End-of-Shift report
Timeframe: Mittwoch 17-02-2016 18:00 − Donnerstag 18-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
WordPress Sites Leveraged in Layer 7 DDoS Campaigns
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back on March 2014. The problem, as previously described,was that any WordPress website with the pingback feature enabled (which is on by default) could ..
https://blog.sucuri.net/2016/02/wordpress-sites-leveraged-in-ddos-campaigns.html
Angler exploit kit generated by "admedia" gates, (Thu, Feb 18th)
On 2016-02-01, the Sucuri blog reported a spike in compromised WordPress sites generating hidden iframes with malicious URLs [1]. By 2016-02-02, I started seeing exploit kit (EK) traffic related to this campaign [2]. Sucuri noted that admedia was a common string used in malicious URLs generated by ..
https://isc.sans.edu/diary.html?storyid=20741
SimpliSafe home alarms transmit PIN unlock codes in the clear - ideal for lurking burglars
How to break into hundreds of thousands of homes in America Pics and vid If youve got a SimpliSafe wireless home alarm system, as hundreds of thousands of homes in the US apparently do, then its time to buy a new alarm system because yours is screwed.
www.theregister.co.uk/2016/02/17/simplisafe_wireless_home_alarm_system_cracked/
Nodejs - Access bypass - Moderately Critical -- DRUPAL-SA-CONTRIB-2016-007
The module doesn't disconnect unauthenticated sockets, allowing those sockets to receive broadcast messages. For sites that only serve authenticated pages, or only allows Node.js connections from authenticated users, the expectation is that only authenticated Drupal users will see broadcast messages.
https://www.drupal.org/node/2670636
Commerce Authorize.Net SIM/DPM Payment Methods - Access Bypass - DRUPAL-SA-CONTRIB-2016-006
The module doesn't sufficiently protect against the premature triggering of order completion without successful payment by the manual entry of a specially-constructed URL which contains the correct payment redirect key.
https://www.drupal.org/node/2670632
Instagram rolls out two factor authentication
But SMS still a mess. Hipsters and selfie-lovers will enjoy extra security after Instagram added two-factor authentication to its service.
www.theregister.co.uk/2016/02/18/instagram_rolls_out_two_factor_authentication/
Funkregulierung: TP-Link muss WLAN-Firmware sperren
TP-Link sperrt die Firmware aller WLAN-Geräte. Andere Hersteller tun es wohl auch. Damit können User ihre Geräte nicht mehr warten. Das bewirkt die neue Funkregulierung auf beiden Seiten des Atlantik.
http://heise.de/-3109847
Gerichtlich angeordnete iPhone-Entsperrung: Google-Chef unterstützt Widerstand des Apple-Chefs
Google-Chef Sundar Pichai meint so wie Apple-Chef Tim Cook, falls sich das FBI durchsetze, dass Apple beim Entsperren eines iPhone zu helfen habe, werde ein riskanter Präzedenzfall geschaffen.
http://heise.de/-3109864
These were the Top 10 Android Threats in 2015 - Plus, What to Expect in 2016
Mobile World Congress is next week and F-Secure is jazzed to be participating again - it promises to be another awesome expo. But while the tech world buzzes about which devices will be unveiled by the top handset makers, leave it to us to interrupt the conversation to remind you about security ..
http://safeandsavvy.f-secure.com/2016/02/18/these-were-the-top-10-android-threats-in-2015-plus-what-to-expect-in-2016/
DSA-3482 libreoffice - security update
An anonymous contributor working with VeriSign iDefense Labsdiscovered that libreoffice, a full-featured office productivitysuite, did not correctly handle Lotus WordPro files. This would enablean attacker to crash the program, or execute arbitrary code, bysupplying a specially crafted ..
https://www.debian.org/security/2016/dsa-3482
Ransomware: US-Krankenhaus zahlt 40 Bitcoins Lösegeld
Bitcoins im Wert von 15.000 Euro blätterte ein Krankenhaus in Los Angeles hin, um seine von einem Erpressungstrojaner verschlüsselten Daten wieder freizukriegen. Das sei der schnellste Weg gewesen, sagte der Krankenhaus-Chef.
http://heise.de/-3109956
VB2015 paper: Will Android Trojans, Worms or Rootkits Survive in SEAndroid and Containerization?
Sophos researchers Rowland Yu and William Lee look at whether recent security enhancements to Android, such as SEAndroid and containerization, will be enough to defeat future malware threats.
https://www.virusbulletin.com/blog/2016/02/vb2015-paper-will-android-trojans-worms-or-rootkits-survive-seandroid-and-containerization/
A Letter to the Insiders - Think Twice
Insider threats come in many forms, from the unwitting to the negligent, and even the downright malicious. For those who may be unwillingly co-opted into cybercrime, either by subterfuge or coercion, we can provide education, technical measures, policies and processes that limit the risk. But what can ..
https://blog.team-cymru.org/2016/02/a-letter-to-the-insiders-think-twice/
New Ransomware PadCrypt: The first with Live Chat Support
A new ransomware has been discovered and what sets apart this variant from the rest is its implementation of a chat interface embedded into the product. That link for 'Live Chat' will prompt...read moreThe post New Ransomware PadCrypt: The first with Live Chat Support appeared first on Webroot Threat Blog.
http://www.webroot.com/blog/2016/02/18/new-ransomware-padcrypt-first-live-chat-support/