Tageszusammenfassung - Donnerstag 28-07-2016

End-of-Shift report

Timeframe: Mittwoch 27-07-2016 18:00 − Donnerstag 28-07-2016 18:00 Handler: Stephan Richter Co-Handler: n/a

Taking Steps to Fight Back Against Ransomware

Ransomware is an attack in which malware encrypts files and extorts money from victims. It has become a favorite among cybercriminals because it is easy to develop, simple to execute, and does a very good job of compelling users to pay to regain access to their precious files or systems. Almost anyone and every business...

https://blogs.mcafee.com/mcafee-labs/taking-steps-to-fight-back-against-ransomware/

Infection Monkey: Test a network from an attacker's point of view

Infection Monkey, a tool designed to test the resiliency of modern data centers against cyber attacks, was developed as an open source tool by GuardiCore's research group. "Traditional testing tools are no longer able to effectively detect vulnerabilities in today's data center networks as they cannot continuously exploit the weakest link and propagate in-depth, resulting in a very partial view of network vulnerabilities" said Pavel Gurvich, CEO of GuardiCore. How...

https://www.helpnetsecurity.com/2016/07/28/infection-monkey-test-network-attackers-point-view/

Verifying SSL/TLS certificates manually, (Thu, Jul 28th)

I think that we can surely say that, with all its deficiencies, SSL/TLS is still a protocol we cannot live without, and basis of todays secure communication on the Internet.Quite often I get asked on how certificates are really verified by browsers or other client utilities. Sure, the canned answer that certificates get signed by CAs and a browser verifies if signatures are correct is always there, but more persistent questions on how it exactly works happen here and there as well. So, if you...

https://isc.sans.edu/diary.html?storyid=21311&rss

Passwort Manager: Lastpass behebt kritische Lücke

Die gestern von Tavis Ormandy gemeldete kritische Schwachstelle im Passwort-Manager Lastpass ist nach Angaben des Unternehmens inzwischen geschlossen worden. Ein neue Lastpass-Version soll unter Firefox bereitstehen.

http://www.golem.de/news/passwort-manager-lastpass-bestaetigt-behebung-kritischer-luecke-1607-122396-rss.html

Phishing-Angriff auf Pollin-Kunden

Bei heise Security haben sich mehrere Kunden des Elektronikhändlers Pollin gemeldet, die befürchten, dass ihre persönlichen Daten einschließlich Bankverbindung bei dem Händler kopiert wurden.

http://heise.de/-3280449

You cant turn off Cortana in the Windows 10 Anniversary Update

Microsoft made an interesting decision with Windows 10's Anniversary Update, which is now in its final stages of development before it rolls out on August 2. Cortana, the personal digital assistant that replaced Windows 10's search function and taps into Bing's servers to answer your queries with contextual awareness, no longer has an off switch.

http://www.pcworld.com/article/3100358/windows/you-cant-turn-off-cortana-in-the-windows-10-anniversary-update.html

Security Holes Exposed In Smart Lighting System

Sylvania Osram Lightify vulnerabilities could allow an attacker to turn out the lights or ultimately infiltrate the corporate network.

http://www.darkreading.com/cloud/security-holes-exposed-in-smart-lighting-system/d/d-id/1326385?_mc=RSS_DR_EDT

Hintergrund: Windows 10 mit Schutz vor Pass-the-Hash-Angriffen

Mit Hilfe moderner Virtualisierungstechnik soll der Credential Guard eine der gefährlichsten Angriffstechniken für Windows-Netze entschärfen.

http://heise.de/-3280610

DSA-3633 xen - security update

Multiple vulnerabilities have been discovered in the Xen hypervisor. TheCommon Vulnerabilities and Exposures project identifies the followingproblems:

https://www.debian.org/security/2016/dsa-3633

DSA-3632 mariadb-10.0 - security update

Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.26. Please see the MariaDB 10.0 Release Notes for furtherdetails:

https://www.debian.org/security/2016/dsa-3632

Vuln: DBD::mysql my_login() Function Use After Free Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/92118

DFN-CERT-2016-1153: Apache Software Foundation HTTP-Server, Lighttpd: Eine "Schwachstelle" ermöglicht HTTP-Proxy-Umleitungen

https://portal.cert.dfn.de/adv/DFN-CERT-2016-1153/

DFN-CERT-2016-1216: Red Hat JBoss Operations Network: Mehrere Schwachstelle ermöglichen u.a. das Ausführen beliebigen Programmcodes

https://portal.cert.dfn.de/adv/DFN-CERT-2016-1216/

Xen Security Advisory CVE-2016-5403 / XSA-184

A guest can submit virtio requests without bothering to wait for completion and is therefore not bound by virtqueue size. (This requires reusing vring descriptors in more than one request, which is incorrect but possible.) Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation controlled by the guest.

http://xenbits.xen.org/xsa/advisory-184.html

Sentinel 7.3 SP3 (Sentinel 7.3.3.0)

Abstract: Sentinel 7.3.3 upgrade for Sentinel 7.3Document ID: 5250650Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.3.3.0-2205.x86_64.tar.gz.sha256 (109 bytes)sentinel_server-7.3.3.0-2205.x86_64.tar.gz (1.69 GB)Products:Sentinel 7.3.2Sentinel 7.1.1Sentinel 7.1Sentinel 7.3.1Sentinel 7.2Sentinel 7.2.1Sentinel 7.3Sentinel 7.2.2Sentinel 7.0Sentinel 7.0.1Sentinel 7.0.2Sentinel 7.0.3Sentinel 7.3.3Superceded Patches: None

https://download.novell.com/Download?buildid=aGwCXcABsl0~