Tageszusammenfassung - Mittwoch 18-05-2016

End-of-Shift report

Timeframe: Dienstag 17-05-2016 18:00 − Mittwoch 18-05-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a

That Insane, $81M Bangladesh Bank Heist? Here's What We Know

Someone stole $81 million from Bangladesh Bank in a matter of hours, and appears to have targeted other banks that use ..

http://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/

Academics Make Theoretical Breakthrough in Random Number Generation

Two University of Texas academics have made what some experts believe is a breakthrough in random number generation that could have longstanding implications for cryptography and computer security.

http://threatpost.com/academics-make-theoretical-breakthrough-in-random-number-generation/118150/

XSA-176

http://xenbits.xen.org/xsa/advisory-176.html

First ATM malware is back and badder than ever

Original gangster Skimer goes global Cybercriminals have retrofitted a strain of ATM malware first discovered in 2009 to create an even more potent threat. www.theregister.co.uk/2016/05/17/skimer_atm_malware/

Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise

Malicious macro using a sneaky new trick

We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing ..

https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/

Hacker weiden Untergrund-Forum Nulled.IO aus

Im Hacker-Forum Nulled.IO treffen sich Gleichgesinnte und handeln etwa mit erbeuteten Nutzer-Konten. Ironischerweise wurde Nulled.IO nun selbst Opfer einer verheerenden Hacker-Attacke.

http://heise.de/-3209682

Windows 10 Device Guard and Credential Guard Demystified

While helping Windows Enterprise customers deploy and realize the benefits of Windows 10, I've observed there's still a lot of confusion regarding the security features of the operating system. This is a shame since some ..

https://blogs.technet.microsoft.com/ash/2016/03/02/windows-10-device-guard-and-credential-guard-demystified/

Scammers target cybersecurity brands

Cybersquatting, typosquatting and phishing now target the largest cybersecurity brands.

https://www.htbridge.com/blog/scammers-target-cybersecurity-companies-brands.html

Google to shutter SSLv3, RC4 from SMTP servers, Gmail

Mark your calendars: Google will disable support for the RC4 stream cipher and the SSLv3 protocol on its SMTP servers and Gmail servers on June 16.After the deadline, Googles SMTP servers will no longer exchange mail with servers ..

http://www.cio.com/article/3071866/security/google-to-shutter-sslv3-rc4-from-smtp-servers-gmail.html#tk.rss_security

Magento 2.0.6 Security Update

Magento Enterprise Edition and Community Edition 2.0.6 contain multiple security and functional enhancements. You can find more details about the vulnerabilities addressed below.

https://magento.com/security/patches/magento-206-security-update

Magento - Unauthenticated Remote Code Execution

The vulnerability (CVE-2016-4010) allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities, as described further in the blog post.

http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/

Sicherheitsrichtlinie: EU-Rat billigt Meldepflicht bei Cyberangriffen

Die EU-Mitgliedsstaaten haben den Kompromiss zur geplanten Richtlinie über Netz- und Informationssicherheit angenommen, den Verhandlungsführer zuvor mit dem EU-Parlament ausgehandelt hatten. Es geht um Sicherheitsauflagen für Online-Anbieter.

http://heise.de/-3210189

Ransomware Activity Spikes in March, Steadily increasing throughout 2016

https://www.fireeye.com/blog/threat-research/2016/05/ransomware_activity.html

The Ultimate Guide to Angler Exploit Kit for Non-Technical People

There's been a lot of talk about the Angler exploit kit lately, but, for most people, the warnings don't strike a chord. And they're definitely not to blame. Not everyone ..

https://heimdalsecurity.com/blog/ultimate-guide-angler-exploit-kit-non-technical-people/

Die Crypto Wars und die Folgen: Wie uns alte Hintertüren weiter verfolgen

Erneut fordern Politiker, Geheimdienste und Strafverfolger, Krypto-Software absichtlich zu schwächen. Das war schon einmal vorgeschrieben und die Konsequenzen verfolgen uns noch heute: Verheerende Sicherheitslücken haben genau darin ihren Ursprung.

http://heise.de/-3210209

Bitly partners with Let's Encrypt for HTTPS links

Bitly processes data associated with more than 12 billion clicks per month, leading to massive troves of intelligence. Now, they're partnering with Let's Encrypt to generate SSL certificates for more than 40,000 Bitly ..

https://www.helpnetsecurity.com/2016/05/18/bitly-https-links/

IRZ RUH2 3G Firmware Overwrite Vulnerability

This advisory contains mitigation details for a firmware overwrite vulnerability in iRZ's RUH2 device.

https://ics-cert.us-cert.gov/advisories/ICSA-16-138-01

Moxa EDR-G903 Secure Router Vulnerabilities

This advisory was originally posted to the US-CERT secure Portal library on February 11, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for Moxa's ECR G903 secure routers.

https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01

Fixing `marked` XSS vulnerability

A few weeks ago we added to our DB a Cross-Site Scripting (XSS) vulnerability in the popular marked package. This post explains the vulnerability, shows how to exploit it on a sample app, and explains how to fix the issue in your application.

https://snyk.io/blog/marked-xss-vulnerability/