End-of-Shift report
Timeframe: Montag 18-07-2016 18:00 − Dienstag 19-07-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Third time (un)lucky – improved Petya is out
So far, we dedicated several articles to the interesting, low-level ransomware called Petya, hijacking the boot sector. Each of those versions was using Salsa20 algorithm to encrypt Master File Table and make disk inaccessible. However, ..
https://blog.malwarebytes.com/threat-analysis/2016/07/third-time-unlucky-improved-petya-is-out/
DSA-3622 python-django - security update
It was discovered that Django, a high-level Python web developmentframework, is prone to a cross-site scripting vulnerability in theadmins add/change related popup.
https://www.debian.org/security/2016/dsa-3622
World-Check terror suspect DB hits the web at just US$6750
Last months borked Couchdb breach delivers more pain to Thomson Reuters The World-Check database that lists "heightened risk individuals and organizations" is reportedly up for sale on the dark web.
www.theregister.co.uk/2016/07/19/6750_buys_you_22_million_worldcheck_citizen_terror_records/
Carbanak Gang Tied to Russian Security Firm?
Among the more plunderous cybercrime gangs is a group known as "Carbanak," Eastern European hackers blamed for stealing more than a billion dollars from banks. Today ..
http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/
Lauschangriff: Netzwerk-Geräte von Juniper akzeptierten selbst signierte Zertifikate
Juniper hat in seinem Betriebssystem Junos OS einen Bug geschlossen, der die Signatur-Prüfung von Zertifikaten aushebelte.
http://heise.de/-3270285
Apple aktualisiert alle seine Betriebssysteme
iOS 9.3.3, OS X El Captian 10.11.6, watchOS 2.2.2 und tvOS 9.2.2 stehen zum Download bereit – und beheben Fehler vor dem nächsten großen Update.
http://heise.de/-3270059
Malware History: Code Red
Fifteen years (5479 days) ago… Code Red hit its peak. An infamous computer worm, Code Red exploited a vulnerability in Microsoft Internet Information Server (IIS) to propagate. Infected servers displayed the following ..
https://labsblog.f-secure.com/2016/07/19/malware-history-code-red/
Cross-Site Scripting in third party library mso/idna-convert
https://typo3.org/news/article/cross-site-scripting-in-third-party-library-msoidna-convert/
Cross-Site Scripting vulnerability in typolinks
https://typo3.org/news/article/cross-site-scripting-vulnerability-in-typolinks-1/
SQL Injection in TYPO3 Frontend Login
https://typo3.org/news/article/sql-injection-in-typo3-frontend-login/
Cross-Site Scripting in TYPO3 Backend
https://typo3.org/news/article/cross-site-scripting-in-typo3-backend-1/
Pokémon Go: Sicherheitsforscher stoßen auf 215 Fake-Apps
In verschiedenen Android-App-Stores sollen gefährliche Trittbrettfahrer-Apps lauern, die mit Pokémon Go bis auf den Namen nichts gemein haben. Im schlimmsten Fall spionieren sie Geräte aus.
http://heise.de/-3270676
Long lasting Magnitude EK malvertising campaign not affected by slowdown in EK activity
We have been tracking a malvertising campaign distributing the Cerber ransomware linked to the actor behind the Magnitude exploit kit for months. Despite a global slowdown in ..
https://blog.malwarebytes.com/cybercrime/exploits/2016/07/long-lasting-magnitude-ek-malvertising-campaign-not-affected-by-slowdown-in-ek-activity/