End-of-Shift report
Timeframe: Montag 14-03-2016 18:00 − Dienstag 15-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Typosquatters Target Mac Users With New '.om' Domain Scam
http://threatpost.com/typosquatters-target-apple-mac-users-with-new-om-domain-scam/116768/
Juniper: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
On March 1, 2016, a cross-protocol attack was announced by OpenSSL that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800).
http://kb.juniper.net/InfoCenter/index/content&id=JSA10722
Citrix XenApp and XenDesktop Hardening Guidance
https://www.fireeye.com/blog/threat-research/2016/03/citrix_xenapp_andxe.html
Complete Tour of PE and ELF: Part 2
We covered some important sections in Part 1 of this series. In this part, we will cover some more complex data structures covering some important concepts of binaries. Here is what we are looking at: If you can recall in Optional header, ..
http://resources.infosecinstitute.com/complete-tour-of-pe-and-elf-part-2/
Adrian Dabrowski @ Troopers TelcoSecDay 2016
Today Adrian Dabrowski gives his talk 'Towards Carrier Based IMSI Catcher Detection' at the TelcoSecDay 2016. Abstract: In this presentation we discuss multiple detection capabilities of IMSI Catchers (aka Stingray) from the network ..
https://www.sba-research.org/2016/03/15/adrian-dabrowski-troopers-telcosecday-2016/
How broken is SHA-1 really?
SHA-1 collisions may be found in the next few months, but that doesnt mean that fake SHA-1-based certificates will be created in the near future. Nevertheless, it is time for everyone, and those working in security in particular, to move away from outdated hash functions. Read more
https://www.virusbulletin.com/blog/2016/march-2016/how-broken-sha-1-really/
BSI-Leitfaden zum Umgang mit Erpressungs-Trojanern
Das BSI informiert in einem knappen Leitfaden Behörden und Unternehmen über die Bedrohung durch Krypto-Trojaner und wie man sich im Ernstfall verhalten sollte.
http://heise.de/-3135866
From Stolen Wallet to ID Theft, Wrongful Arrest
Its remarkable how quickly a stolen purse or wallet can morph into full-blow identity theft, and possibly even result in the victims wrongful arrest. All of the above was visited recently on a fellow infosec professional whose admitted lapse in physical security lead to a mistaken early morning arrest in front of his kids.
http://krebsonsecurity.com/2016/03/from-stolen-wallet-to-id-theft-wrongful-arrest/