End-of-Shift report
Timeframe: Montag 05-09-2016 18:00 − Dienstag 06-09-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops
Whaling attackers fall for poison PDF invoices HITB Florian Lukavsky hacks criminals profiting from out of control multi-billion dollar CEO wire transfer scams and they hate him for it.
http://go.theregister.com/feed/www.theregister.co.uk/2016/09/06/hacker_hacks_ceo_wire_transfer_scammers_sends_win_10_creds_to_cops/
House of Keys: 9 Months later... 40% Worse
In November 2015 SEC Consult released the results of our study on hardcoded cryptographic secrets in embedded systems. Its time to summarize what has happened since.To accomplish the mammoth task of informing about 50 different vendors and various ISPs we teamed up with CERT/CC (VU#566724). We would really like to report that our efforts were successful, but as it turns out the number of devices on the web using known private keys for HTTPS server certificates has gone up by 40% in the last...
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
Too many Cisco ASA boxes still open to an EXTRABACON attack
Among the Equation Group exploits leaked by the Shadow Brokers, the one named EXTRABACON that targets Cisco ASA devices got the most attention from security researchers and attackers. It has been demonstrated that the original exploit can be easily modified to work on more recent versions of the Cisco ASA SSL VPN appliances, and researchers armed with honeypots noted that exploitation attempts started soon after the leak. You would think that news like this would...
https://www.helpnetsecurity.com/2016/09/06/cisco-asa-still-open-extrabacon/
Digital Forensics According to the FORZA Model and Diamond Model for Intrusion Analysis
The Bridge on the River Forza We can teach these barbarians a lesson in Western methods and efficiency that will put them to shame. -Colonel Nicholson (The Bridge on the River Kwai, 1957) Efficiency. Something we look to implement in everything we do, whether that be through the elimination of waste through Six Sigma, or other frameworks and methodologies, efficiency is what we strive for. When performing digital forensics, efficiency and rigor in our approach to ensure no stone left...
https://feeds.feedblitz.com/~/192237180/0/alienvault-blogs~Digital-Forensics-According-to-the-FORZA-Model-and-Diamond-Model-for-Intrusion-Analysis
How False Positives can ruin your day - and how to stop them
False positives can seriously ruin your day, and can cost enterprises serious money. Highlighted by a recent example, we share some key tips on how to mitigate false alerts.
https://www.htbridge.com/blog/how-false-positives-can-ruin-your-day-and-how-to-stop-them.html
A week in security (Aug 28 - Sep 03)
A compilation of notable security news and blog posts from August 28th to September 3rd. This week, we talked about browser-based fingerprinting; what was going on with the Mac app, Transmission; and a tech support scam that banked on an iPad error popping up on Windows systems.Categories: Security world Week in securityTags: recapweekly blog roundup(Read more...)
https://blog.malwarebytes.com/security-world/2016/09/a-week-in-security-aug-28-sep-03/
[2016-09-06] Private key for browser-trusted certificate embedded in multiple Aruba Networks / Alcatel-Lucent products
A browser-trusted certificate including its private key is embedded in the firmware of several Aruba Networks/Alcatel-Lucent products. The certificate is used for providing user access to a captive portal via HTTPS as well as EAP connections for WPA2-Enterprise clients. An attacker can use this vulnerability to impersonate a captive portal or Wi-Fi AP and gain access to sensitive information.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160906-0_Aruba_Networks_Browser_trusted_cert_private_key_embedded_v10.txt
SSA-630413 (Last Update 2016-09-05): Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf
ArcServe UDP - Unquoted Service Path Privilege Escalation
Topic: ArcServe UDP - Unquoted Service Path Privilege Escalation Risk: High Text:Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 0...
https://cxsecurity.com/issue/WLB-2016090024
ArcServe UDP - Download Manager/Setup - DLL Hijacking
Topic: ArcServe UDP - Download Manager/Setup - DLL Hijacking Risk: Medium Text:Title: ArcServe UDP - Download Manager/Setup - DLL Hijacking CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09...
https://cxsecurity.com/issue/WLB-2016090030
ArcServe UDP - HTTP Installation MiTM
Topic: ArcServe UDP - HTTP Installation MiTM Risk: Low Text:Title: ArcServe UDP - MiTM CWE Class: CWE-300: Channel Accessible by Non-Endpoint (Man-in-the-Middle) | CWE-319: Cleartext T...
https://cxsecurity.com/issue/WLB-2016090029
IBM Security Bulletins
IBM Security Bulletin: A vulnerability in Network Security Services (NSS) affects the IBM FlashSystem model V9000 (CVE-2016-1978)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009104
IBM Security Bulletin: Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2016-1978)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009103
IBM Security Bulletin: A vulnerability in Network Security Services (NSS) affects the IBM FlashSystem model V840 (CVE-2016-1978)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009102
IBM Security Bulletin: BigInsights is affected by a vulnerability in DB2 (CVE-2014-0919, CVE-2016-0211)
http://www.ibm.com/support/docview.wss?uid=swg21987604
IBM Security Bulletin: IBM Forms Viewer may be affected by an Apache Xerces-C XML Parser library vulnerability (CVE-2016-0729)
http://www-01.ibm.com/support/docview.wss?uid=swg21988714
IBM Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem model V840 (CVE-2016-2107)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009106
IBM Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2016-2107)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009105