End-of-Shift report
Timeframe: Montag 23-05-2016 18:00 − Dienstag 24-05-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
DMA Locker 4.0 - Known Ransomware Preparing For A Massive Distribution
We take a look at the step towards maturity of DMA Locker how this will be spreading on a bigger scale.Categories: Malware Threat analysisTags: DMA Lockerransomware(Read more...)
https://blog.malwarebytes.org/threat-analysis/2016/05/dma-locker-4-0-known-ransomware-preparing-for-a-massive-distribution/
Beware of keystroke loggers disguised as USB phone chargers, FBI warns
Private industry notification comes 15 months after debut of KeySweeper.
http://arstechnica.com/security/2016/05/beware-of-keystroke-loggers-disguised-as-usb-phone-chargers-fbi-warns/
SWIFT to unveil new security plan after hackers heists
The SWIFT secure messaging service that underpins international banking said it plans to launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist. [...] Users frequently do not inform SWIFT of breaches of their SWIFT systems and even now, the co-operative has not proposed any sanctions for clients who fail to pass on information, which SWIFT itself says is key to stopping future attacks.
http://www.reuters.com/article/us-cyber-banks-swift-idUSKCN0YE2S6
Kommentar: Allo, Google? Gehts noch?
Googles WhatsApp-Alternative Allo verschlüsselt nicht konsequent, sondern liest stattdessen aktiv mit. Was soll das?
http://heise.de/-3215729
WPAD name collision bug opens door for MitM attackers
A vulnerability in Web Proxy Auto-Discovery (WPAD), a protocol used to ensure all systems in an organization utilize the same web proxy configuration, can be exploited to mount MitM attacks from anywhere on the Internet, US-CERT warns. "With the New gTLD program, previously undelegated gTLD strings are now being delegated for public domain name registration. These strings may be used by private or enterprise networks, and in certain circumstances, such as when a work computer...
https://www.helpnetsecurity.com/2016/05/24/wpad-name-collision-bug/
Hacker finds flaw in teleconference tool used by US Army, NASA and CERN
Like we need another reason to hate videoconferences Sydney security tester Jamieson OReilly has reported a since-patched vulnerability in popular video platform Vidyo - used by the likes of the US Army, NASA and CERN - that could see videos leaked and systems compromised.
http://go.theregister.com/feed/www.theregister.co.uk/2016/05/19/popular_teleconf_tech_vidyo_throws_patch_over_data_leak_hole/
Pastejacking im Browser: Codeausführung per Copy and Paste
Browser können den Inhalt der Zwischenablage selbstständig verändern. In einem Proof-of-Concept wird gezeigt, wie diese Funktion für Angriffe genutzt werden kann - und Nutzer sich recht einfach schützen können.
http://www.golem.de/news/pastejacking-im-browser-codeausfuehrung-per-copy-and-paste-1605-121062-rss.html
Bösartige Apps stellen heimlich teure Telefonverbindungen her
Warnung der Regulierungsbehörde
http://derstandard.at/2000037564561
Neben Erpressung nun auch DDoS: Verschlüsselungs-Trojaner Cerber lernt dazu
Mit einer neuen Version von Cerber wollen die Drahtzieher hinter der Ransomware noch mehr Profit generieren: Der Schädling nimmt persönliche Daten als Geisel und die Kriminellen können infizierte Computer für DDoS-Attacken missbrauchen.
http://heise.de/-3217254
The Anti-Ransomware Protection Plan You Need to Follow Today
Technology has made our lives both easier and more complicated - there's no denying that. Fast Internet access opened up a world of wisdom and all the distractions we can image. But the door is also open for cyber criminals with little to no scruples and a big appetite for money. And there's no better...
https://heimdalsecurity.com/blog/anti-ransomware-protection-plan/
Xen Security Advisory CVE-2014-3672 / XSA-180
When the libxl toolstack launches qemu for HVM guests, it pipes the output of stderr to a file in /var/log/xen. This output is not rate-limited in any way. The guest can easily cause qemu to print messages to stderr, causing this file to become arbitrarily large.
http://xenbits.xen.org/xsa/advisory-180.html
Pulse Connect Secure Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1035932
Missing Access Check in TYPO3 CMS
It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions.
https://typo3.org/news/article/missing-access-check-in-typo3-cms/
Missing Access Check in extension "Frontend User Registration" (sf_register)
It has been discovered that the extension "Frontend User Registration" (sf_register) lacks a proper access check.
https://typo3.org/news/article/missing-access-check-in-extension-frontend-user-registration-sf-register/
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm
Cisco UCS Invicta Software Default GPG Key Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160524-ucs-inv
F5 Security Advisories
Security Advisory: GNU C Library (glibc) vulnerability CVE-2016-3075
https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15439022.html?ref=rss
Security Advisory: OpenSSH vulnerability CVE-2016-1907
https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35424631.html?ref=rss
Security Advisory: glibc vulnerability CVE-2016-3075
https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15439022.html?ref=rss
Security Advisory: Java vulnerabilities CVE-2013-5782 and CVE-2013-5803
https://support.f5.com:443/kb/en-us/solutions/public/k/14/sol14340611.html?ref=rss
Security Advisory: PHP Vulnerability CVE-2016-4539
https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35240323.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand (CVE-2016-0264 ,CVE-2016-3449)
http://www.ibm.com/support/docview.wss?uid=swg21983578
IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified
http://www.ibm.com/support/docview.wss?uid=ssg1S1005812
IBM Security Bulletin: IBM Connections Security Update (CVE-2016-0322)
http://www.ibm.com/support/docview.wss?uid=swg21982611
IBM Security Bulletin: Vulnerability in Apache Tomcat may affect IBM WebSphere Application Server Community Edition (CVE-2015-5174)
http://www.ibm.com/support/docview.wss?uid=swg21983128
IBM Applicable countries and regions
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099367
IBM Security Bulletin: Security vulnerabilities have been identified in the versions of IBM WebSphere Application Server Community Edition bundled with Web Experience Factory 7.0.x and 8.0.x (CVE-2015-5345) (CVE-2016-0706) (CVE-2016-0714)
http://www.ibm.com/support/docview.wss?uid=swg21981775
IBM Security Bulletin: HTTP response splitting has been identified in IBM WebSphere Application Server Liberty Profile shipped with SmartCloud Cost Management and Tivoli Usage Accounting Manager (CVE-2015-2017)
http://www.ibm.com/support/docview.wss?uid=swg2C1000121