End-of-Shift report
Timeframe: Freitag 25-03-2016 18:00 − Dienstag 29-03-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Deutsche Hoster vermehrt im Fokus von Cyberkriminellen
Immer stärker nutzen Cyberkriminelle die technisch hochentwickelten Internet-Infrastrukturen der ersten Welt. Immer beliebter werden bei ihnen deutsche Hoster zum Verteilen ihrer Schadsoftware.
http://heise.de/-3151832
Basic Snort Rules Syntax and Usage
In this series of lab exercises we will demonstrate various techniques in writing Snort rules, from basic rules syntax to writing rules aimed at detecting specific types of attacks. We will also examine some basic approaches ..
http://resources.infosecinstitute.com/snort-rules-workshop-part-one/
TWSL2016-006: Multiple XSS Vulnerabilities reported for Zen Cart
Today Trustwave released a vulnerability advisory in conjunction with Zen Cart. Researchers from the SpiderLabs Research team at Trustwave recently found multiple Cross-Site Scripting (XSS) vulnerabilities in the popular online open source shopping ..
https://www.trustwave.com/Resources/SpiderLabs-Blog/TWSL2016-006--Multiple-XSS-Vulnerabilities-reported-for-Zen-Cart/
CVE-2016-1010 (??? - Flash up to 20.0.0.306) and Exploit Kits
http://malware.dontneedcoffee.com/2016/03/flash-up-to-2000306.html
Neue Infektions-Masche: Erpressungs-Trojaner missbraucht Windows PowerShell
Die neu entdeckte Ransomware PowerWare bemächtigt sich der Windows PowerShell, um Computer zu infizieren und Daten zu verschlüsseln.
http://heise.de/-3151892
Every Tool in the Tool Box
When I teach people about reverse engineering, I often hear the following statement: "I got the right answer, but I cheated to get it". They are typically talking about using dynamic analysis to get an answer versus statically analyzing ..
http://trustwave.com/Resources/SpiderLabs-Blog/Every-Tool-in-the-Tool-Box/
DSA-3532 quagga - security update
Kostya Kortchinsky discovered a stack-based buffer overflowvulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIProuting daemon. A remote attacker can exploit this flaw to cause adenial of service (daemon crash), or potentially, execution of arbitrarycode, if bgpd is configured with BGP peers enabled for VPNv4.
https://www.debian.org/security/2016/dsa-3532
Improving Bash Forensics Capabilities
Bash is the default user shell in most Linux distributions. In case of incidents affecting a UNIX server, they are chances that a Bash shell will be ..
https://isc.sans.edu/diary.html?storyid=20887
Life After the Isolated Heap
Over the past few months, Adobe has introduced a number of changes to the Flash Player heap with the goal of reducing the exploitability of certain types of vulnerabilities in Flash, especially use-after-frees. I wrote an exploit involving two bugs ..
http://googleprojectzero.blogspot.com/2016/03/life-after-isolated-heap.html
APPLE-SA-2016-03-28-1 OS X: Flash Player plug-in blocked
http://prod.lists.apple.com/archives/security-announce/2016/Mar/msg00007.html
DSA-3533 openvswitch - security update
Kashyap Thimmaraju and Bhargava Shastry discovered a remotelytriggerable buffer overflow vulnerability in openvswitch, a productionquality, multilayer virtual switch implementation. Specially craftedMPLS packets could overflow ..
https://www.debian.org/security/2016/dsa-3533
"Collecting Serial Data for ICS Network Security Monitoring"
Below is a postby SANS ICS515 - ICS Active Defense and Incident Response instructor Mark Bristow. Adversaries across the capability spectrum are increasingly targeting Industrial Control System (ICS) environments. Malware such as ..
http://ics.sans.org/blog/2016/03/29/collecting-serial-data-for-ics-network-security-monitoring
Why PCI DSS cannot replace common sense and holistic risk assessment
Cybersecurity compliance is not designed to eliminate data breaches or stop cybercrime.
https://www.htbridge.com/blog/why-pci-dss-cannot-replace-common-sense-and-holistic-risk-assessment.html
Printers all over the US 'hacked' to spew anti-Semitic fliers
Andrew 'Weev' Auernheimer, one of the two men who were prosecuted and convicted for harvesting e-mails and authentication IDs of 114,000 early-adopters of Apple's iPad from AT&T's ..
https://www.helpnetsecurity.com/2016/03/29/printers-us-hacked-anti-semitic-fliers/
Xen Security Advisory 172 (CVE-2016-3158, CVE-2016-3159) - broken AMD FPU FIP/FDP/FOP leak workaround
There is a workaround in Xen to deal with the fact that AMD CPUs dont load the x86 registers FIP (and possibly FCS), FDP (and possibly FDS), and FOP from memory (via XRSTOR or FXRSTOR) when there is no pending unmasked exception. (See XSA-52.) However, this workaround does not cover all possible input cases.
http://lists.xen.org/archives/html/xen-announce/2016-03/msg00001.html
Google-Entwickler: NPM-Malware könnte sich als Wurm verbreiten
Wegen einiger Design-Prinzipien der Node-Paktverwaltung NPM könne sich ein schadhaftes Modul wie ein Wurm im gesamten System verbreiten, warnt ein Google-Entwickler. Gegen die Sicherheitslücke hilft vorerst nur Handarbeit.
http://www.golem.de/news/google-entwickler-npm-malware-koennte-sich-als-wurm-verbreiten-1603-120011.html
Petya: Den Erpressungs-Trojaner stoppen, bevor er die Festplatten verschlüsselt
Die Ransomware Petya zielt auf deutschsprachige Opfer und sorgt dafür, dass deren Rechner nicht mehr starten. Der Trojaner verschlüsselt ausserdem die Festplatten, das kann man aber verhindern, wenn man ihn rechtzeitig stoppt.
http://heise.de/-3153388
Lücke in populärer Anrufer-ID-App Truecaller legt Nutzerdaten offen
http://derstandard.at/2000033814462