End-of-Shift report
Timeframe: Donnerstag 22-12-2016 18:00 − Freitag 23-12-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Litauen entdeckt russische Spionage-Software auf Regierungsrechnern
Schadsoftware wurde offenbar mittels infizierter USB-Sticks auf die Computer eingebracht
http://derstandard.at/2000049749836
So somebody is throwing HTML at your sshd. What to do?
Yes, its exactly as wrong as it sounds. Heres a distraction with bizarre twists for the true log file junkies among you. Happy reading for the holidays!As will probably not surprise ..
http://bsdly.blogspot.com/2016/12/so-somebody-is-throwing-html-at-your.html
Cerber Ransomware Doesnt Delete Shadow Volume Copies Anymore, Prioritizes Office Docs
Recent versions of the Cerber ransomware are behaving somewhat different from older variants, with the ransomware ..
https://www.bleepingcomputer.com/news/security/cerber-ransomware-doesnt-delete-shadow-volume-copies-anymore-prioritizes-office-docs/
Before You Pay that Ransomware Demand…
A decade ago, if a desktop computer got infected with malware the chief symptom probably was an intrusive browser toolbar of some kind. Five years ago you were more likely to whacked ..
https://krebsonsecurity.com/2016/12/before-you-pay-that-ransomware-demand/
Steganalysis, the Counterpart of Steganography
In my last blog post I discussed the art of embedding secret messages in any file so that only the sender and the receiver ..
https://www.trustwave.com/Resources/SpiderLabs-Blog/Steganalysis,-the-Counterpart-of-Steganography/
New Guide to Fixing Google Blacklist Warnings
One of the worst experiences a website owner can have is being blacklisted by Google. If you are one of the 10,000 websites that has been slapped with a ..
https://blog.sucuri.net/2016/12/guide-to-fix-site-warnings.html
Fidelix FX-20 Series Controllers Path Traversal Vulnerability
This advisory contains mitigation details for a path traversal vulnerability in Fidelix FX-20 series controllers.
https://ics-cert.us-cert.gov/advisories/ICSA-16-357-01
WAGO Ethernet Web-based Management Authentication Bypass Vulnerability
This advisory contains mitigation details for an authentication bypass vulnerability in WAGO’s Ethernet Web-based Management products.
https://ics-cert.us-cert.gov/advisories/ICSA-16-357-02
Your password expiry policy may have reached its expiry date
In cyber security as much as anywhere else, its important to use the right tools for the job at hand. However, sometimes we can get a bit too attached to particular tools, ..
https://www.ncsc.gov.uk/blog-post/your-password-expiry-policy-may-have-reached-its-expiry-date
As Bitcoin Price Surges, Phishing Attacks on Cryptocurrency Wallets Intensify
Bitcoin price surge reverberates through cybercriminal landscape, as cyber-criminals ramp up phishing attacks ..
https://www.bleepingcomputer.com/news/security/as-bitcoin-price-surges-phishing-attacks-on-cryptocurrency-wallets-intensify/
Using Monitor Resolution as Obfuscation Technique
A quick blog post about a malicious VBScript macro that I analysed. Bad guys have always plenty of ..
https://blog.rootshell.be/2016/12/23/using-monitor-resolution-obfuscation-technique/
Keine Belege für geplante russische Cyberangriffe auf die Bundestagswahl
http://derstandard.at/2000049777463
Drastische Warnungen vor dem "Internet der Dildos"
Neue Gruppe will auf Gefahren durch smarte Sexspielzeuge aufmerksam machen
http://derstandard.at/2000049785388
Alle Jahre wieder: Netgear-Router N300 / WNR2000 angreifbar
Eine Zero-Day-Lücke plagt mal wieder Router von Netgear. Das verwundbare Modell ist in der Vergangenheit auch schon Opfer gravierender Lücken geworden.
https://heise.de/-3581275
Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware
A new in-development variant of the Koolova Ransomware has been discovered that will decrypt your ..
https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-for-free-if-you-read-two-articles-about-ransomware/
Aufgrund des Feiertages am Montag, den 26.12.2016, erscheint der nächste End-of-Shift-Report erst am Dienstag, den 27.12.2016