End-of-Shift report
Timeframe: Freitag 29-04-2016 18:00 − Montag 02-05-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
DSA-3561 subversion - security update
Several vulnerabilities were discovered in Subversion, a version controlsystem. The Common Vulnerabilities and Exposures project identifies thefollowing problems:
https://www.debian.org/security/2016/dsa-3561
Google Patches 9 Security Flaws in New Chrome Browser Build
Five Chrome bug bounty hunters split $14,000 in rewards as Google patches nine security flaws in its browser, four are labeled 'high'.
http://threatpost.com/google-patches-9-security-flaws-in-new-chrome-browser-build/117747/
Cloned Websites Stealing Google Rankings
We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a website using automated scripts, usually with the intention of stealing ..
https://blog.sucuri.net/2016/04/cloned-website-stealing-google-rankings-seo-serp.html
Lizard Squad Ransom Threats: New Name, Same Faux Armada Collective M.O.
[...] Beginning late Thursday evening (Pacific Standard Time) several CloudFlare customers began to receive threatening emails from a "new" group calling itself the 'Lizard Squad'. These emails have a similar modus operandi to the previous ransom emails. This group was threatenin ..
https://blog.cloudflare.com/lizard-squad-ransom-threats-new-name-same-faux-armada-collective-m-o-2/
Cyber Security Challenge: Wettbewerb für "Nachwuchs-Hacker" startet am 2. Mai
Ab sofort sind Schüler und Studenten wieder aufgerufen, sich den Online-Prüfungen der Cyber Security Challenge zu stellen. Die Qualifikationsphase läuft bis zum 1. August, das deutsche Finale findet Ende September in Berlin statt.
http://heise.de/-3194493
Crypto-ransomware Gains Footing in Corporate Grounds, Gets Nastier for End Users
In the first four months of 2016, we have discovered new families and variants of ransomware, seen their vicious new routines, and witnessed threat actors behind these operations upping the ransomware game to new heights. All these developments further establish crypto-ransomware as a ..
http://blog.trendmicro.com/trendlabs-security-intelligence/crypto-ransomware-gains-footing-in-corporate-grounds-gets-nastier-for-end-users/
Schwarzmarkt: Preis für mobile Malware zieht an
Sicherheitsforschern zufolge floriert der Handel mit mobiler Malware. Der Anbieter des Android-Trojaners GM Bot zieht indes die Preise auf Malware-Marktplätzen spürbar an.
http://heise.de/-3195382
Practical Reverse Engineering Part 2 - Scouting the Firmware
In part 1 we found a debug UART port that gave us access to a linux shell. At this point we've got the same access to the router that a developer would use to debug issues, control the system, etc.
http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/
Ernste Sicherheitslücke in Ubuntus neuem Paketformat Snap geschlossen
Ubuntus neues Paketformat Snap sorgt erneut für Aufsehen: Nun haben die Entwickler einen Schreibfehler im Code entfernt, der Angreifern das Ausführen von beliebigem Schadcode ermöglicht hatte.
http://heise.de/-3195532