End-of-Shift report
Timeframe: Mittwoch 22-02-2017 18:00 − Donnerstag 23-02-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
Criminals Monetizing Attacks Against Unpatched WordPress Sites
Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit.
http://threatpost.com/criminals-monetizing-attacks-against-unpatched-wordpress-sites/123848/
MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite
In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent.
https://blogs.technet.microsoft.com/mmpc/2017/02/22/msrt-february-2017-chuckenit-detection-completes-msrt-solution-for-one-malware-suite/
Top 8 Reverse Engineering Tools for Cyber Security Professionals
Whether it is rebuilding a car engine or diagramming a sentence, people can learn about many things simply by taking them apart and putting them back together again. This process of breaking something down to understand it, build a copy to improve it, is known as reverse engineering.
http://resources.infosecinstitute.com/top-8-reverse-engineering-tools-cyber-security-professionals/
Impact of New Linux Kernel DCCP Vulnerability Limited
Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks.
http://threatpost.com/impact-of-new-linux-kernel-dccp-vulnerability-limited/123863/
Java, Python FTP Injection Attacks Bypass Firewalls
Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses.
http://threatpost.com/java-python-ftp-injection-attacks-bypass-firewalls/123858/
Kollissionsangriff: Hashfunktion SHA-1 gebrochen
Forscher von Google und der Universität Amsterdam ist es gelungen, zwei unterschiedliche PDF-Dateien mit demselben SHA-1-Hash zu erzeugen. Dass SHA-1 unsicher ist, war bereits seit 2005 bekannt. (SHA-1, Google)
https://www.golem.de/news/kollissionsangriff-hashfunktion-sha-1-gebrochen-1702-126355-rss.html
Putty 0.68 released
http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
IBM Security Bulletins
IBM Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998)
http://www.ibm.com/support/docview.wss?uid=swg21998747
IBM Security Bulletin: IBM WebSphere MQ cluster channel definition causes denial of service to cluster (CVE-2016-9009)
http://www-01.ibm.com/support/docview.wss?uid=swg21998647
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza PureData System for Analytics (CVE-2016-8610)
http://www-01.ibm.com/support/docview.wss?uid=swg21997472
IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183)
http://www-01.ibm.com/support/docview.wss?uid=swg21995099
IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH)
http://www.ibm.com/support/docview.wss?uid=swg21998714
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (CVE-2016-2106, CVE-2016-2109)
http://www-01.ibm.com/support/docview.wss?uid=swg21998797