End-of-Shift report
Timeframe: Freitag 13-05-2016 18:00 − Dienstag 17-05-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Panama Papers: the result of neglected IT security
The financial, legal and political world have been turned upside down by the Panama Papers. But how on earth was it possible to steal 2.6 terabytes of data from Mossack Fonseca?
https://blog.gdatasoftware.com/2016/05/28239-panama-papers-the-result-of-neglected-it-security
Yahoo-owned Tumblr announces email credential compromise
Tumblr announced Thursday that a third party accessed a set of Tumblr user email addresses with salted and hashed passwords.
http://www.scmagazine.com/tumblr-announces-email-credentials-compromised/article/496286/
CVE-2016-4117: Flash Zero-Day Exploited in the Wild
https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
"Bösartiges Design": Wie Webseiten Nutzer reinlegen und betrügen
Skrupellose Abzock-Praktiken stehen immer mehr unter Kritik, etwa das automatische Anklicken von Abonnements
http://derstandard.at/2000037009828
Unethische Forschung: Wissenschaftler veröffentlichen 70.000 OKCupid-Profile
Wissenschaftler aus Dänemark haben Profile von rund 70.000 OKCupid-Nutzern analysiert und veröffentlicht. Den beteiligten Herren ist ein Ethik-Seminar dringend zu empfehlen.
http://www.golem.de/news/unethische-forschung-wissenschaftler-veroeffentlichen-70-000-okcupid-profile-1605-120916.html
Gatecoin: Mehr als zwei Millionen US-Dollar in Kryptowährungen gestohlen
Wer seine Bitcoin oder Ether bei dem Anbieter Gatecoin aufbewahrt, sollte seine Accounts checken - rund 15 Prozent der Einlagen wurden gestohlen. Auszahlungen sollen erst ab dem 28. Mai wieder möglich sein, es wird aber an Entschädigungsregeln gearbeitet.
http://www.golem.de/news/gatecoin-ueber-zwei-millionen-us-dollar-in-kryptowaehrungen-gestohlen-1605-120917.html
Swift-Attacke abgewehrt: Millionen-Transaktion im Visier von Cyberdieben
Ziel der Hacker bei der Tien Phong Bank war eine Transaktion von umgerechnet mehr als einer Million Euro gewesen
http://derstandard.at/2000037024022-1231152558333
Carding Sites Turn to the 'Dark Cloud'
Crooks who peddle stolen credit cards on the Internet face a constant challenge: Keeping their shops online and reachable in the face of meddling from law enforcement officials, security firms, researchers and vigilantes. In this ..
http://krebsonsecurity.com/2016/05/carding-sites-turn-to-the-dark-cloud/
Chrome könnte Flash noch dieses Jahr standardmässig blockieren
Google plant anscheinend, HTML5 noch stringenter als Standard in seinem Webbrowser Chrome einzusetzen. Flash-Inhalte sollen im Zuge dessen entweder gar nicht mehr oder nur in Ausnahmefällen wiedergegeben werden.
http://heise.de/-3208837
Android Hacking: Dumping and Analyzing Application's Memory
In this article, we will discuss how to dump the memory of a specific application using Android Studio's heap dump feature. We will also explore EclipseMemoryAnalyzer(MAT) to analyze the heap dump we acquire. It is possible to create heap dumps of an application�s heap in Android. We can dump ..
http://resources.infosecinstitute.com/android-hacking-dumping-and-analyzing-applications-memory/
Cisco Video Communication Server Session Initiation Protocol Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160516-vcs
OS X El Capitan v10.11.5 and Security Update 2016-003
https://support.apple.com/kb/HT206567
DSA-3580 imagemagick - security update
Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discoveredseveral vulnerabilities in ImageMagick, a program suite for imagemanipulation. These vulnerabilities, collectively known as ImageTragick,are the consequence of lack of sanitization of untrusted input. Anattacker with control ..
https://www.debian.org/security/2016/dsa-3580
Secure Coding: How to Account for Input Sanitization
On average, a website leverages around 18-20 different plugins in its structure. These plugins enhance the website's functionality and in some instances extend the applications core capabilities. It's great for website owners because they can pick and ..
https://blog.sucuri.net/2016/05/secure-coding-account-input-sanitization.html
Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160516_00
Zombie crypto still rules smart grids: OSGP vendors need to kill RC4
Deprecated almost everywhere, researchers crack open smart grid ancient crypto suite AGAIN The Open Smart Grid Protocols custom RC4 encryption has been cracked - again.
www.theregister.co.uk/2016/05/17/zombie_crypto_still_rules_smart_grids/
Malicious Android apps slip into Google Play, top third party charts
Enlist phones in ad fraud, premium SMS, loser DDoS Malicious Android applications have bypassed Googles Play store security checks to enslave infected devices into distributed denial of service attack, advertising fraud, and spam botnets.
www.theregister.co.uk/2016/05/17/viking_horde_android_app_malware/
VMSA-2016-0005
VMware product updates address critical and important security issues
http://www.vmware.com/security/advisories/VMSA-2016-0005.html
Kritische Lücke gefährdet Antiviren-Produkte von Symantec und Norton
Ein gefährlicher Bug in der Scan Engine von Symantect zieht weite Kreise und bedroht alle Symantec- und Norton-Produkte auf allen Plattformen, warnt ein Sicherheitsforscher.
http://heise.de/-3208967
Security Principles in iOS Architecture
I strongly suggest readers checkout my two prior blogs on Cryptography, Principle of Least Privilege, and Biometrics. All of these will be explored in depth throughout this blog.
https://woumn.wordpress.com/2016/05/02/security-principles-in-ios-architecture/
Killing XSS and CSRF on web server layer
Existing and new web security technologies based on actively developed RFCs propose new approaches to common web vulnerabilities remediation.
https://www.htbridge.com/blog/killing-xss-and-csrf-on-web-server-layer.html
"Cryptohitman": Erpressungstrojaner ersetzt Sperrbildschirm mit Pornos
Verschlüsselt Dateien mit Endung ".porno" - kostenloses Tool rettet Userdaten
http://derstandard.at/2000037097552
Finanzministerium warnt vor falschen BMF-Mails
Phishing-Attacke - Löschen, löschen, löschen!
http://derstandard.at/2000037101098
The Sleepy User Agent
>
From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn't understand why it appeared that some simple GET requests for their homepage were ..
https://blog.cloudflare.com/the-sleepy-user-agent/