End-of-Shift report
Timeframe: Montag 27-03-2017 18:00 − Dienstag 28-03-2017 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Bugtraq: APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS
http://www.securityfocus.com/archive/1/540325
APT29 Used Domain Fronting, Tor to Execute Backdoor
APT29, a/k/a Cozy Bear, has used Tor and a technique called domain fronting in order to secure backdoor access to targets for nearly two years running.
http://threatpost.com/apt29-used-domain-fronting-tor-to-execute-backdoor/124582/
New Clues Surface on Shamoon 2’s Destructive Behavior
Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks.
http://threatpost.com/new-clues-surface-on-shamoon-2s-destructive-behavior/124587/
Vuln: GnuTLS GNUTLS-SA-2017-3 Multiple Security Vulnerabilities
GnuTLS GNUTLS-SA-2017-3 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/97040
Neue Sicherheitslücke im Passwort-Manager LastPass
Bereits zum zweiten Mal innerhalb kurzer Zeit ist der populäre Passwort-Manager mit einer Schwachstelle konfrontiert.
https://futurezone.at/produkte/neue-sicherheitsluecke-im-passwort-manager-lastpass/254.818.884
Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates
A security researcher has disclosed critical issues in the processes and third-party API used by Symantec certificate resellers to deliver and manage Symantec SSL ..
https://thehackernews.com/2017/03/symantec-ssl-certificates.html
Threat Landscape for Industrial Automation Systems, H2 2016
On average, in the second half of 2016 Kaspersky Lab products across the globe blocked attempted attacks on 39.2% of protected computers that Kaspersky Lab ICS CERT classifies as being part of industrial enterprise technology infrastructure.
http://securelist.com/analysis/publications/77842/threat-landscape-for-industrial-automation-systems-h2-2016/
From DDoS to Server Ransomware: APACHE STRUTS 2 - CVE-2017-5638 Campaign
As soon as a zero-day remote code execution vulnerability is disclosed, it is common to see many scans in the wild. Some of these scans are researchers, but many of ..
https://f5.com/labs/articles/threat-intelligence/malware/from-ddos-to-server-ransomware-apache-struts-2-cve-2017-5638-campaign-25922
This book reads you - using JavaScript
Apple just released a fix for one issue I reported last year in iBooks that allowed access to files on a users system when a book was opened. iBooks on El Capitan would ..
https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html
Gefahr durch Exploit für Zombie-IIS
Microsofts Internet Information Services 6.0 sind eigentlich Alteisen, für das es nicht einmal Sicherheits-Updates gibt. Trotzdem gibt es noch über 30.000 allein in Deutschland. Und die sind durch einen öffentlich bekannten Exploit akut bedroht.
https://heise.de/-3666599
Verschlüsselung: Schwachstellen in zahlreichen VoIP-Anwendungen entdeckt
Das ZRT-Protokoll soll für sichere Verbindungen und verschlüsselte VoIP-Telefonate sorgen. Forscher haben Schwachstellen in zahlreichen ZRTP-Anwendungen ..
https://www.golem.de/news/verschluesselung-schwachstellen-in-zahlreichen-voip-anwendungen-entdeckt-1703-126979.html
IronWASP – Part 1
Considering not all vulnerability scanners are open source, a great deal of them are available such as: IronWASP OpenVAS Retina CS Community W3af Grabber, etc. In this article, we shall be discussing more about IronWASP.
http://resources.infosecinstitute.com/ironwasp-part-1-2/
Docs.com-Nutzer teilen Kennwörter und vieles mehr mit der Welt
Über Microsofts Dienst Docs.com lassen sich Dokumente teilen. Allerdings sind diese oft öffentlich einsehbar. Viele Anwender scheinen sich dem nicht bewusst zu sein – zu einfach finden sich Informationen wie Kennwörter.
https://heise.de/-3665975
Apache / ModSecurity Tutorials
This is a series of Apache web server tutorials that will span from the basics to advanced topics like ModSecurity and logfile visualization.
https://www.netnea.com/cms/apache-tutorials/
Xen Security Advisory XSA-206 - xenstore denial of service via repeated update
Unprivileged guests may be able to stall progress of the control domain or driver domain, possibly leading to ..
http://xenbits.xen.org/xsa/advisory-206.txt
With iOS 10.3, iDevices get new Apple File System with native encryption support
On Monday, Apple released updates for its various products. As usual, they fix flaws and add capabilities, but the iOS update (v10.3) is more noteworthy than usual, ..
https://www.helpnetsecurity.com/2017/03/28/apple-file-system-encryption/
Ransomware: Scammer erpressen Besucher von Porno-Seiten
Über einen Fehler in Apples Safari für iPhone blockieren Unbekannte den Browser mit einem immer wiederkehrenden Javascript-Popup. Darin werden Nutzer aufgefordert, Lösegeld zu zahlen. Mit einem einfachen Trick lässt sich der Falle aber entgehen.
https://www.golem.de/news/ransomware-scammer-erpressen-besucher-von-porno-seiten-1703-126982.html