End-of-Shift report
Timeframe: Donnerstag 28-07-2016 18:00 − Freitag 29-07-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Long-running malvertising campaign infected thousands of computers per day
Security researchers have shut down a large-scale malvertising operation that used sophisticated techniques to remain undetected for months and served exploits to millions of computers.The operation, dubbed AdGholas, has been running since at least October 2015. According to security vendor Proofpoint, the gang behind it managed to distribute malicious advertisements through more than 100 ad exchanges, attracting between 1 million and 5 million page hits per day.The Proofpoint researchers...
http://www.cio.com/article/3101817/long-running-malvertising-campaign-infected-thousands-of-computers-per-day.html#tk.rss_security
Would You Use This ATM?
One basic tenet of computer security is this: If you cant vouch for a networked things physical security, you also cannot vouch for its cybersecurity. Thats because in most cases, networked things really arent designed to foil a skilled and determined attacker who can freely connect his own devices. So you can imagine my shock and horror seeing a Cisco switch and wireless antenna sitting exposed atop of an ATM out in front of a bustling grocery store in my hometown of Northern Virginia.
http://krebsonsecurity.com/2016/07/would-you-use-this-atm/
Q2 DDoS activity up 83%, report
Nexusguard researchers noticed an 83 percent uptick in DDoS attacks in Q2 2016 compared to Q1.
http://www.scmagazine.com/q2-ddos-threat-report-notes-83-percent-uptick/article/512572/
Pwnie Express open sources IoT and Bluetooth security tools
Pwnie Express announced the availability of open sourced versions of its Blue Hydra and Android build system software. The release of these tools enable comprehensive Bluetooth detection and community based development of penetration testing Android devices. Bluetooth detection is critical for effective device threat detection and must cover both Low energy (LE) and Classic Bluetooth standards. Blue Hydra has also been integrated into Pwnie's monitoring platform, Pulse, to provide...
https://www.helpnetsecurity.com/2016/07/29/pwnie-express-iot-bluetooth-security-tools/
Businesses need to protect data, not just devices
As organizations embrace the digital transformation of their business, they are increasingly facing new security concerns. More companies are moving away from device-centric, platform-specific endpoint security technologies toward an approach that secures their applications and data everywhere. A new Citrix Qualtrics survey revealed that: More than half of Citrix customers reported that they are changing the way their SecOps teams are operated because of the increase in ransomware, targeted...
https://www.helpnetsecurity.com/2016/07/29/protect-data-not-just-devices/
Virtually all business cloud apps lack enterprise grade security
Blue Coat Systems analyzed apps for their ability to provide compliance, data protection, security controls and more. Of the 15,000 apps analyzed, it was revealed that 99 percent do not provide sufficient security, compliance controls and features to effectively protect enterprise data in the cloud. Shadow data still a major threat Their report revealed that shadow data, unmanaged content employees store and share across cloud apps, continues to remain a major threat, with 23 percent...
https://www.helpnetsecurity.com/2016/07/29/business-cloud-apps-lack-enterprise-grade-security/
Elektronikversand Pollin bestätigt schwerwiegenden Hacker-Angriff
Nachdem die Kundendaten bereits für personalisierte Phishing-Angriffe missbraucht wurden, erklärte der Elektronik-Shop nun, dass seine Server angegriffen wurden. Die Täter haben viel mitgenommen, darunter auch offenbar die Bankverbindungen der Kunden.
http://heise.de/-3281324
Malicious RTF Files, (Fri, Jul 29th)
About a year ago I received RTF samples that I could not analyze with RTFScan or rtfobj (FYI: Philippe Lagadec has improved rtfobj.py significantly since then). So I started to write my own RTF analysis tool (rtfdump), but I was not satisfied enough with the way I presented the analysis result to warrant a release of my tool. Last week, I started analyzing new samples and updating my tool. I released it, and show how I analyze sample 07884483f95ae891845caf0d50ce507f in this diary entry. This...
https://isc.sans.edu/diary.html?storyid=21315&rss
Unter Windows 10 Pro gelten bald nicht mehr alle Gruppenrichtlinien
Mit Windows 10, insbesondere dem "Anniversary Update", ändert Microsoft die Anwendungslogik von Gruppenrichtlinien. Künftig entscheidet nicht nur die Version des Betriebssystems (Windows 7/8/10), sondern auch die Edition (Pro, Enterprise). [...] Nach dem Update wird es mit Pro-Ausgaben von Windows 10 nicht mehr möglich sein, das Verhalten zentral zu steuern. Und ganz nebenbei werden auch Umwege verschlossen, zum Beispiel die Manipulation per Registry-Schlüssel.
http://www.heise.de/newsticker/meldung/Unter-Windows-10-Pro-gelten-bald-nicht-mehr-alle-Gruppenrichtlinien-3281404.html
Citrix NetScaler Service Delivery Appliance Multiple Security Updates
A number of vulnerabilities have been identified in the Citrix NetScaler Service Delivery Appliance (SDX) that could allow a malicious administrative user to crash the host or other VMs and execute arbitrary code on the SDX host.
https://support.citrix.com/article/CTX206006
iPrint Appliance 1.1 Patch 6
Abstract: This patch includes bug fixes, security fixes and a consolidation of previously released patchesDocument ID: 5250978Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:iPrint-1.1.0.417.HP.zip (27.49 MB)iPrint-1.1.0.421.HP.zip (1,008.67 MB)Products:iPrint Appliance 1.1Superceded Patches:iPrint Appliance 1.1 Patch
https://download.novell.com/Download?buildid=vv7Z6imI7Js~
iPrint Appliance 2.0 Patch 2
Abstract: This patch includes bug fixes, security fixes and a consolidation of previously released patchDocument ID: 5250983Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:iPrint-2.0.0.531.HP.zip (721.05 MB)Products:iPrint Appliance 2Superceded Patches:iPrint Appliance 2.0
https://download.novell.com/Download?buildid=svMlzlyK0go~
Bugtraq: [SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks
http://www.securityfocus.com/archive/1/539041
VU#217871: Intel CrossWalk project does not validate SSL certificates after first acceptance
Vulnerability Note VU#217871 Intel CrossWalk project does not validate SSL certificates after first acceptance Original Release date: 29 Jul 2016 | Last revised: 29 Jul 2016 Overview The Intel Crosswalk project is a framework for developing hybrid apps for Android and iOS. The Crosswalk project does not properly handle SSL certificate validation when a user accepts an invalid certificate, preventing the app for validating any future SSL certificates. Description CWE-356: Product UI does not
http://www.kb.cert.org/vuls/id/217871
Bugtraq: Vicon Network Cameras - Authentication Bypass
http://www.securityfocus.com/archive/1/539037
Bugtraq: [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks
http://www.securityfocus.com/archive/1/539040
Bugtraq: [SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345)
http://www.securityfocus.com/archive/1/539045
Bugtraq: [SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability
http://www.securityfocus.com/archive/1/539042