End-of-Shift report
Timeframe: Montag 25-04-2016 18:00 − Dienstag 26-04-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
"Fourth Sample of ICS Tailored Malware Uncovered and the Potential Impact"
I looked at the S4 Europe agenda which was sent out this morning by Dale Peterson and saw an interesting bullet: "Rob Caldwell of Mandiant will unveil some ICS malware in the wild that is doing some new and smarter things to attack ICS. We are working with Mandiant to provide a bit more info … Continue reading Fourth Sample of ICS Tailored Malware Uncovered and the Potential Impact...
http://ics.sans.org/blog/2016/04/25/fourth-sample-of-ics-tailored-malware-uncovered-and-the-potential-impact
Juniper patches Logjam, Bar Mitzvah, and various Java vulns
In Junos Space, nobody can hear you patch | Juniper Networks sysadmins can add Junos Space network management patches to their to-do list.
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/26/juniper_plugs_network_management_against_logjam_bar_mitzvah_and_various_java_vulns/
Shopware update fixes RCE bug that affects both shop and target system
Shopware, an open-source shopping cart system chosen by a number of big European companies to power their online shops, has recently pushed out a critical security update. The update fixes a remote code execution bug that could allow attackers to read files on the target system, create new ones with malicious content, and run arbitrary code on the target system. This is a critical security vulnerability that not only affect the functions of the shop,...
https://www.helpnetsecurity.com/2016/04/26/shopware-update-fixes-rce-bug/
Sicherheits-Report: Unternehmen setzen selbst simple Schutzmechanismen nicht um
Forensische Analysen von mehr als 3000 nachweislichen Datenlecks zeigen, dass sich Angreifer wenig Neues einfallen lassen - weil Unternehmensnetze immer noch nicht gegen die ewig gleichen Angriffsmuster geschützt sind.
http://heise.de/-3184485
Breaking Steam Client Cryptography
So as to not bury the lede: Older versions of Steam allow an attacker who observes a client connecting to Steam to read sensitive information sent over the network. This allows the attacker to take over the account, bypass SteamGuard, and sometimes view plain-text passwords. But how?
https://steamdb.info/blog/breaking-steam-client-cryptography/
Malware and non-malware ways for ATM jackpotting. Extended cut
Millions of people around the world now use ATMs every day to withdraw cash, pay in to their account or make a variety of payments. Unfortunately, ATM manufacturers and their primary customers - banks - don't pay much attention to the security of cash machines.
http://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/
Two Tips to Keep Your Phone's Encrypted Messages Encrypted
WhatsApp and Viber may have turned on "default" end-to-end encryption, but truly securing your messages requires a couple steps of your own.
http://www.wired.com/2016/04/tips-for-encrypted-messages/
Yeabests[.]cc: A fileless infection using WMI to hijack your Browser
Windows comes with a tool called the Windows Management Instrumentation, or WMI, that can be used by system administrators to receive information and notifications from Windows. ... Unfortunately, this [..] can also be used by malware developers for more nefarious reasons such as creating fileless infectors.
http://www.bleepingcomputer.com/news/security/yeabests-cc-a-fileless-infection-using-wmi-to-hijack-your-browser/
ENISA's Executive Director addresses EP ITRE Committee on key points for cybersecurity for the EU
Following the Commission announcement on the path to digitise the EU industry, ENISA participated at the ITRE meeting on 21st April in an exchange of views on cybersecurity in the EU, and ENISA's role in the implementation of the Digital Single Market.
https://www.enisa.europa.eu/news/enisa-news/enisa2019s-executive-director-addresses-ep-itre-committee-on-key-points-for-cybersecurity-for-the-eu
SWIFT banking network warns customers of cyberfraud cases
SWIFT, the international banking transactions network, has warned customers of "a number" of recent incidents in which criminals sent fraudulent messages through its system.The warning from SWIFT (Society for Worldwide Interbank Financial Telecommunication) suggests that a February attack on the Bangladesh Bank, in which thieves got away with US $81 million, was not an isolated incident.SWIFT is aware of malware that "aims to reduce financial institutions' abilities"...
http://www.cio.com/article/3061685/swift-banking-network-warns-customers-of-cyberfraud-cases.html#tk.rss_security
New Decryptor Unlocks CryptXXX Ransomware
Researchers at Kaspersky Lab today published a decryptor that recovers files encrypted by the CryptXXX ransomware.
http://threatpost.com/new-decryptor-unlocks-cryptxxx-ransomware/117668/
AKW Gundremmingen: Infektion mit Uralt-Schadsoftware
Im Atomkraftwerk Gundremmingen wurde mindestens ein Rechner mit Schadsoftware infiziert. Bei genauerer Betrachtung scheint die Situation allerdings weniger dramatisch, als zuerst angenommen.
http://heise.de/-3188599
Rough Auditing Tool for Security (RATS) 2.3 - Crash PoC
Topic: Rough Auditing Tool for Security (RATS) 2.3 - Crash PoC Risk: Medium Text:# Exploit Title: RATS 2.3 Crash POC # Date: 25th April 2016 # Exploit Author: David Silveiro # Author Contact: twitter.com/d...
https://cxsecurity.com/issue/WLB-2016040155
Bugtraq: Trend Micro (Account) - Email Spoofing Web Vulnerability
http://www.securityfocus.com/archive/1/538197
Bugtraq: VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability
http://www.securityfocus.com/archive/1/538198
Bugtraq: Sophos XG Firewall (SF01V) - Persistent Web Vulnerability
http://www.securityfocus.com/archive/1/538199
TYPO3 CMS 6.2.22 and 7.6.6 released
The TYPO3 Community announces the versions 6.2.22 LTS and 7.6.6 LTS of the TYPO3 Enterprise Content Management System. We are announcing the release of the following TYPO3 CMS updates: TYPO3 CMS 6.2.22 LTS TYPO3 CMS 7.6.6 LTS All versions are maintenance releases and contain bug fixes only.
https://typo3.org/news/article/typo3-cms-6222-and-766-released/
Bugtraq: [security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS)
http://www.securityfocus.com/archive/1/538194
IBM Security Bulletin: IBM Vulnerability in BIND affects AIX (CVE-2015-8704)
http://www.ibm.com/support/
IBM Security Bulletin: IBM Vulnerability in OpenSSL affects AIX (CVE-2016-2842)
http://www.ibm.com/support/