.co.uk/2016/10/17/outlook_app_slapped_in_maninthemiddle_diddle/
VMSA-2016-0016
https://www.vmware.com/security/advisories/VMSA-2016-0016.html
IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director (CVE-2016-0264, CVE-2016-3426)
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version ..
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024427
No More Ransom adds law enforcement partners from 13 new countries
Intel Security and Kaspersky Labs today announced that 13 law enforcement agencies have joined No More Ransom, a partnership between cybersecurity industry and law enforcement organizations to provide ransomware victims education and decryption tools through www.nomoreransom.org. Intel ..
https://blogs.mcafee.com/mcafee-labs/no-ransom-adds-law-enforcement-partners-13-new-countries/