End-of-Shift report
Timeframe: Freitag 24-06-2016 18:00 − Montag 27-06-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
Economical With The Truth: Making DNSSEC Answers Cheap
We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost. One of the ways we ..
https://blog.cloudflare.com/black-lies/
Security Advisory: Multiple Wireshark (tshark) vulnerabilities
https://support.f5.com:443/kb/en-us/solutions/public/k/87/sol87669052.html
Security Advisory: Multiple Wireshark (tshark) vulnerabilities
https://support.f5.com:443/kb/en-us/solutions/public/k/01/sol01837042.html
Option CloudGate Insecure Direct Object References Authorization Bypass
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass ..
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5333.php
Bart - a new Ransomware
Phishme is reporting the discovery of a new ransomwarewhich its creators have named Bart. Bart shares several commonalities with the Locky ransomware. Bart is delivered by thesame downloader, RockLoader. The payment ..
https://isc.sans.edu/diary.html?storyid=21195
Zwei populäre Exploit-Kits schlagartig verschwunden
Sicherheitsforscher haben seit mehreren Wochen keine Aktivitäten mehr durch die vormals bei Cyber-Ganoven beliebten Exploit-Kits Angler und Nuclear festgestellt.
http://heise.de/-3248999
How executives really feel about infosec reports
More than half of IT and security executives will lose their jobs as a result of failing to provide useful, actionable information. While the majority of board members say they understand everything they�re being told by IT and security ..
https://www.helpnetsecurity.com/2016/06/27/executives-infosec-reports/
Hackers peer into Uber passenger privates, find and plot trips on maps
Brute force efforts reveal 1000 discount codes Three hackers have found eight holes in Uber that could allow fake drivers to be created and user email addresses reveal, ..
www.theregister.co.uk/2016/06/27/hackers_peer_into_uber_passenger_privates_find_and_plot_trips_on_maps/
Annual FiRST Conference Wrap-up
The 28th FiRST security event was held in - the land of morning calms' capital, Seoul this past June 12-17, 2016. This is the yearly conference for all CERT ..
https://blog.fortinet.com/2016/06/23/annual-first-conference-wrap-up
The Threatening Evolution of Exploit Kits
Exploit Kits, even more sophisticated and profitable Exploit kits are rapidly evolving, threat actors improve them on a daily basis by adding the code for the exploitation of the most recent vulnerabilities. In October 2015, ..
http://resources.infosecinstitute.com/the-threatening-evolution-of-exploit-kits/
Unechte PayLife-Mail: Verdacht auf Ihre letzte Transaktion
Mit einer unechten Benachrichtigung von PayLife versuchen Kriminelle, an Kontoinformationen von Opfern zu gelangen. Um das Ziel zu erreichen, behaupten sie, dass es bei der letzten PayLife-Transaktion zu Unstimmigkeiten gekommen sei. Aus ..
https://www.watchlist-internet.at/phishing/unechte-paylife-mail-verdacht-auf-ihre-letzte-transaktion/
EU finanziert Code-Review: Open-Source-Projekte gesucht
Mit einem Pilotprojekt will die EU die IT-Sicherheit verbessern. Nun sind die Nutzer gefragt: Welches Open Souce-Projekt sollte einen Sicherheits-Check bekommen?
http://heise.de/-3249615
How to Backdoor Diffie-Hellman
Abstract: Lately, several backdoors in cryptographic constructions, protocols and implementations have been surfacing in the wild: Dual-EC in RSAs B-Safe product, a modified Dual-EC in Junipers operating system ScreenOS and a ..
https://eprint.iacr.org/2016/644
The Curious Case of an Unknown Trojan Targeting German-Speaking Users
Last week, an unidentified malware was discovered and circulated on Twitter by researcher @JAMES_MHT. Many researchers - including us - were unable to identify the malware so we decided to dig a bit further. In this post, ..
https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users