End-of-Shift report
Timeframe: Mittwoch 09-03-2016 18:00 − Donnerstag 10-03-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
First Principles for Network Defenders: A Unified Theory for Security Practitioners
Great thinkers like Aristotle, Descartes and Elon Musk have said that, in order to solve really hard problems, you have to get back to first principles. First principles in a designated ..
http://researchcenter.paloaltonetworks.com/2016/03/first-principles-for-network-defenders-a-unified-theory-for-security-practitioners/
DSA-3509 rails - security update
Two vulnerabilities have been discovered in Rails, a web applicationframework written in Ruby. Both vulnerabilities affect Action Pack, whichhandles the web requests for Rails.
https://www.debian.org/security/2016/dsa-3509
Powershell Malware - No Hard drive, Just hard times, (Wed, Mar 9th)
ISC Reader Eric Volking submitted a very nice sample of some Powershell based malware. Lets take a look! The malware starts inthe traditional way, by launching itself with an ..
https://isc.sans.edu/diary.html?storyid=20823
Bugtraq: [CORE-2016-0004] - SAP Download Manager Password Weak Encryption
http://www.securityfocus.com/archive/1/537746
Bugtraq: [CORE-2016-0003] - Samsung SW Update Tool MiTM
http://www.securityfocus.com/archive/1/537750
DSA-3512 libotr - security update
Markus Vervier of X41 D-Sec GmbH discovered an integer overflowvulnerability in libotr, an off-the-record (OTR) messaging library, inthe way how the sizes of portions of incoming messages were stored. Aremote attacker can exploit this ..
https://www.debian.org/security/2016/dsa-3512
DSA-3511 bind9 - security update
https://www.debian.org/security/2016/dsa-3511
Security Advisory: BIND vulnerability CVE-2016-2088
https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59692558.html
Security Advisory: BIND vulnerability CVE-2016-1285
https://support.f5.com:443/kb/en-us/solutions/public/k/46/sol46264120.html
Security Advisory: BIND vulnerability CVE-2016-1286
https://support.f5.com:443/kb/en-us/solutions/public/k/62/sol62012529.html
Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015
When a PDF is uploaded in Scald File, various tools can be executed if theyre installed on the server, to try to generate a thumbnail out of that PDF.This is mitigated by the need to have the sufficient permissions to upload a file in Scald, ..
https://www.drupal.org/node/2684601
Ransomware: "Von Zahlungen ist abzuraten"
DDoS-Attacken, CEO-Frauds und Ransomware: Angriffe auf Firmen nehmen zu. Die futurezone hat den Sicherheitsexperten Michael Krausz dazu befragt.
http://futurezone.at/digital-life/ransomware-von-zahlungen-ist-abzuraten/184.023.865
Erpressungs-Trojaner: Time-Machine-Backups anfällig
Die Entwickler der OS-X-Ransomware KeRanger haben auch Time-Machine-Backups als Angriffsziel erwogen. Tatsächlich ist es möglich, selbst ohne Admin-Rechte Dokumente in der Datensicherung zu verändern.
http://heise.de/-3131762
TRUST 2016, organized by SBA Research
August 29, 2016 - August 30, 2016 - All Day Vienna University of Technology Gußhausstraße 27-29 Vienna
https://www.sba-research.org/events/trust-2016-organized-by-sba-research/
Kritische Lücke in Jabber-Verschlüsselung OTR
Das Protokoll Off-the-Record (OTR) und dessen Umsetzung galt als eigentlich als recht sicher. Doch jetzt entdeckten Forscher eine kritische Lücke, die es Angreifern erlaubt, eigenen Code einzuschleusen und auszuführen. Updates schließen das Loch.
http://heise.de/-3130396
PlugX malware: A good hacker is an apologetic hacker
Sometimes malware writers put messages in their malware. We found one such message in PlugX dropper. And it was pretty melodramatic ..
http://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is-an-apologetic-hacker/
[R4] OpenSSL 20160301 Advisory Affects Tenable Nessus
https://www.tenable.com/security/tns-2016-03
Apple Software Update 2.2
Impact: An attacker in a privileged network position may be able to control the contents of the updates window
https://support.apple.com/en-us/HT206091
Vulnerabilities in multiple third party TYPO3 CMS extensions
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to unsafe comparison of XSRF/CSRF token, multiple full path disclosure vulnerabilities, multiple XSS vulnerabilities, insecure password generation in JavaScript.
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-007/
Security: Drown gefährdet weiterhin zahlreiche Webdienste
Wie schnell patchen Serverbetreiber die Drown-Sicherheitslücke? Offenbar zu langsam, sagen mehrere Sicherheitsfirmen. Bei Heartbleed lief es deutlich besser.
http://www.golem.de/news/security-drown-gefaehrdet-weiterhin-zahlreiche-webdienste-1603-119682.html
Android mobile banking trojan uses layered defenses to avoid removal
Researchers at ESET have spotted a new Android banking trojan that camouflages itself as a legitimate mobile banking app, but instead of giving access to a persons bank account it steals login credentials.
http://www.scmagazine.com/android-mobile-banking-trojan-uses-layered-defenses-to-avoid-removal/article/482174/
Cisco Prime LAN Management Solution Default Decryption Key Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms
Security Updates Available for Adobe Flash Player (APSB16-08)
A Security Bulletin (APSB16-08) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using ..
https://blogs.adobe.com/psirt/?p=1327