End-of-Shift report
Timeframe: Freitag 29-07-2016 18:00 − Montag 01-08-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Fake FreeDNS Used to Redirect Traffic to Malicious Sites
During the last couple of days we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads, spam and malicious downloads. One of our security analysts, Andrey Kucherov, ..
https://blog.sucuri.net/2016/07/fake-freedns-used-to-redirect-traffic-to-malicious-sites.html
SwiftKey zeigt Vorschläge fremder Nutzer
Nutzer des alternativen Smartphone-Keyboards SwiftKey haben Wortvorschläge fremder Nutzer erhalten. Neben Wörtern in anderen Sprachen sollen auch fremde E-Mail-Adressen darunter gewesen sein.
http://heise.de/-3282177
DSA-3636 collectd - security update
Emilien Gaspar discovered that collectd, a statistics collection andmonitoring daemon, incorrectly processed incoming networkpackets. This resulted in a heap overflow, allowing a remote attackerto either cause a DoS via application crash, or potentially executearbitrary code.
https://www.debian.org/security/2016/dsa-3636
HTML-Injection-Lücke erlaubte Zertifikatsklau bei Comodo
Eine Lücke im Zertifikats-Bestellsystem der Certification Authority Comodo erlaubte es Angreifern, sich SSL-Zertifikate für fremde Websites ausstellen zu lassen, was Man-in-the-middle-Lauschangriffe auf deren Traffic ermöglicht.
http://heise.de/-3282183
Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host
Slashdot reader Noryungi writes: Qubes OS certainly has an intriguing approach to security, but a newly discovered Xen vulnerability allows a hacker to escape a VM and own the host. If you are running Qubes, make sure you update ..
https://tech.slashdot.org/story/16/07/30/1552244/xen-vulnerability-allows-hackers-to-escape-qubes-os-vm-and-own-the-host
DSA-3634 redis - security update
It was discovered that redis, a persistent key-value database, did notproperly protect redis-cli history files: they were created by defaultwith world-readable permissions.
https://www.debian.org/security/2016/dsa-3634
Are you getting I-CANNED?
One year ago, I already covered the impact that ICANNs latest money grab was having on security, see
https://isc.sans.edu/forums/diary/httpsyourfakebanksupport+TLD+confusion+starts/18651/. ICANN is the organization that ..
https://isc.sans.edu/diary.html?storyid=21323
Booking Calendar <= 6.2 - SQL Injection
https://wpvulndb.com/vulnerabilities/8576
Booking Calendar <= 6.2 - Reflected Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8575
Pokémon GO Creators Twitter Account Hacked — Pika, Pikaaaa!
Twitter account of another high-profile CEO has been hacked! This time, its Niantic CEO John Hanke, the developer behind the worlds most popular game Pokémon GO. And it ..
https://thehackernews.com/2016/07/pokemon-go-hack.html
Kaspersky DDoS Intelligence Report for Q2 2016
In Q2 2016, the geography of DDoS attacks narrowed to 70 countries, with China accounting for 77.4% of attacks. In fact, 97.3% of the targeted resources were located in ..
http://securelist.com/analysis/quarterly-malware-reports/75513/kaspersky-ddos-intelligence-report-for-q2-2016/
INTERPOL Arrests Business Email Compromise Scam Mastermind
Business Email Compromise (BEC) attacks have proven to be an effective tactic, with criminals stealing large amounts of money from various businesses. From 2013 to 2015, BEC-related damages were estimated at US$ 2.3 billion. Targeting ..
http://blog.trendmicro.com/trendlabs-security-intelligence/interpol-arrests-business-email-compromise-scam-mastermind/
Sicherheitslücke: Millionen Daten von Flugreisenden jahrelang im Internet
Rechnungen, Namen und teilweise sogar die Bankdaten von Flugreisenden waren jahrelang ohne technische Hürden offen im Netz verfügbar - ohne, dass es jemandem aufgefallen wäre. Auch Kriminelle haben die Daten nach aktuellem Stand übersehen.
http://www.golem.de/news/sicherheitsluecke-millionen-daten-von-flugreisenden-jahrelang-im-internet-1608-122453.html