End-of-Shift report
Timeframe: Donnerstag 10-03-2016 18:00 − Freitag 11-03-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Locky Ransomware Spreading in Massive Spam Attack
Researchers are tracking a massive spam campaign pelting inboxes with Locky ransomware downloaders in the form of JavaScript attachments.
http://threatpost.com/locky-ransomware-spreading-in-massive-spam-attack/116727/
Deinstallieren oder Aktualisieren: Adobe verteilt Notfall-Update für Flash
Es kommt nicht überraschend: Adobe veröffentlicht wieder ein Notfall-Update für den Flash-Player. Wer ihn nicht bereits deinstalliert hat, sollte das Update installieren. Auch die Digital Editions und der Adobe Reader werden versorgt.
http://www.golem.de/news/deinstallieren-oder-aktualisieren-adobe-rollt-notfall-update-fuer-flash-aus-1603-119691-rss.html
Security Afterworks Spezial: Secure your Enterprise - Innovative Microsoft-Security-Lösungen im Enterprise- & Mobility-Umfeld
April 18, 2016 - 3:00 pm - 5:00 pm Microsoft Österreich Am Europlatz 3 Wien
https://www.sba-research.org/events/security-afterworks-spezial-secure-your-enterprise-innovative-microsoft-security-losungen-im-enterprise-mobility-umfeld/
Files compromised by ransomware Trojan for OS X can be decrypted by Doctor Web
March 11, 2016 At the beginning of March, numerous mass media, websites, and blogs announced about the emergence of the first ever ransomware for Mac computers. Doctor Web specialists examined this malicious program, which was named Mac.Trojan.KeRanger.2, and they have developed a method that can help to decrypt files affected by this Trojan. Mac.Trojan.KeRanger.2 was first detected in a compromised version of the installer for a popular OS X torrent client that was distributed as a DMG file.
http://news.drweb.com/show/?i=9877&lng=en&c=9
Cerber Ransomware - New, But Mature
We take a look at Cerber, Ransomware named after the mythical multi-headed dog...Categories: Malware AnalysisTags: cerberransomware(Read more...)
https://blog.malwarebytes.org/intelligence/2016/03/cerber-ransomware-new-but-mature/
OpenSSH Security Advisory: x11fwd.adv
Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1).
http://www.openssh.com/txt/x11fwd.adv
Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr
Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability
This advisory contains mitigation details for a vulnerability caused by an Institute of Electrical and Electronics Engineers (IEEE) conformance issue involving improper frame padding in Schneider Electric's Telvent SAGE 2300 and 2400 remote terminal units.
https://ics-cert.us-cert.gov/advisories/ICSA-16-070-01
VU#270232: Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability
Vulnerability Note VU#270232 Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability Original Release date: 10 Mar 2016 | Last revised: 10 Mar 2016 Overview Quagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in bgpd with BGP peers enabled for VPNv4 that may leveraged to gain code execution. Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2342Quagga is a software routing suite that implements numerous routing protocols for...
http://www.kb.cert.org/vuls/id/270232
IBM Security Bulletins
IBM Security Bulletin: GNU C library (glibc) vulnerability affects Tivoli Provisioning Manager for OS deployment and Tivoli Provisioning Manager for Images (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=swg21978194
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM DataPower Gateways (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=swg21977460
IBM Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21978188
IBM Security Bulletin: A vulnerability in the GSKit component of IBM DataPower Gateways (CVE-2016-0201)
http://www.ibm.com/support/docview.wss?uid=swg21974969
IBM Security Bulletin: Vulnerabilities in the GSKit component of IBM DB2 LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421)
http://www.ibm.com/support/docview.wss?uid=swg21977787
IBM Security Bulletin: Cross-Site Scripting Vulnerability with the UML Vizualization tools
http://www.ibm.com/support/docview.wss?uid=swg21978003
Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM)(CVE-2015-3200)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099226
IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=swg21978471