Tageszusammenfassung - Mittwoch 23-11-2016

End-of-Shift report

Timeframe: Dienstag 22-11-2016 18:00 − Mittwoch 23-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a

The November 2016 issue of our SWITCH Security Report is available!

The topics covered in this report are: * IT security researchers reveal vulnerabilities in photoTAN procedure for mobile banking * DDoS attack via IoT botnet shuts down parts of Internet * Triple record: Yahoo loses half a billion customers’ details, more trust than ever and USD 1 billion from its acquisition price

https://securityblog.switch.ch/2016/11/23/the-november-2016-issue-of-our-switch-security-report-is-available/

Securing Drupal with ModSecurity and the Core Rule Set (CRS3)

Here is a guide aimed at the Drupal community to learn how to work with ModSecurity. OWASP ModSecurity Core Rule Set is a horrible name for a project, that's why we speak of CRS3. This is a security project and for those not familiar with the CRS, I will first give a brief intro first.

https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-the-core-rule-set-crs3/

DomainTools 101: How to Spot Phishy Domains on Cyber Monday

Just as the Grumeti River in Tanzania harbors dangerous crocodiles just below its surface, a Phishing email usually contains malicious domains waiting for you to click. I read a great article by Bleeping Computer about finding some Google domains that were spoofed using what is known as small caps. This piqued my curiosity ...

https://blog.domaintools.com/2016/11/domaintools-101-how-to-spot-phishy-domains-on-cyber-monday/

[DSA 3722-1] vim security update

CVE ID : CVE-2016-1248 Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the filetype, syntax and keymap options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

https://lists.debian.org/debian-security-announce/2016/msg00305.html

Mapping Attack Methodology to Controls, (Wed, Nov 23rd)

Recently weve seen lots of malicious documents make it through our first protection layers. (https://www.virustotal.com/en/file/79ff976c5ca6025f3bb90ddfa7298286217c21309c897e6b530603d48dea0369/analysis/) . In the last week, these emails have a word document that spawns a command shell that kicks off a PowerShell script. When working incidents, it is important to map out the attacker lifecycle to determine where to improve your defenses.

https://isc.sans.edu/diary.html?storyid=21749&rss

Telegram API ransomware wrecked three weeks after launch

Crypto so bad that getting around it is shooting fish in a barrel Ransomware scum abusing the protocol of the popular Telegram encrypted chat app have been wrecked and their malware ransom system decrypted.

http://go.theregister.com/feed/www.theregister.co.uk/2016/11/23/owned_telegram_api_ransomware_wrecked_three_weeks_after_launch/

Vuln: TP-LINK TL-WA5210G Buffer Overflow and Information Disclosure Vulnerabilities

http://www.securityfocus.com/bid/94481

Pentest-Report cURL 08.2016 [PDF]

This report documents findings of a source code audit dedicated to assessing the cURL software. The assessment of the tool was performed by Cure53 as part of the Mozilla's Secure Open Source track program. The results of the project encompass twenty-three security-relevant discoveries.

https://wiki.mozilla.org/images/a/aa/Curl-report.pdf

Acunetix 10.0 DLL Hijacking

Topic: Acunetix 10.0 DLL Hijacking Risk: Medium Text:Title: Acunetix 10 Multi DLL Hajacking Application: Acunetix Versions Affected: 10.0 Vendor URL: http://www.acunetix.com Di...

https://cxsecurity.com/issue/WLB-2016110196

Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-16-308-02 Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 3, 2016, on the NCCIC/ICS-CERT web site. This advisory contains mitigation details for resource consumption vulnerabilities affecting Schneider Electric's Magelis human-machine interface products.

https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02