End-of-Shift report
Timeframe: Dienstag 26-04-2016 18:00 − Mittwoch 27-04-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Nationale Strategie: De Maizière will Wirtschaft besser gegen Cyberspionage schützen
Manchmal ist es eine komplexer Hackerangriff, manchmal fängt sich der Chef die Schadsoftware auch direkt von der Speisekarte seines Lieblingsrestaurants ein. Vielen Unternehmen fehlt noch das Bewusstsein der Gefahr. Das soll anders werden.
http://heise.de/-3189372
All About Fraud: How Crooks Get the CVV
A longtime reader recently asked: "How do online fraudsters get the 3-digit card verification value (CVV or CVV2) code printed on the back of customer cards if merchants are forbidden from storing this information? The answer: Probably by installing a Web-based keylogger at an online merchant so that all data that customers submit to the site is copied and sent to the attackers server.
http://krebsonsecurity.com/2016/04/all-about-fraud-how-crooks-get-the-cvv/
A Look Inside Cerber Ransomware
The "Cerber" family of ransomware first appeared in open source reporting in March 2016, with victims readily identified by the ".cerber" extension left on encrypted files. Unlike many other ransomware variants, Cerber is designed to encrypt a victim's file system immediately, without receiving "confirmation" or instructions from a command and control (C2) node. After this malicious encryption is complete, HTML and text files are opened on the infected...
https://blog.team-cymru.org/2016/04/a-look-inside-cerber-ransomware/
Malvertising On The Pirate Bay Drops Ransomware
Magnitude EK strikes again, this time on The Pirate Bay, and drops the Cerber Ransomware. Categories: ExploitsTags: cerbermagnitude EKransomwareThe Pirate BayTPB(Read more...)
https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016/04/malvertising-on-the-pirate-bay-drops-ransomware/
Next up. A look at Locky Ransomware
Weve been examining some of the newer - or, at least, most currently prevalent - strains of ransomware. This time we look at Locky.
http://www.scmagazine.com/next-up-a-look-at-locky-ransomware/article/492355/
7ev3n ransomware alters name, asks for much lower ransom
A variant of 7ev3n ransomware has modified its name and begun asking victims for a considerably lower ransom fee than it was seeking just a few months ago. Security researchers originally detected the 7ev3n ransomware back in January of this year.
https://www.grahamcluley.com/2016/04/7ev3n-ransomware-alters-asks-lower-ransom/
BSI-Umfrage: Ein Drittel der Unternehmen ist von Erpressungs-Trojanern betroffen
Den Ergebnissen einer Ransomware-Umfrage des BSI zufolge schützen 60 Prozent der befragten Institutionen aus der deutschen Wirtschaft die Lage als verschärft ein. Auch die Security Bilanz Deutschland vermeldet einen erhöhten Bedrohungsgrad.
http://heise.de/-3189776
"Ransomware ist mittlerweile die größte Bedrohung"
Trojaner, die Systeme verschlüsseln, bieten Kriminellen einen einfachen Weg, Geld zu verdienen. Die Opferzahlen steigen und auch Smartphones sind nicht mehr sicher.
http://futurezone.at/digital-life/ransomware-ist-mittlerweile-die-groesste-bedrohung/195.139.443
Digging deep for PLATINUM
There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones who selectively target organizations and desire to stay undetected, protect their investment, and maximize their ROI. That's what motivated us - the Windows Defender Advanced Threat Hunting team, known...
https://blogs.technet.microsoft.com/mmpc/2016/04/26/digging-deep-for-platinum/
Boffins believe buggy Binder embiggens Android attack surface
Punching holes in problematic private APIs Bugs in Androids Binder inter-process communication (IPC) mechanism open up a mass of security bugs, according to University of Michigan boffins Huan Feng and Kang Shin.
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/27/boffins_believe_buggy_binder_embiggens_android_attack_surface/
Memory Forensics
Introduction This mini-course started with forensic memory basics, in this mini-course, we have explained how you can and what you can find artifacts from memory. As Memory forensics is very vast topic so we have also explained some memory basic such as how memory works what memory architecture and its unit is. Also, what artifacts...
http://resources.infosecinstitute.com/memory-forensics/
An Introduction to Mac memory forensics, (Tue, Apr 26th)
Unfortunately when its come to the memory forensics Mac in environment doesnt have the luxury that we have in the Windows environment. The first step of the memory forensics is capturing the memory, while in Windows we have many tools to achieve this, in Mac we have very few options. OSXPmem is the only available option for memory capturing that support El Capitan,
https://github.com/google/rekall/releases/download/v1.3.2/osxpmem_2.0.1.zip Now let"> cd osxpmem.app/ "> chown
https://isc.sans.edu/diary.html?storyid=20989&rss
How to Suck at Information Security - A Cheat Sheet
This cheat sheet presents common information security mistakes, so you can avoid making them. Yeah, the idea is that you should do the opposite of what it says below. To print, use the one-sheet PDF version; you can also edit the Word version for you own needs.
https://zeltser.com/suck-at-security-cheat-sheet/
[DSA 3558-1] openjdk-7 security update
CVE ID: CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure.
https://lists.debian.org/debian-security-announce/2016/msg00134.html
VTS16-001: NetBackup Remote Access Vulnerabilities
Multiple vulnerabilities have been identified in Veritas (formerly Symantec) NetBackup Master/ Media Servers and clients. An attacker, able to successfully access a vulnerable NetBackup host, could potentially execute arbitrary commands or operations resulting in possible unauthorized, privileged access to the targeted system.
https://www.veritas.com/content/support/en_US/security/VTS16-001.html
F5 Security Advisory: glibc calloc vulnerability CVE-2015-5229
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23822215.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21976066
IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Editionaffects IBM Algorithmics Algo Risk Application and Algo One Core ( CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803,
http://www.ibm.com/support/docview.wss?uid=swg21981349
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Provisioning Manager (CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21981826
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2015-2601,CVE-2015-4749.CVE-2015-2625,CVE-2015-1931 )
http://www.ibm.com/support/docview.wss?uid=swg21976560
IBM Security Bulletin: Vulnerability in HTTP Response Splitting affects IBM Algorithmics Algo Risk Application & AlgoOne Core- CVE-2015-2017
http://www.ibm.com/support/docview.wss?uid=swg21981532