End-of-Shift report
Timeframe: Montag 08-08-2016 18:00 − Dienstag 09-08-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
"Cat-Loving" Mobile Ransomware Operates With Control Panel
Recently the McAfee Labs Mobile Malware Research team found a sample of ransomware for Android with botnet capabilities and a web-based control panel service. The malware is running on compromised legitimate servers. The payload of this malware can encrypt a victim's files, steal SMS messages, and block access to the device. In this variant the...
https://blogs.mcafee.com/mcafee-labs/cat-loving-mobile-ransomware-operates-control-panel/
Researcher warns of flaws in Samsung Pay tokenization and mag stripe features
A researcher claims to have found vulnerabilities in Samsung Pays tokenization mechanism and its magnetic secure transmission (MST) technology that could allow hackers to steal users tokens and make fraudulent purchases.
http://www.scmagazine.com/researcher-warns-of-flaws-in-samsung-pay-tokenization-and-mag-stripe-features/article/514732/
Samsung Calls Reports of Samsung Pay Security Flaw "Inaccurate"
Researcher finds a way to make fraudulent transactions via Samsung Pay, but Samsung denies any issues
http://news.softpedia.com/news/samsung-calls-reports-of-samsung-pay-security-flaw-as-inaccurate-507098.shtml
Anonymes Dokument: Angriffe auf den FreeBSD-Update-Prozess
Ein anonymes Dokument beschreibt detailliert Sicherheitslücken im FreeBSD-Update-System. Betroffen sind Portsnap, Libarchive und Bspatch. Fixes gibt es bislang nur für wenige der Bugs. Möglicherweise existieren ähnliche Angriffe auch auf Linux-Systemen.
http://www.golem.de/news/anonymes-dokument-angriffe-auf-den-freebsd-update-prozess-1608-122581-rss.html
Sicherheit: Hacker knacken 12 von 16 Smartlocks
Zwei Hacker haben drei Viertel der von ihnen untersuchten Bluetooth-Smartlocks knacken können - mit stellenweise haarsträubend einfachen Mitteln. Die Reaktion der Hersteller zeugt nicht von großem Interesse, an den Problemen etwas ändern zu wollen.
http://www.golem.de/news/sicherheit-hacker-knacken-12-von-16-smartlocks-1608-122589-rss.html
DFRWS EU/IMF 2017
DFRWS EU 2017 will be held in Überlingen, Lake Constance, Germany. This year brings together two premier research conferences in Europe, the DFRWS digital forensics conference (DFRWS EU 2017) and the International Conference on IT Security Incident Management & IT Forensics (IMF 2017). Established in 2001, DFRWS has become the premier digital forensics conference, dedicated to solving real world challenges, and pushing the envelope of what is currently possible in digital forensics.
http://www.dfrws.org/conferences/dfrws-eu-2017
Unechte PayLife-Nachricht: Ihre Kreditkarte wird vorläufig eingeschränkt
In einer E-Mail behaupten Kriminelle, dass PayLife-Kund/innen ihre persönlichen Daten bestätigen müssen. Tun sie das nicht, müssen sie angeblich 89,95 Euro bezahlen. Empfänger/innen, die der Aufforderung nachkommen, übermitteln sensible Kreditkarteninformationen an Verbrecher/innen.
https://www.watchlist-internet.at/phishing/unechte-paylife-nachricht-ihre-kreditkarte-wird-vorlaeufig-eingeschraenkt/
Windows 10 Anniversary Update is infested with bugs
Last month, I warned readers that Microsofts Windows 10 Anniversary Update would likely be somewhat buggy and suggested consumers should wait awhile before installing it. Unfortunately, my advice proved valid.Windows 10 Anniversary Update infestationThere are widespread reports of significant bugs in the update, and theyre causing systems to freeze, browsers to misbehave, and peripherals - including Xbox One controllers - to malfunction. Two major antivirus companies also warn that...
http://www.cio.com/article/3104774/windows-security/windows-10-anniversary-update-is-infested-with-bugs.html#tk.rss_security
QuadRooter vulnerability: 5 things to know about this Android security scare
Once again, its Android security scare season. This morning news broke of the latest collection of vulnerabilities, discovered by security firm Check Point and grouped together under the catchy monicker "QuadRooter." As usual, most of the reporting has focused on worst-case scenarios and a shockingly huge number of potentially vulnerable devices - in this case, an estimated 900 million. Were going to break down exactly whats going on, and just how vulnerable youre likely to be.
http://www.androidcentral.com/quadrooter-5-things-know-about-latest-android-security-scare
IPv6 router bug: Juniper spins out hotfix to thwart DDoS attacks
Vulnerability common to devices routing IPv6; Cisco offered partial fix in July.
http://arstechnica.com/security/2016/08/ipv6-router-bug-juniper-cisco-ddos-attacks/
Security Bulletin Posted for Adobe Experience Manager (APSB16-27)
Adobe has published a Security Bulletin for Adobe Experience Manager(APSB16-27). Adobe recommends users apply the relevant hotfix to their product installation using the instructions referenced in the security bulletin. Adobe is not planning to issue a security update for Flash Player this...
https://blogs.adobe.com/psirt/?p=1385
Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
A vulnerability in the processing of Network Time Protocol (NTP) packets by Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device.The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP packets to be processed by an affected device. An exploit...
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
Foxit Reader Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code
http://www.securitytracker.com/id/1036558
Vuln: OpenSSH CVE-2016-6515 Denial of Service Vulnerability
http://www.securityfocus.com/bid/92212
Bugtraq: ESA-2016-070: RSA Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability
http://www.securityfocus.com/archive/1/539157
Bugtraq: [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1
http://www.securityfocus.com/archive/1/539159
Trend Micro Control Manager (TMCM) Multiple Vulnerabilities
https://esupport.trendmicro.com/solution/en-US/1114749.aspx
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) Multiple Vulnerabilities
https://esupport.trendmicro.com/solution/en-US/1114746.aspx
Trend Micro Smart Protection Server (Standalone) Multiple Vulnerabilities
https://esupport.trendmicro.com/solution/en-US/1114913.aspx
IBM Security Bulletins
IBM Security Bulletin: AppScan Source vulnerable to denial of service caused by an XML External Entity (CVE-2016-3033)
http://www.ibm.com/support/docview.wss?uid=swg21987326
IBM Security Bulletin: IBM Tivoli Monitoring Buffer Overflow (CVE-2016-2946 )
http://www.ibm.com/support/docview.wss?uid=swg21984578
IBM Security Bulletin: Lotus Protector for Mail Security affected by Cross Site Scripting (CVE-2016-2991)
http://www-01.ibm.com/support/docview.wss?uid=swg21985280
IBM Security Bulletin:Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729 CVE-2016-4463)
http://www.ibm.com/support/docview.wss?uid=swg21987267
IBM Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7548, CVE-2015-8749 CVE-2015-1850)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024106