End-of-Shift report
Timeframe: Mittwoch 24-02-2016 18:00 − Donnerstag 25-02-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Neue Virenwelle: Krypto-Trojaner Locky tarnt sich als Fax
Der gefährliche Erpressungs-Trojaner wird seit kurzem über Mails verbreitet, die vorgeben, dass der Empfänger ein Fax erhalten hat. Die Virenscanner können mit der aktuellen Locky-Fassung noch nicht viel anfangen.
http://heise.de/-3117249
Eavesdropping by the Foscam Security Camera
Brian Krebs has a really weird story about the build-in eavesdropping by the Chinese-made Foscam security camera: Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware.
https://www.schneier.com/blog/archives/2016/02/eavesdropping_b_1.html
Behind the Malware - Botnet Analysis
While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerability led to massive website compromises in 2015, was being leveraged again in an attempt to infect websites over a year since its initial disclosure. The original hack required sending an AJAX request containing the action revslider_ajax_action to ...
https://blog.sucuri.net/2016/02/behind-the-malware-botnet-analysis.html
Cisco FirePOWER Management Center Unauthenticated Information Disclosure Vulnerability
A vulnerability in the Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the Cisco FirePOWER Management Center software version from the device login page.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-fmc
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001
Advisory ID: SA-CORE-2016-001
Project: Drupal core
Version: 6.x, 7.x, 8.x
Date: 2016-February-24
Security risk: 15/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All
Vulnerability: Multiple vulnerabilities
https://www.drupal.org/SA-CORE-2016-001
OpenSSL kündigt Patches für Sicherheitslücken an
Administratoren, auf dessen Servern die beliebte Kryptobibliothek für SSL/TLS-Verbindungen zum Einsatz kommt, müssen am Dienstag wieder mal patchen.
http://heise.de/-3117855
Critical Vulnerabilities in Palo Alto Networks PAN-OS , (Thu, Feb 25th)
Yesterday, Palo Alto Networks released an update to PAN-OS, which addresses five different vulnerabilities [1]. The security researcher who identified the vulnerabilities will publish details about these issues at a conference on March 16th. You MUST patch affected systems before that date. Two of the vulnerabilities appear to be in particular dangerous, and affected devices should be patched immediately.
https://isc.sans.edu/diary.html?storyid=20767&rss
Malicious websites exploit Silverlight bug that can pwn Macs and Windows
Malicious websites are exploiting a recently fixed vulnerability in Microsoft's Silverlight application framework to perform drive-by malware attacks on vulnerable visitor devices, a security researcher has determined.
The critical code-execution vulnerability, which Microsoft patched last month, was actively exploited for two years in attack code owned by Italy-based exploit broker Hacking Team.
http://arstechnica.com/security/2016/02/malicious-websites-exploit-silverlight-bug-that-can-pwn-macs-and-windows/