End-of-Shift report
Timeframe: Donnerstag 21-04-2016 18:00 − Freitag 22-04-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Cisco Patches Denial-of-Service Flaws Across Three Products
Cisco released software updates to address five separate denial of service vulnerabilities, all which the company considers either high or critical severity, across its product line this week.
http://threatpost.com/cisco-patches-denial-of-service-flaws-across-three-products/117586/
New version of TeslaCrypt ups ante for ransomware
Two updates in TeslaCrypt illustrate that ransomware is not only spreading wider, but is also evolving with new capabilities.
http://www.scmagazine.com/new-version-of-teslacrypt-ups-ante-for-ransomware/article/491452/
Cybercrime as a business rampant, new study
Attacks are getting fiercer and attackers more sophisticated and organized, according to the "2016 Trustwave Global Security Report," released this week.
http://www.scmagazine.com/cybercrime-as-a-business-rampant-new-study/article/491296/
South Korea no 1 origin point for DDoS attacks
According to a new report by Imperva, South Korea serves as the most prolific point of origin for global DDoS attacks.
http://www.scmagazine.com/south-korea-no-1-origin-point-for-ddos-attacks/article/491454/
SpyEye duo behind bank-account-emptying malware banged up
Billion-dollar Russian Trojan team in the tank for quarter of a century in the US A two-man team responsible for spreading the SpyEye malware that caused more than a billion dollars in financial hardship is now starting extended ..
www.theregister.co.uk/2016/04/21/us_jails_spyeye_malware_duo/
DSA-3554 xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:
https://www.debian.org/security/2016/dsa-3554
Core Windows Utility Can Be Used to Bypass AppLocker
A researcher has discovered that Windows' Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker's whitelisting protections.
http://threatpost.com/core-windows-utility-can-be-used-to-bypass-applocker/117604/
TeslaCrypt: New versions and delivery methods, no decryption tool
TeslaCrypt ransomware was first spotted and analyzed in early 2015, and soon enough researchers created a decryption tool for it. The malware has since reached versions 4.0 and 4.1 but, unfortunately, there is currently no way to decrypt the ..
https://www.helpnetsecurity.com/2016/04/22/teslacrypt-new-versions-no-decryption/
Your credentials at risk with Lansweeper 5
As a penetration testers, we rarely have to find 'zero day' vulnerabilities or perform 'bug hunting' in order to compromise Windows Active Directory Domains. However, in one of these rare cases while performing an internal penetration test for a client, we had to do so. Lansweeper is ..
http://blog.gosecure.ca/2016/04/21/your-credentials-at-risk-with-lansweeper-5/
Red Hat Product Security Risk Report: 2015
This report takes a look at the state of security risk for Red Hat products for calendar year 2015. We look at key metrics, specific vulnerabilities, and the most common ways users of Red Hat products were affected by security issues.
https://access.redhat.com/blogs/766093/posts/2262281
Hacking Nagios: The Importance of System Hardening
System hardening is important. Keeping systems in a hardened state is equally important. Good hardening should not only including keeping all the patches up-to-date, but also disabling all unnecessary services. The services that are necessary, must to be configured securely. All of this is ..
https://blog.anitian.com/hacking-nagios/
Hackerangriff: Drucker an deutschen Unis spuckten Nazi-Botschaften aus
Angriff auf vernetzte Kopierer und Drucker offenbar aus den USA - Sicherheitsleck behoben
http://derstandard.at/2000035504034
[2016-04-22] Insecure credential storage in my devolo Android app
The Android app of devolo Home Control suffers from insecure credential storage. Attackers can be able to recover sensitive information from stolen/lost devices.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160422-0_my_devolo_-_android_application_vulnerability_v10.txt
[2016-04-22] Multiple vulnerabilities in Digitalstrom Konfigurator
Multiple design and implementation flaws within the smart home system Digitalstrom enable an attacker to control arbitrary devices connected to the system and execute JavaScript code in the users browser.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160422-0_Digitalstrom_Konfigurator_Multiple_Vulnerabilities_v10.txt
SEC Consult Study on Smart Home Security in Germany - a first silver lining on the horizon of IoT?
http://blog.sec-consult.com/2016/04/smart-home-security.html
1 Million Menschen nutzen Facebook über Tor
Lohnt es sich, einen eigenen Tor-Hidden-Service anzubieten? Facebook schreibt jetzt, dass die Zahl der aktiven Tor-Nutzer sich seit dem letzten Sommer verdoppelt hat.
http://www.golem.de/news/privatsphaere-1-million-menschen-nutzen-facebook-ueber-tor-1604-120500.html
Snap: Ubuntus neues Paketformat ist unter X11 unsicher
Das neue Snap-Paketformat von Ubuntu soll nicht nur Installationen und Updates vereinfachen, sondern auch Anwendungen besser absichern. Unter X11 sei letzteres aber ein falsches Versprechen, sagt Sicherheitsforscher Matthew Garrett. überraschend ist das nicht.
http://www.golem.de/news/snap-ubuntus-neues-paketformat-ist-unter-x11-unsicher-1604-120503.html
Why Hackers Love Your LinkedIn Profile
An employee opens an attachment from someone who claims to be a colleague in a different department. The attachment turns out to be malicious. The company network? Breached. If you follow the constant news about data breaches, you read this stuff all the ..
http://safeandsavvy.f-secure.com/2016/04/22/why-hackers-love-your-linkedin-profile/
Nuclear Exploit-Kit bombardiert hunderttausende Rechner mit Locky
Ransomware wird im großen Stil über Exploit-Kits verteilt. Sicherheitsforschern ist es jetzt gelungen, ins Backend einer solchen Schadcode-Schleuder einzudringen und Statistiken über die Verbreitung der Trojaner zu sammeln.
http://heise.de/-3181696
JSA10727 - 2016-04 Security Bulletin: Junos Space: Multiple privilege escalation vulnerabilities in Junos Space (CVE-2016-1265)
http://kb.juniper.net/index/content&id=JSA10727