End-of-Shift report
Timeframe: Donnerstag 19-05-2016 18:00 − Freitag 20-05-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
DSA-3584 librsvg - security update
Gustavo Grieco discovered several flaws in the way librsvg, a SAX-basedrenderer library for SVG files, parses SVG files with circulardefinitions. A remote attacker can take advantage of these flaws tocause an application using the librsvg library to crash.
https://www.debian.org/security/2016/dsa-3584
Petya and Mischa - Ransomware Duet (part 1)
After being defeated about a month ago, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload - Mischa. Both are named after the satellites from the GoldenEye movie. They deploy attacks on ..
https://blog.malwarebytes.org/threat-analysis/2016/05/petya-and-mischa-ransomware-duet-p1/
EITest campaign still going strong, (Fri, May 20th)
Originally reported by Malwarebytes in October 2014 [1], the EITest campaign has been going strong ever since. Earlier this year, I documented how the campaign has evolved over time [2]. During its run, I had only noticed the EITest campaign use Angler EK to distribute a variety of ..
https://isc.sans.edu/diary.html?storyid=21081
TLS/GCM: Gefahr durch doppelte Nonces
Moderne TLS-Verbindungen nutzen üblicherweise das AES-GCM-Verschlüsselungsverfahren. Das benötigt einen sogenannten Nonce-Wert, der sich nicht wiederholen darf. Ansonsten ist die Sicherheit dahin.
http://www.golem.de/news/tls-gcm-gefahr-durch-doppelte-nonces-1605-121005.html
Important Security-Bulletin Pre-Announcement
https://typo3.org/news/article/important-security-bulletin-pre-announcement-1/
Resource Data Management Intuitive 650 TDB Controller Vulnerabilities
This advisory contains mitigation details for a privilege escalation vulnerability and a cross-site request forgery vulnerability in Resource Data Management's Intuitive 650 TDB Controller.
https://ics-cert.us-cert.gov/advisories/ICSA-16-140-01
Siemens SIPROTEC Information Disclosure Vulnerabilities
This advisory contains mitigation details for information disclosure vulnerabilities in the Siemens SIPROTEC 4 and SIPROTEC Compact.
https://ics-cert.us-cert.gov/advisories/ICSA-16-140-02
Hacked in a public space? Thanks, HTTPS
Kali Linux, laptop, coffee - hack on! Have you ever bothered to look at who your browser trusts? The padlock of a HTTPS connection doesnt mean anything if you cant trust the other end of the connection and its upstream signatories. Do you ..
www.theregister.co.uk/2016/05/20/https_wifi_trust_in_a_public_place/
Wichtiger Sicherheits-Patch für Typo3 voraus
In vielen Typo3-Versionen klafft offensichtlich eine schwerwiegende Sicherheitslücke. Ein Patch soll Anfang nächster Woche erscheinen.
http://heise.de/-3212058
l+f: Erpressung für den guten Zweck
Ein Verschlüsselungs-Trojaner fordert ein horrende Summe und will damit Gutes tun. Wer's glaubt ...
http://heise.de/-3212111