End-of-Shift report
Timeframe: Freitag 12-02-2016 18:00 − Montag 15-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
A Look Behind The Skype Malvertising Campaign
As reported by F-Secure, a recent malvertising campaign has been hitting several top publishers to push the Angler exploit kit and install the TeslaCrypt ransomware, according to the Finnish company. Some of these infections happened via Skype, which displays ad banners within its product.
https://blog.malwarebytes.org/malvertising-2/2016/02/a-look-behind-the-skype-malvertising-campaign/
Fake SUPEE-5344 Patch Steals Payment Details
In case you don't know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to vulnerable Magento sites. While the patch was released February 2015 many sites unfortunately did ..
https://blog.sucuri.net/2016/02/fake-supee-5344-patch-steals-payment-details.html
VMware VMSA-2015-0007.3 has been Re-released, (Sat, Feb 13th)
VMware has re-issue VMSA-2015-0007.3 today after they found an earlier fix for CVE-2016-2342 was incomplete. Affected ESXi versions are: 5.0, 5.1 and 5.5. Advisory can be ..
https://isc.sans.edu/diary.html?storyid=20727
Critical Fixes Issued for Windows, Java, Flash
Microsoft Windows users and those with Adobe Flash Player or Java installed, its time to update again! Microsoft released 13 updates to address some three dozen unique security vulnerabilities. Adobe issued security updates for its Flash Player software that plugs at least 22 security holes in the widely-used browser plugin. Meanwhile, Oracle issued an unscheduled security fix for Java, its second security update for Java in as many weeks.
http://krebsonsecurity.com/2016/02/criticial-fixes-issued-for-windows-java-flash/
Verschlüsselungs-Trojaner: mp3-Variante von TeslaCrypt
Leser gaben der Redaktion Hinweise auf verschlüsselte Dateien mit der Endung .mp3. Die scheint eine neue Variante des Verschlüsselungs-Trojaners TeslaCrypt zu erzeugen.
http://heise.de/-3101992
DSA-3477 iceweasel - security update
Holger Fuhrmannek discovered that missing input sanitising in theGraphite font rendering engine could result in the execution of arbitrarycode.
https://www.debian.org/security/2016/dsa-3477
Nigerianischer Astronaut im All verloren: Spam begeistert Netz
Nutzer können angeblich ein Investment von drei Millionen Dollar verdoppeln
http://derstandard.at/2000031110981
IT-Sicherheit: Immer mehr komplexe Angriffe auf Firmen
Neuer Cybersicherheits-Bericht zeigt erhöhte Gefahrenlage im Internet
http://derstandard.at/2000031119634
Mazar Bot Actively Targeting Android Devices
Researchers at Heimdal Security report public attacks against Android devices using the Mazar bot, which was advertised months ago in a Russian cybercrime forum.
http://threatpost.com/mazar-bot-actively-targeting-android-devices/116240/
Update auf Version 1.17: Veracrypt soll jetzt doppelt so schnell sein
Veracrypt ist einer der beliebtesten Nachfolger des eingestellten Truecrypt - ein Update bringt jetzt neue Funktionen. Ausserdem soll das Laden von Containern deutlich schneller vonstattengehen - bislang einer der grössten Kritikpunkte ..
http://www.golem.de/news/update-auf-version-1-17-veracrypt-soll-jetzt-doppelt-so-schnell-sein-1602-119143.html
Virus legte Krankenhaus in Deutschland lahm
"Befunde mussten persönlich, per Telefon oder Fax übermittelt werden"
http://derstandard.at/2000031136914
[R1] Nessus < 6.5.5 Multiple Vulnerabilities
http://www.tenable.com/security/tns-2016-02
Reflecting on Recent iOS and Android Security Updates
The last thirty days proven to be yet another exciting time for the mobile security ecosystem. Apple and Google released updates for their respective mobile operating systems that fix several critical issues - including some in the kernel that may be exploited remotely.
https://blog.zimperium.com/reflecting-on-recent-ios-and-android-security-updates/