End-of-Shift report
Timeframe: Donnerstag 12-05-2016 18:00 − Freitag 13-05-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Cyber Heist Attribution
Written by Sergei Shevchenko and Adrian Nish | BACKGROUND | Attributing a single cyber-attack is a hard task and often impossible. However, when multiple attacks are conducted over long periods of time, they leave a trail of digital evidence. Piecing this together into a campaign can help investigators to see the bigger picture, and even hint at who may be behind the attacks. Our research into malware used on SWIFT based systems running in banks has turned up multiple bespoke tools used by a set of...
http://baesystemsai.blogspot.com/2016/05/cyber-heist-attribution.html
Neuer Angriff auf Swift-Netzwerk: Angreifer nutzen manipulierten PDF-Reader
Eine Bank setzte zur Überprüfung von Transaktionen offenbar keine Hashwerte der einzelnen Vorgänge ein - sondern nimmt eine Sichtprüfung von PDFs vor. Aus diesem Grund konnten Angreifer erneut illegale Transaktionen im Swift-Netzwerk vornehmen.
http://www.golem.de/news/neuer-angriff-auf-swift-netzwerk-angreifer-nutzen-manipulierten-pdf-reader-1605-120899-rss.html
EZB plant Meldestelle für Cyber-Angriffe auf Banken
Auch die Bankenaufseher der Europäischen Zentralbank reagieren auf die wachsende Zahl von Angriffen mit einer Meldepflicht bei schwerwiegenden Bedrohungen.
http://heise.de/-3207934
MISP - Malware Information Sharing Platform, (Fri, May 13th)
In a previous diary (Unity Makes Strength), I briefly mentioned MISP(which means Malware Information Sharing Platform). Since this tool is becomingmore and more popular, Id like to give more details about it.Sharing is key could be the slogan of MISP. The ideais to allow different organizations to share IOCs (Indicators of Compromize) like IP addresses, domains, hashes, URLs, filenames, ... Thegoal is to increase their ability to protect themselves against malicious activities. With millions of...
https://isc.sans.edu/diary.html?storyid=21053&rss
Open sourcing our NGINX HTTP/2 + SPDY code
In December, we released HTTP/2 support for all customers and last week we released HTTP/2 Server Push support as well. The release of HTTP/2 by CloudFlare had a huge impact on the number of sites supporting and using the protocol. Today, 50% of sites that use HTTP/...
https://blog.cloudflare.com/open-sourcing-our-nginx-http-2-spdy-code/
Meteocontrol WEBlog Vulnerabilities
This advisory contains mitigation details for one authentication and two information exposure vulnerabilities in Meteocontrol's WEB'log application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01
TrendMicro - Multiple HTTP Problems with CoreServiceShell.exe
Topic: TrendMicro - Multiple HTTP Problems with CoreServiceShell.exe Risk: Medium Text:Source:
https://bugs.chromium.org/p/project-zero/issues/detail?id=775 The main component of Trend Micro Antivirus is CoreSe...
https://cxsecurity.com/issue/WLB-2016050051
Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version
Revisions None Severity Severity (CVSS version 2 and CVSS Version 3) CVSS2 ...
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160512_00
Bugtraq: May 2016 - HipChat Server - Critical Security Advisory
http://www.securityfocus.com/archive/1/538378
Bugtraq: [security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS)
http://www.securityfocus.com/archive/1/538371
Bugtraq: [security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS)
http://www.securityfocus.com/archive/1/538377
Bugtraq: [security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS)
http://www.securityfocus.com/archive/1/538376
Bugtraq: [security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/538379
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server for Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427)
http://www.ibm.com/support/docview.wss?uid=swg21983039
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition 8.5.0 (CVE-2016-3449, CVE-2016-0264)
http://www.ibm.com/support/docview.wss?uid=swg21982262
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Express for Unix (CVE-2016-2842).
http://www.ibm.com/support/docview.wss?uid=swg21982374
IBM Security Bulletin: A Security Vulnerability exist in IBM Cognos TM1
http://www.ibm.com/support/docview.wss?uid=swg21981936
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (Multiple CVEs)
http://www.ibm.com/support/docview.wss?uid=swg21973066
Next End-of-Shift Report: 2016-05-17