End-of-Shift report
Timeframe: Montag 22-02-2016 18:00 − Dienstag 23-02-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
CVE-2016-0034 (Silverlight up to 5.1.41105.0) and Exploit Kits
http://malware.dontneedcoffee.com/2016/02/cve-2016-0034.html
Incident Handling with Docker Containers
Honestly, I never really played with Docker but - For a few weeks, I succumbed to the temptation of playing with Docker thanks to a friend who's putting everything in docker containers. If you still don't know Docker, here is a very brief ..
https://blog.rootshell.be/2016/02/22/incident-handling-docker-to-the-rescue/
Is DNSSEC causing more problems than it solves?
New paper points to security protocol as vector for DDoS attacks The complex security protocol for the domain name system - DNSSEC - has another black mark against it: it is being used as a way to carry out denial-of-service (DDoS) ..
www.theregister.co.uk/2016/02/23/dnssec_more_problem_than_solution/
Ecommerce fraud surges 163%
The worst fears of online retailers has been confirmed with data just released today: in 2015, the number of attacks by fraudsters was up 163 percent - growing two and a half times in a mere three-quartered period. This data is part of the newly ..
https://www.helpnetsecurity.com/2016/02/23/ecommerce-fraud-surges-163/
Betrüger stahlen Grazer Unternehmen online 147.000 Euro
Unbekannte brachen in das Firmennetz ein und überwiesen den Betrag auf ein polnisches Konto. Das Geld ist verloren.
http://futurezone.at/b2b/betrueger-stahlen-grazer-unternehmen-online-147-000-euro/182.744.600
90% of SSL VPNs use insecure or outdated encryption, putting your data at risk
Have you ever thought how secure and reliable your SSL VPN? Probably you should.
https://www.htbridge.com/blog/90-percent-of-ssl-vpns-use-insecure-or-outdated-encryption.html
Mobile malware evolution 2015
As the functionality of mobile devices and mobile services grows, the appetite of cybercriminals who profit from mobile malware will grow too. Malware authors will continue to improve their creations, develop new technologies and look for new ways of spreading mobile malware. Their main aim is to make money.
http://securelist.com/analysis/kaspersky-security-bulletin/73839/mobile-malware-evolution-2015/
Hackers arent so interested in your credit card data these days. Thats bad news
World governments now primary sources of breaches Healthcare and government have overtaken the retail sector as most-targeted for data breaches, according to security firm ..
www.theregister.co.uk/2016/02/23/breach_trends_gemalto/
Sicherheitsforscher: Gefahr durch Android-Banking-Trojaner größer denn je
Kaspersky sieht in einem Android-Trojaner "eine der größten Gefahren, die wir derzeit kennen“, während Sicherheitsexperten von IBM davon berichten, dass der Quellcode eines bekannten Trojaners veröffentlicht wurde. Ein Tutorial läd zum Ausprobieren ein
http://heise.de/-3115424
Two Charts That Demonstrate One Of Android's Big Security Problems
Applying the most recent security updates to your device's operating system is a best practice security fundamental. If you're not running the latest version of an OS, you're opening ..
https://labsblog.f-secure.com/2016/02/23/two-charts-that-demonstrate-one-of-androids-big-security-problems/
Flaws in Wireless Mice and Keyboards Let Hackers Type on Your PC
Security researchers "mousejacking" attack exploits vulnerable wireless devices to type on a target PC from a hundred yards away.
http://www.wired.com/2016/02/flaws-in-wireless-mice-and-keyboards-let-hackers-type-on-your-pc/
Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000
PowerPoint and Custom Actions
We've recently observed a Phishing attack which uses PowerPoint Custom Actions instead of macros to execute a malicious payload. Although using PowerPoint attachments is not new, these types of attacks are interesting as they generally bypass controls that assert on macro enabled Office attachments.
http://phishme.com/powerpoint-and-custom-actions/
TYPO3 CMS 6.2.19 and 7.6.4 released
https://typo3.org/news/article/typo3-cms-6219-and-764-released/