End-of-Shift report
Timeframe: Donnerstag 26-01-2017 18:00 − Freitag 27-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Zbot with legitimate applications on board
Recently, among the payloads delivered by exploit kits, we often find Terdot.A/Zloader - a downloader installing on the victim machine a ZeuS-based malware.
https://blog.malwarebytes.com/cybercrime/2017/01/zbot-with-legitimate-applications-on-board/
Phishers unleash simple but effective social engineering techniques using PDF attachments
The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We're seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments are being used in email phishing attacks that attempt to steal your email credentials. Apparently, the...
https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/
Hintergrund: So hacken Maschinen
Team Shellphish war einer der Teilnehmer der Cyber Grand Challenge der DARPA; jetzt beschreiben sie ihren Mechanical Phish und dessen Strategie.
https://heise.de/-3608169
Bezahlung oder Kontosperre: Nationalbank warnt vor Telefonbetrug
Unbekannte fälschen Telefonnummer von Bank und Anwalt, um Opfer unter Druck zu setzen
http://derstandard.at/2000051638010
Security for Privacy on Data Protection Day
On 28th January, ENISA joins 47 countries of the Council of Europe and the EU institutions, agencies and bodies, to celebrate the 11th annual European Data Protection Day.
https://www.enisa.europa.eu/news/enisa-news/security-for-privacy-on-data-protection-day
Sicherheitsupdate: Entwickler von TigerVNC raten zur zügigen Aktualisierung
Durch das Ausnutzen einer Lücke könnten Angreifer im Zuge einer Virtual-Network-Computing Session Clients kapern.
https://heise.de/-3609051
Cisco starts patching critical flaw in WebEx browser extension
Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers.The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions.The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx...
http://www.cio.com/article/3162014/security/cisco-starts-patching-critical-flaw-in-webex-browser-extension.html#tk.rss_security
Heartbleed: (Almost) three years later
Shodan recently published a report on the state of Heartbleed which was picked up by lots of media outlets. I took this as an opportunity to have a look at our statistics. Shodan performs its scan based on IP-addresses and makes the results searchable. CERT.at also runs daily scans, but these are based on the list of domains under the Austrian ccTLD .at. We published a first report on these results in the summer of 2014. Were close to the three...
http://www.cert.at/services/blog/20170127160051-1894_en.html
Security Advisory: OpenSSH vulnerability CVE-2016-10011
https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24324390.html?ref=rss
IDM 4.5 Midrange BiDirectional Driver 201611271513
Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.5 or higher. Driver version will show i5os Driver Version 4.5 Build Date 201611271513.To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)This patch also requires the driver activation from IDM 4.5Document ID: 5271130Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45midrange20161127.tar.gz (47.54 MB)Products:Identity Manager 4.0.2Identity...
https://download.novell.com/Download?buildid=lY8lK_WKOeQ~
Bugtraq: ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/540060
Vuln: EMC PowerPath Virtual (Management) Appliance CVE-2016-0890 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/95832
Eaton ePDU Path Traversal Vulnerability
This advisory contains mitigation details for a path traversal vulnerability in certain legacy Eaton ePDUs.
https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01
Belden Hirschmann GECKO
This advisory contains mitigation details for a path traversal vulnerability in Beldens Hirschmann GECKO switch.
https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02
RSA Web Threat Detection Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1037726
Vuln: Terminal Services Agent CVE-2017-5328 Spoofing Vulnerability
http://www.securityfocus.com/bid/95823
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2016-5554, CVE-2016-5542)
http://www.ibm.com/support/docview.wss?uid=swg21994101
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Networking Switch products (CVE-2016-2183)
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099533
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System Networking Switch products (CVE-2016-2183)
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099505
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM System Networking RackSwitch products (CVE-2016-2183)
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099506