End-of-Shift report
Timeframe: Freitag 02-09-2016 18:00 − Montag 05-09-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
DNS tunneling threat drills into nearly half of networks tested
InfoBloxs new report showed nearly half of all networks tested to show signs of DNS tunnelling
http://www.scmagazine.com/dns-tunneling-threat-drills-into-nearly-half-of-networks-tested/article/520394/
Android Patch Fixes Nexus 5X Critical Vulnerability
Google patched an undocumented vulnerability that allowed attackers to bypass Nexus 5X devices lock screen via a forced memory dump that exposed the device owners password.
http://threatpost.com/android-patch-fixes-nexus-5x-critical-vulnerability/120346/
Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability
A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) server functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to access data from a packet buffer that was previously ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160902-ios
Sundown EK – Stealing Its Way to the Top
Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With ..
https://www.trustwave.com/Resources/SpiderLabs-Blog/Sundown-EK-%e2%80%93-Stealing-Its-Way-to-the-Top/
Mailman Access Control Flaw in User Options Page Lets Remote Users Conduct Cross-Site Request Forgery Attacks
Mailman Access Control Flaw in User Options Page Lets Remote Users Conduct Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1036728
‘Flash Hijacks’ Add New Twist to Muggings
A frequent crime in Brazil is a scheme in which thieves kidnap people as theyre leaving a bank, and free them only after theyve visited a number of ATMs to withdraw ..
http://krebsonsecurity.com/2016/09/flash-hijacks-add-new-twist-to-muggings/
Telnet is not dead – at least not on ‘smart’ devices
Depending on your age, you either might or might not have used Telnet to connect to remote computers in the past. But ..
http://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at-least-not-on-smart-devices/
"Wenn Ihre Daten in der Cloud sind, hat sie auch die NSA"
Der Kryptologe Bart Preneel im futurezone-Interview über Verschlüsselung in der Nach-Snowden-Ära, Hintertüren und Quantenkryptographie.
https://futurezone.at/science/wenn-ihre-daten-in-der-cloud-sind-hat-sie-auch-die-nsa/219.100.024
Microsoft thought of the children and decided to ban some browsers
Redmonds Family Settings now block browsers-without-filters by default, but which ones? Microsoft has updated its family filters to block some rival ..
www.theregister.co.uk/2016/09/05/microsoft_thought_of_the_children_and_decided_they_must_only_use_edge/
Hintergrund: Analysiert: Ransomware meets Info-Stealer - RAA und das diebische Pony, Teil II
Wie diese Analysiert:-Folge enthüllt, weist die scheinbar perfekte Verschlüsselung des RAA-Trojaners doch Lücken auf. Auch der von RAA gestartete Passwort-Dieb kann sich mit seinen Anti-Debugging-Tricks der Analyse nicht entziehen.
http://heise.de/-3303401
Fake attacks by insiders to fool companies
Famous cybercrime groups and hacktivists “brands” may be a smokescreen to cover sophisticated insider attacks.
https://www.htbridge.com/blog/fake-attacks-by-insiders-to-fool-companies.html
Security Advisory - Information Leak Vulnerability in Huawei eSpace IAD
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160905-01-espace-en
Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuite
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160905-01-hisuite-en
BKA geht mit SOKO Clavis gegen Ransomware vor
Nachdem sich in den vergangenen Wochen die Fälle häufen, will das Bundeskriminalamt nun gezielt gegen Ransomware vorgehen. Eine SOKO soll die Täter ausfindig machen.
https://futurezone.at/netzpolitik/bka-geht-mit-soko-clavis-gegen-ransomware-vor/219.597.730
Sophos Windows users face black screens after false positive snafu
Black is the new BSOD Users of Sophos’s security software were confronted with a black screen on starting up ..
www.theregister.co.uk/2016/09/05/sophos_black_screen_snafu/
Vuln: Inspircd SSL Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/92737
Totgesagte leben länger: Adobe poliert NPAPI-Flash auf Linux auf
Entgegen so manch einem Meinungsartikel ist Flash noch lange nicht am Ende. Das muss wohl auch Adobe einsehen und frischt nun die veraltete NPAPI-Version unter Linux auf.
http://heise.de/-3314084
800.000 Klartext-Passwörter der Pornoseite Brazzers veröffentlicht
Wieder ist ein großer Hack mit kopierten Nutzerdaten bekannt geworden und wieder scheint der Einbruch in die Server 2012 stattgefunden zu haben.
http://heise.de/-3314087
Malware Delivered via .pub Files
While searching for new scenarios to deliver their malwares[1][2], attackers launched a campaignto deliver malicious code embedded in Microsoft Publisher[3] (.pub) files. The ..
https://isc.sans.edu/diary.html?storyid=21443
Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
The Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. We are providing a ..
http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/