End-of-Shift report
Timeframe: Montag 02-05-2016 18:00 − Dienstag 03-05-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
GOZNYM MALWARE
Antivirus software detects GozNym hybrid as Nymaim variant GozNym samples resolve domains, do not connect to IPs returned. Separate IP used for HTTP comms. C2 channel for GozNym appears to be HTTP POST requests, in line with ..
https://blog.team-cymru.org/2016/05/goznym-malware/
JSA10748 - Protect-RE (loopback) Firewall Filter does not discard OSPF packets from non-permitted prefixes
http://kb.juniper.net/index/content&id=JSA10748&actp=RSS
Acunetix WVS 10 - Remote command execution (SYSTEM privilege)
https://cxsecurity.com/issue/WLB-2016050003
3-in-4 Android phones, slabs, gizmos menaced by fresh hijack flaws
Another month, another round of critical vulnerabilities patched by Google Google has today issued a bundle of 40 security patches for its Android operating system.
www.theregister.co.uk/2016/05/02/android_may_patch_batch/
Fake Security Conferences
Turns out there are two different conferences with the title International Conference on Cyber Security (ICCS 2016), one real and one fake. Richard Clayton has the story ..
https://www.schneier.com/blog/archives/2016/05/fake_security_c.html
RSA Data Loss Prevention Bugs Let Remote Users Conduct Cross-Site Scripting and Clickjacking Attacks and Let Remote Authenticated Users Bypass Security Controls and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1035714
SNMP Pentesting
In the previous article about SNMP, we have discussed how to set up your own vulnerable lab where we have configured pfSense and VyOS with SNMP misconfigurations. You can find this article here. In this article, we will discuss how to assess the security ..
http://resources.infosecinstitute.com/snmp-pentesting/
l+f: Webseite des Ministeriums für digitale Infrastruktur erneut löchrig
Nach Heartbleed nun XSS: Der Web-Auftritt des Bundesministeriums für Verkehr und digitale Infrastruktur war abermals unzureichend abgesichert.
http://heise.de/-3196376
OpenSSL Security Advisory [3rd May 2016]
https://openssl.org/news/secadv/20160503.txt
OpenSSL schließt Abkömmling der Lucky-13-Lücke
Die vielgenutzte Krypto-Bibliothek erhält Patches für sechs Sicherheitslücken. Zwei davon haben die Priorität ..
http://heise.de/-3196510
Ransomware deployments after brute force RDP attack
Fox-IT has encountered various ways in which ransomware is being spread and activated. Many infections happen by sending spam e-mails and luring the receiver in opening the infected ..
https://blog.fox-it.com/2016/05/02/ransomware-deployments-after-brute-force-rdp-attack/