End-of-Shift report
Timeframe: Mittwoch 01-06-2016 18:00 − Donnerstag 02-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
DSA-3591 imagemagick - security update
Bob Friesenhahn from the GraphicsMagick project discovered a commandinjection vulnerability in ImageMagick, a program suite for imagemanipulation. An attacker with control on input image or the inputfilename can execute arbitrary commands with the privileges of the userrunning the application.
https://www.debian.org/security/2016/dsa-3591
Lenovo advises users to remove a vulnerable support tool preinstalled on their systems
PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems.The vulnerable tool is called ..
http://www.csoonline.com/article/3077935/security/lenovo-advises-users-to-remove-a-vulnerable-support-tool-preinstalled-on-their-systems.html
Opening hours - Moderately Critical - XSS - SA-CONTRIB-2016-031
https://www.drupal.org/node/2738707
DSA-3592 nginx - security update
It was discovered that a NULL pointer dereference in the Nginx coderesponsible for saving client request bodies to a temporary file mightresult in denial of service: Malformed requests could crash workerprocesses.
https://www.debian.org/security/2016/dsa-3592
Researchers spot 35-fold increase in newly observed ransomware domains
A record 35-fold increase in newly observed ransomware domains compared to the fourth quarter of 2015 have been spotted by Infoblox researchers.
http://www.scmagazine.com/infoblox-researchers-spotted-a-huge-uptick-in-dns-based-malware-domains/
Yahoo Publishes National Security Letters After FBI Drops Gag Orders
Yahoo just became the first company to disclose that it has received NSLs without having to go to court to do so.
http://www.wired.com/2016/06/yahoo-publishes-national-security-letters-fbi-drops-gag-orders/
Docker Containers Logging
In a previous diary, Jim talked about forensic operations against Docker containers. To be able to perform investigations after an incident, we must have some ..
https://isc.sans.edu/diary.html?storyid=21121
Die meisten Android-Virenscanner sind unsicher
Eigentlich sollte AV-Software das Smartphone vor Schadcode schützen. Wie Forscher nun festgestellt haben, weisen viele Virenjäger für Android allerdings selbst eklatante Sicherheitsmängel auf.
http://heise.de/-3225169
Trend Micro enterprise products multiple vulnerabilities
Multiple enterprise products provided by Trend Micro Incorporated contain multiple vulnerabilities.
http://jvn.jp/en/jp/JVN48847535/
Trend Micro Internet Security multiple vulnerabilities
Trend Micro Internet Security provided by Trend Micro Incorporated contains multiple vulnerabilities.
http://jvn.jp/en/jp/JVN48789425/
Mitnick Attack Reappears at GeekPwn Macau Contest
Cao Yue, a Ph.D. student from University of California, Riverside, delivered a stunning show at the GeekPwn 2016 Macau Contest on May 12 attended by top-caliber white hat hackers worldwide. Cao succeeded in remotely hijacking TCP connections at his random choice.
http://www.prnewswire.com/news-releases/mitnick-attack-reappears-at-geekpwn-macau-contest-300270779.html
Hacker Lexicon: What Is Fuzzing?
Sometimes hacking isnt about taking a program apart: Its about throwing random objects at it to see what breaks.
http://www.wired.com/2016/06/hacker-lexicon-fuzzing/
[2016-06-02] Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway
The firmware for the cable modem Ubee EVW3226 contains multiple critical vulnerabilities, which can be exploited to gain full system-level access to the device. This allows for inspection, modification and redirection of traffic.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160602_Ubee_EVW3226_Multiple_critical_vulnerabilities_v10.txt
IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activityon SCADA Systems
https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html
TeamViewer users claim accounts hacked
TeamViewer is a remote desktop connection software that allows users to share screens and allow remote access from anywhere in the world. In the past 24 hours, many customers ..
http://www.inquisitr.com/3156809/teamviewer-accounts-hacked-users-claim/
Erpresser-Mails drohen mit Rufschädigung über Social Media
Erpresser machen sich die Berichterstattung über aktuelle Hackerangriffe zunutze, um Droh-Mails zu verschicken, in denen sie den Opfern damit drohen, sensible Informationen auf deren Online-Konten zu veröffentlichen.
http://heise.de/-3225619
93% Of Phishing Emails Are Now Ransomware
According to the latest data from security firm PhishMe, 93% of all phishing emails as of the end of March contained encryption ransomware. The numbers ..
https://tech.slashdot.org/story/16/06/02/1356241/93-of-phishing-emails-are-now-ransomware
How Russian cybercrime bosses crafted a ransomware empire out of an economic crisis
Amid a crashing ruble and shaken markets due to global sanctions over Russian president Vladimir Putins ..
http://www.neowin.net/news/how-russian-cybercrime-bosses-crafted-a-ransomware-empire-out-of-an-economic-crisis
XSA-178
http://xenbits.xen.org/xsa/advisory-178.html
XSA-175
http://xenbits.xen.org/xsa/advisory-175.html