End-of-Shift report
Timeframe: Montag 01-02-2016 18:00 − Dienstag 02-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Cyberangriff auf A1 verursacht Ausfall des mobilen Netzes
Attacken seit Samstag - Zeitpunkt der Fehlerbehebung noch nicht in Sicht
http://derstandard.at/2000030190051
red|blue: A Soft-ish Introduction to Malware Analysis for Incident Responders
One of my resolutions for the New Year is to spend more time conducting behavioral and static analysis of malicious PE files. I recently spent time watching some of the Cybrary Malware Reverse Engineering material and wanted to document my efforts here and share my notes and additional thoughts with you.
http://www.redblue.team/2016/02/a-soft-introduction-to-malware-analysis.html
Malwarebytes Anti-Malware Vulnerability Disclosure
In early November, a well-known and respected security researcher by the name of Tavis Ormandy alerted us to several security vulnerabilities in the consumer version of Malwarebytes Anti-Malware. Within days, we were able to fix several of the vulnerabilities server-side and are now internally ..
https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/
Massive Admedia/Adverting iFrame Infection
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing features of this malware are: 32 hex digit comments at the beginning and end of the malicious ..
https://blog.sucuri.net/2016/02/massive-admedia-iframe-javascript-infection.html
Google plugs Android vulns
Happy days if you own a Nexus Five "critical," four "high" severity and one merely "moderate" bug make up the menu of Android security patches, which are now available for Nexus devices and ..
www.theregister.co.uk/2016/02/02/google_plugs_android_vulns/
Autonics DAQMaster 1.7.3 DQP Parsing Buffer Overflow Code Execution
The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .DQP project file with a large array of bytes inserted in the Description element. Successful exploitation could allow execution of arbitrary code on the affected machine.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5302.php
Austrian Mobile Phone Signature is vulnerable against phishing and MitM attacks
Talking with various people about the Two Factor Authentication (2FA) which is used in Austria to access public services led to my impression that most people think that the system is really secure. While it is more secure than a simple user/password combination its by far not that secure. In this ..
http://robert.penz.name/1224/austrian-mobile-phone-signature-is-vulnerable-against-phishing-and-mitm-attack/
Aktuelle Spamwelle (Dridex)
In den letzten Tagen gibt es vermehrt Berichte darüber, dass die Malware Dridex nach einer kurzen Winterpause wieder verstärkt aktiv ist.
http://www.cert.at/services/blog/20160202110607-1661.html
Cyberbetrug bei FACC: Aktionäre fordern Konsequenzen
Rasinger: "Das schließt auch personelle Konsequenzen mit ein" – Zeitung: Ablöse von Finanzchefin zu erwarten
http://derstandard.at/2000030230502-375
Apache verpetzt möglicherweise Tor Hidden Services
In seiner Standard-Konfiguration liefert der beliebte Web-Server-Dienst Informationen, die die Anonymitäts-Versprechen eines Tor Hidden Services gefährden. Diese anonymen Tor-Dienste sind der Kern des oft zitierten "Dark Net".
http://heise.de/-3090218
Crash Safari Follow-Up
It's been a week since short links to crashsafari.com went viral, and Google has finally killed the most prevalent link (goo.gl/78uQHK). More than three-quarters of a million clicks were made before the short link was disabled for violating ..
https://labsblog.f-secure.com/2016/02/02/crash-safari-follow-up/
A1 kämpft seit Samstag gegen Hackerangriffe
Ausfälle nach DDoS-Attacken zuerst im mobilen Netz, danach im Festnetz-Internet
http://derstandard.at/2000030190051
Targeted IPv6 Scans Using pool.ntp.org
IPv6 poses a problem for systems like Shodan, who try to enumerate vulnerabilities Internet-wide. Tools like zmap can scan the IPv4 internet in minutes (or maybe hours), but for IPv6, the same approach will still fail. The smallest IPv6 subnet is a /64, or 18.4 Quintillion addresses. A tool like zmap would ..
https://isc.sans.edu/diary.html?storyid=20681
Socat Warns Weak Prime Number Could Mean It's Backdoored
Socat published a security advisory warning users that a hard-coded 1024 Diffie-Hellman prime number was not prime, and that an attacker could listen and recover secrets from a key exchange.
http://threatpost.com/socat-warns-weak-prime-number-could-mean-its-backdoored/116104/
VU#719736: Fisher-Price Smart Toy platform allows some unauthenticated web API commands
The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things (IoT) toy. The device utilizes network connectivity to provide more interactivity with children.
http://www.kb.cert.org/vuls/id/719736
Top Exploit Kits Round Up January Edition
A look at the top exploit kits.Categories: ExploitKits(Read more...)
https://blog.malwarebytes.org/exploitkits/2016/02/top-exploit-kits-round-up-january-edition/
MailPoet Newsletters <= 2.6.19 - Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8373
Hacker wollen bei Nasa eingebrochen sein, um Chemtrails zu beweisen
Gruppierung "Anonsec" will 250 GB an Daten erbeutet und Kontrolle über eine Drohne übernommen haben
http://derstandard.at/2000030242744