End-of-Shift report
Timeframe: Montag 13-06-2016 18:00 − Dienstag 14-06-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
ATM Insert Skimmers In Action
KrebsOnSecurity has featured several recent posts on "insert skimmers," ATM skimming devices made to fit snugly and invisibly inside a cash machines card acceptance slot. Im revisiting the subject again because Ive recently ..
http://krebsonsecurity.com/2016/06/atm-insert-skimmers-in-action/
DSA-3601 icedove - security update
Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors maylead to the execution of arbitrary code or denial of service.
https://www.debian.org/security/2016/dsa-3601
Virenscanner infiziert Systeme mit Sality-Virus
Durch ein Update landete des Virenscanners Rising landet eine infizierte Datei auf den Systeme, die sich dann daran macht, den Sality-Virus weiter zu verbreiten.
http://heise.de/-3237654
Vawtrak banking Trojan shifts to new targets
The Vawtrak banking Trojan (aka Snifula) is slowly but surely becoming a serious threat. With version 2, the malware has acquired the capability to target ..
https://www.helpnetsecurity.com/2016/06/14/vawtrak-banking-trojan-shifts-new-targets/
Kritische Sicherheitslücke: Angreifer können Adminrechte in Oxid-E-Shop erlangen
Eine Sicherheitslücke im E-Shop-System Oxid ermöglicht Angreifern den Zugriff auf das Admininterface, es kann auch Code ins Frontend injiziert werden. Aktuelle Versionen werden mit einem Patch abgesichert, für ältere existiert lediglich ein Workaround.
http://www.golem.de/news/kritische-sicherheitsluecke-angreifer-koennen-adminrechte-in-oxid-e-shop-erlangen-1606-121497.html
Aufregung um Linkedin-Hack in .at: Nutzer sollten dringend Passwort ändern
Vollständige Nutzerdatenbank aus dem Jahr 2012 kursiert, und sorgt nun auch hierzulande für Schlagzeilen.
http://derstandard.at/2000038935519
Weaponizing Nessus
Once in a blue moon we come across a client that has truly done security right (or at least, tried really hard to do so). All the low hanging fruit has ..
http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus
The PhotoMiner Campaign
Over the past few months, we've been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by ..
https://www.guardicore.com/2016/06/the-photominer-campaign/
Finding pearls; fuzzing ClamAV
Previously, I wrote about the general workflow to follow if you wanted to seriously begin fuzzing applications, while covering fuzzing a small YAML library. In this post, we will cover taking that workflow and applying it in real life to the open-source antivirus project ClamAV. This fuzz job was ..
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
phpMyAdmin Project Successfully Completes Security Audit
Software Freedom Conservancy congratulates its phpMyAdmin project on succesfuly completing completing a thorough security audit, as part of Mozillas Secure Open Source Fund. No serious issues were found in the phyMyAdmin codebase.
https://www.phpmyadmin.net/news/2016/6/13/phpmyadmin-project-successfully-completes-security-audit/
Netgear-Router dank festinstallierter Schlüssel einfach zu knacken
Die Router D6000 und D3600 können von Angreifern gekapert werden, da sie fest installierte Krypto-Schlüssel nutzen, die immer gleich sind. Ausserdem lässt sich das Administrator-Passwort sehr einfach auslesen.
http://heise.de/-3237907
Making Curl | Bash safe(r)
You know those software installation instructions that tell you to download and run a script directly from the internet, as root, using something like the following?
https://sysdig.com/blog/making-curl-bash-safer/