End-of-Shift report
Timeframe: Dienstag 14-02-2017 18:00 − Mittwoch 15-02-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Amnesty International uncovers phishing campaign against human rights activists
Attacker targeted groups in Qatar, Nepal using extensive fake social media profile.
https://arstechnica.com/security/2017/02/amnesty-international-uncovers-phishing-campaign-against-human-rights-activists/
Siemens SIMATIC Authentication Bypass
This advisory contains mitigation details for an authentication bypass in Siemens SIMATIC.
https://ics-cert.us-cert.gov/advisories/ICSA-17-045-03
Attacking the Windows NVIDIA Driver
Modern graphic drivers are complicated and provide a large promising attack surface for EoPs and sandbox escapes from processes that have access to the GPU (e.g. the Chrome GPU process). In this blog post we’ll take a look at attacking the ..
http://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driver.html
Ransomware: a declining nuisance or an evolving menace?
The volume of ransomware encounters is on a downward trend. Are we seeing the beginning of the end of this vicious threat? Unfortunately, a look at the attack vectors, the number of ..
https://blogs.technet.microsoft.com/mmpc/2017/02/14/ransomware-2016-threat-landscape-review/
New ASLR-busting JavaScript is about to make drive-by exploits much nastier
A property found in virtually all modern CPUs neuters decade-old security protection.
https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/
Adobe-Patchday: Flash Player wie üblich in kritischem Zustand
Im Flash Player und Adobe Digital Editions klaffen kritische Lücken. Aktuell sind vor allem Windows-Nutzer von den Flash-Lücken bedroht. Adobe Campaign erhält ebenfalls Sicherheitsupdates.
https://heise.de/-3626386
Researchers Discover Self-Healing Malware That Targets Magento Stores
Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, ..
https://www.bleepingcomputer.com/news/security/researchers-discover-self-healing-malware-that-targets-magento-stores/
Cisco: Zwei VPN-Lücken und eine Schwachstelle, die offiziell keine ist
Cisco hat Sicherheitslücken im AnyConnect-VPN und auf seinen ASA-Firewalls gestopft. Ein Sicherheitsproblem mit dem SMI-Protokoll, welches es aus der Ferne erlaubt, neue Betriebssystem-Images auf Switches zu laden, sieht die Firma allerdings nicht.
https://heise.de/-3627330
Are Windows Registry Fixers Safe?
Before I got into cybersecurity, I spent years as a technical support agent for Windows end users of Windstream, an American ISP. Although Windstream is an ISP, they also offered a general Windows client OS remote support service for their predominantly ..
https://www.alienvault.com/blogs/security-essentials/should-windows-users-beware-of-registry-fixers
Xagent: Russische Hackergruppe setzt auch auf Mac-Spionage-Software
Eine auf macOS abzielende Version der Malware Xagent stammt offenbar von der Hackergruppe APT28, die mit dem Angriff auf die Demokratische Partei im US-Wahlkampf in Verbindung gebracht wird. Xagent soll unter anderem iPhone-Backups entwenden.
https://heise.de/-3627630
Researchers trick CEO email scammer into giving up identity
Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a ..
http://www.cio.com/article/3170117/security/researchers-trick-ceo-email-scammer-into-giving-up-identity.html