End-of-Shift report
Timeframe: Donnerstag 17-03-2016 18:00 − Freitag 18-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Online Banking Threats in 2015: The Curious Case of DRIDEX's Prevalence
The thing about takedowns is that these do not necessarily wipe out the cybercriminal operations. In 2014, the ZeroAccess takedown has affected the botnet's click fraud operation, but its infections continued to soar. DRIDEX's ..
http://blog.trendmicro.com/trendlabs-security-intelligence/curious-case-dridexs-prevalence/
Mitre Takes On Critics, Set To Revamp CVE Vulnerability Reporting
Mitre Corporation will introduce a pilot program for classifying CVEs in response to critics who contend the agency is failing to keep pace with a massive influx CVE number requests.
http://threatpost.com/mitre-takes-on-critics-set-to-revamp-cve-vulnerability-reporting/116858/
Server Security: Indicators of Compromised Behavior with OSSEC
We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, rootkit detection, ..
https://blog.sucuri.net/2016/03/server-security-anomaly-behaviour-with-ossec.html
No mas, Samas: What's in this ransomware's modus operandi?
We've seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims' pockets in exchange for ..
https://blogs.technet.microsoft.com/mmpc/2016/03/17/no-mas-samas-whats-in-this-ransomwares-modus-operandi/
ABB Panel Builder 800 DLL Hijacking Vulnerability
This advisory contains mitigation details for a DLL Hijacking vulnerability in the ABB Panel Builder 800 Version 5.1 application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-077-01
Apache ActiveMQ Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1035328
Apache ActiveMQ Lets Remote Users Conduct Clickjacking Attacks
http://www.securitytracker.com/id/1035327
Android adware infiltrates devices' firmware, Trend Micro apps
Dubbed Gmobi by Dr. Web researchers, the malware comes in the form of a software development kit (SDK), and has been found in several legitimate applications by well-known companies, as well as in firmware for nearly 40 mobile ..
https://www.helpnetsecurity.com/2016/03/18/android-adware-infiltrates-devices-firmware/
SSA-151221 (Last Update 2016-03-18): Incorrect File Permissions in APOGEE Insight
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-151221.pdf
[HTB23293]: Remote Code Execution via CSRF in iTop
High-Tech Bridge Security Research Lab discovered a Remote Code Execution vulnerability in iTop that is exploitable via Cross-Site Request Forgery flaw that is also present ..
https://www.htbridge.com/advisory/HTB23293
Lets Encrypt tritt CA/Browser Forum bei
Der nächste Schritt hin zu einer anerkannten Zertifizierungsstelle ist getan: Als Mitglied im CA/Browser Forum bewegt sich Let's Encrypt nun auf Augenhöhe mit Comodo, Symantec & Co.
http://heise.de/-3144202
Auch DDR4-Speicher für Bitflips anfällig
Offenbar sind mehr Arbeitsspeicher-Varianten für den Rowhammer-Angriff verwundbar, als bislang gedacht. Forscher haben jetzt einen Angriff auf DDR4-Speicher vorgestellt, auch professionelle Serverspeicher sollen betroffen sein.
http://www.golem.de/news/rowhammer-auch-ddr4-speicher-fuer-bitflips-anfaellig-1603-119869.html
Sicherheits-Updates für Symantecs Endpoint Protection
Drei Lücken schließt das aktuelle Update für Symantecs Endpoint Protection (SEP), darunter eine SQL Injection.
http://heise.de/-3144528
Biometrics not a magic infosec bullet for web banking, warns GCHQ bloke
You can change a password. You cant change fingerprints Around the world, banks are implementing biometric authentication systems for their customers as fraud cases increase - but experts warn biometrics should not be treated like a silver bullet for ID ..
www.theregister.co.uk/2016/03/18/biometrics_not_answer_online_banking_security_gchq_cesg_allgrove/
Security: Neuer Stagefright-Exploit betrifft Millionen Android-Geräte
Stagefright bedroht viele nach wie vor ungepatchte Android-Geräte weltweit, gilt aber als schwierig auszunutzen. Eine neue Technik erfordert etwas Infrastruktur, dürfte aber größere praktische Relevanz haben.
http://www.golem.de/news/security-neuer-stagefright-exploit-betrifft-millionen-android-geraete-1603-119875.html
DDoS-Attacken auf Schweizer Websites
In der Schweiz gab es in der vergangenen Woche eine Reihe von DDoS-Angriffen auf Online-Shops, die Schweizerischen Bundesbahnen und Finanzinstitute. In einem Fall wurden ..
http://heise.de/-3144854