Tageszusammenfassung - Montag 31-10-2016

End-of-Shift report

Timeframe: Freitag 28-10-2016 18:00 − Montag 31-10-2016 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter

Of course smart homes are targets for hackers

The Wirecutter, an in-depth comparative review site for various electrical and electronic devices, just published an opinion piece on whether users should be worried about security issues in IoT devices. The summary: avoid devices that dont require passwords (or dont force you to change a default and devices that want you to disable security, follow general network security best practices but otherwise dont worry - criminals arent likely to target you.This is terrible, irresponsible advice. Its

http://mjg59.dreamwidth.org/45483.html

Ensuring that ICS/SCADA isn't our next IoT nightmare

The DDoS chaos of the past month tells us that we need to work together to ensure future standards and reduce security risks

https://nakedsecurity.sophos.com/2016/10/28/ensuring-that-icsscada-isnt-our-next-iot-nightmare/

Volatility Bot: Automated Memory Analysis, (Sun, Oct 30th)

Few weeks ago Ive attended the SANS DFIR Summit in Prague, and one of the very interesting talks was from Martin Korman (@MartinKorman), who presented a new tool he developed: Volatility Bot. According to his description, Volatility Bot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. Not only does it automatically extract the executable...

https://isc.sans.edu/diary.html?storyid=21655&rss

Masque Attack Abuses iOS's Code Signing to Spoof Apps and Bypass Privacy Protection

First reported in 2014, Masque Attack allowed hackers to replace a genuine app from the App Store with a malformed, enterprise-signed app that had the same Bundle Identifier (Bundle ID). Apple subsequently patched the vulnerabilities (CVE-2015-3772 and CVE-2015-3725), but while it closed a door, scammers seemed to have opened a window. Haima's repackaged, adware-laden apps and its native helper application prove that App Store scammers are still at it.

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ffHuC_yu178/

DDOS-Attacke gegen Server legt Wiener TU-Informatiker lahm

Eine DDOS-Attacke gegen Server der Fachschaft Informatik der TU Wien hat zu Webseiten-Ausfällen geführt.

https://futurezone.at/digital-life/ddos-attacke-gegen-server-legt-wiener-tu-informatiker-lahm/228.263.954

Joomla websites attacked en masse using recently patched exploits

Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled. They were patched in Joomla 3.6.4, released Tuesday.Hackers didnt waste any time reverse engineering the patches to understand how the two vulnerabilities can be exploited to compromise websites,...

http://www.csoonline.com/article/3136933/security/joomla-websites-attacked-en-masse-using-recently-patched-exploits.html#tk.rss_applicationsecurity

CardComplete-Phishingmail: 3-D Secure Aktualisierung

In einer vermeintlichen CardComplete-Benachrichtigung heißt es, dass Kreditkarteninhaber/innen ihr 3-D Secure Verfahren aktualisieren müssen. Dazu sollen sie eine Website aufrufen und ihre persönlichen Kreditkarteninformationen bekannt geben. In Wahrheit stammt die E-Mail von Kriminellen, die damit sensible Daten stehlen.

https://www.watchlist-internet.at/phishing/cardcomplete-phishingmail-3-d-secure-aktualisierung/

"AtomBombing": Forscher warnen vor "unpatchbarer" Windows-Lücke

Angeblich alle Windows-Systeme betroffen - Gefahrenpotenzial allerdings unklar

http://derstandard.at/2000046630311

Cybercrime-Report 2015: Elf Prozent mehr Anzeigen in Österreich

Mehr Fälle bei Internetbetrug, Erpressung und Datenmissbrauch

http://derstandard.at/2000046762022

The Week in Ransomware - October 28 2016 - Locky, Angry Duck, and More!

Lots and lots of little ransomware and in-dev variants released this week. Of particular note is the quick release of two Locky variants that used .sh*t and then a day later the .thor extension for encrypted files.

http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/

Security Advisory: OpenSSL vulnerability CVE-2016-2181

https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59298921.html?ref=rss

Vuln: Moodle CVE-2016-7919 Information Disclosure Vulnerability

http://www.securityfocus.com/bid/93971

GNU tar 1.29 Extract Pathname Bypass

Topic: GNU tar 1.29 Extract Pathname Bypass Risk: Low Text: - t216 special vulnerability release -- Vulnerability: POINTYFEATHER aka Tar extract pathname bypass ...

https://cxsecurity.com/issue/WLB-2016100254

About the security content of iOS 10.1.1

This document describes the security content of iOS 10.1.1.

https://support.apple.com/en-us/HT207287

Vulnerabilities in InfraPower PPS-02-S Q213V1

InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5375.php

InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5374.php

InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5373.php