End-of-Shift report
Timeframe: Donnerstag 04-02-2016 18:00 − Freitag 05-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
WP-Invoice <= 4.1.0 - Multiple Vulnerabilities
https://wpvulndb.com/vulnerabilities/8378
User Meta Manager <= 3.4.6 - Authenticated Blind SQL Injection
https://wpvulndb.com/vulnerabilities/8380
User Meta Manager <= 3.4.6 - Privilege Escalation
https://wpvulndb.com/vulnerabilities/8379
Racing MIDI messages in Chrome
This is a guest blog post by Oliver Chang from the Chrome Security team.This post is about an exceptionally bad use after free bug in Chrome's browser process that affected Linux, Chrome OS and OS X. What makes this bug interesting is the fact that it could be directly triggered from the web without ..
http://googleprojectzero.blogspot.com/2016/02/racing-midi-messages-in-chrome.html
DSA-3466 krb5 - security update
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following ..
https://www.debian.org/security/2016/dsa-3466
Neutrino Exploit Kit Not Responding - Bug or Feature?
A couple of weeks ago we were looking at some exploit kits in one of our lab environments and noticed a decline in the number of Neutrino instances were seeing. This sent us on yet another journey to investigate Neutrino ..
http://trustwave.com/Resources/SpiderLabs-Blog/Neutrino-Exploit-Kit-Not-Responding-%e2%80%93-Bug-or-Feature-/
Chrome picks up bonus security features on Windows 10
The Windows 10 November update (version 1511, build 10586) included a handful of new security features to provide protection against some security issues that have kept on popping up in Windows for a number of years. Google yesterday added source ..
http://arstechnica.com/information-technology/2016/02/chrome-picks-up-bonus-security-features-on-windows-10/
A trip through the spam filters: more malspam with zip attachments containing .js files
I was discussing malicious spam (malspam) with a fellow security professional earlier this week. He was examining malspam with zip attachments containing .js files. This is something Ive covered previously in ISC ..
https://isc.sans.edu/diary.html?storyid=20697
Verschlüsselungs-Trojaner TeslaCrypt 2 geknackt; Kriminelle rüsten nach
Opfer des berüchtigten Verschlüsselungs-Trojaners TeslaCrypt können aufatmen: Das kostenlose Tool TeslaDecoder kann zumindest die Dateien der Version 2 entschlüsseln. Doch die Betrüger schlafen nicht: Aktuell kursiert schon Version 3.
http://heise.de/-3092667
Eset NOD32 Antivirus 9 gefährdet https-Verschlüsselung
Eset NOD32 Antivirus 9 installiert einen SSL-Filter, der sich in die Verschlüsselung einklinkt. Wie heise Security entdeckte, akzeptiert er dabei unter Umständen gefälschte Zertifikate; ein Update des Herstellers beseitigt den Fehler.
http://heise.de/-3095024
Dridex: Botnet verteilt Virenscanner
Gelingt es Cyberkriminellen, ihre Malware auf fremden Rechnern einzuschleusen, nutzen sie dies mitunter aus, um sie zum Teil eines Botnets zu machen. Über ihre Server steuern sie die kompromittierten Computer und nutzen ihre ..
http://derstandard.at/2000030450321
The Malware Museum @ Internet Archive
Here's what submitting a virus sample looked like back in the days of 5" floppy disks. And now you can see classic viruses in action at The Malware Museum. Do you feel like emulating old malware inside a MS-DOS Virtual Machine inside ..
https://labsblog.f-secure.com/2016/02/05/the-malware-museum-internet-archive/
Positive Research Center
In December 2015, I found a critical vulnerability in one of PayPal business websites (manager.paypal.com). It allowed me to execute arbitrary shell commands on PayPal web servers via unsafe Java object deserialization and to access production databases. I immediately reported this bug to PayPal security team, and it was fixed promptly.
http://blog.ptsecurity.com/2016/02/paypal-remote-code-execution.html