Tageszusammenfassung - Freitag 24-06-2016

End-of-Shift report

Timeframe: Donnerstag 23-06-2016 18:00 − Freitag 24-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a

Crypto Wars: Neue Bundesbehörde soll Verschlüsselung knacken

Immer mehr Kommunikationsdienste verschlüsseln Nachrichten und schützen sie vor fremden Zugriffen. Die Bundesregierung will dem offenbar nicht tatenlos zusehen und eine Behörde mit dem Knacken der Kryptographie beauftragen.

http://heise.de/-3247957

PCI Compliance for eCommerce – Choosing Between SAQ A and A-EP

The Payment Card Industry Data Security Standards (PCI DSS) is a set of security standards established in a joint venture between a number of the top credit card issuers in the world – Visa, MasterCard, American Express, ..

https://blog.sucuri.net/2016/06/navigating-pci-self-assessment-questionnaires-saq-ecommerce-websites.html

How to: Testing Android Application Security, Part 2

The popularity of Android devices and applications makes it a target for malware and other threats. This post is the second in a short series on Android ..

https://blogs.mcafee.com/mcafee-labs/testing-android-application-security-part-2/

Necurs Botnet is Back, Updated With Smarter Locky Variant

After a mysterious three weeks off the grid, Necurs has returned to spewing massive volumes of email containing improved versions of the potent Locky ransomware and Dridex banking Trojan.

http://threatpost.com/necurs-botnet-is-back-updated-with-smarter-locky-variant/118883/

Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption Vulnerability

This advisory contains mitigation details for a resource management vulnerability in Rockwell Automation’s Allen-Bradley Stratix 5400 and Allen-Bradley Stratix 5410 industrial networking switches.

https://ics-cert.us-cert.gov/advisories/ICSA-16-175-01

Unitronics VisiLogic OPLC IDE vlp File Parsing Stack Buffer Overflow Vulnerability

This advisory contains mitigation details for a buffer overflow vulnerability in the Unitronics VisiLogic.

https://ics-cert.us-cert.gov/advisories/ICSA-16-175-02

Meinberg NTP Time Server Vulnerabilities

This advisory contains mitigation details for a stack buffer overflow vulnerability and a privilege escalation vulnerability in Meinberg’s NTP Time Servers Interface.

https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03

About Lenovo Solution Center 3.3.002 Vulnerabilities (CVE-2016-5249)

After patching set of issues reported by Trustwave SpiderLabs last month, Lenovo released another version of its Lenovo Solution Center software to address new security ..

http://trustwave.com/Resources/SpiderLabs-Blog/About-Lenovo-Solution-Center-3-3-002-Vulnerabilities-(CVE-2016-5249)/

Sicherheitslücke in Alarmanlagen von ABUS und Climax

Vernetzte Alarmanlagen sollen für Sicherheit und mehr Bedienkomfort sorgen. Durch eine Sicherheitslücke können Angreifer jedoch auf viele Systeme zugreifen – übers Internet.

http://heise.de/-3247868

[2016-06-24] ASUS DSL-N55U cross site scripting and information disclosure vulnerability

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160624-0_ASUS_DSL-N55U_XSS_vulnerability_v10.txt

Erpressungs-Trojaner: Neue Locky-Welle infiziert Computer

Wer dieser Tage eine E-Mail mit Dateianhang bekommt, sollte diese noch kritischer als sonst beäugen: Aktuell verbreitet sich der Verschlüsselungs-Trojaner Locky erneut vornehmlich über vermeintliche Bewerbungs-Mails in Deutschland.

http://heise.de/-3248277

How to Spot Ingenico Self-Checkout Skimmers

A KrebsOnSecurity story last month about credit card skimmers found in self-checkout lanes at some Walmart locations got picked up by quite a few publications. Since then Ive heard from several readers who work at retailers that use ..

http://krebsonsecurity.com/2016/06/how-to-spot-ingenico-self-checkout-skimmers/

Pretty Good Privacy: 40 Jahre Diffie-Hellman

Am 23. Juni 1976 präsentierten Whitfield Diffie und Martin Hellman ihren Ansatz eines asymmetrischen Verschlüsselungsverfahren auf dem "Symposium on Information Theory" im schwedischen Ronneby.

http://heise.de/-3248793