End-of-Shift report
Timeframe: Dienstag 11-04-2017 18:00 − Mittwoch 12-04-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Fake News at Work in Spam Kingpin’s Arrest?
Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election. While there ..
https://krebsonsecurity.com/2017/04/fake-news-at-work-in-spam-kingpins-arrest/
Schneider Electric Modicon Modbus Protocol
This advisory contains mitigation details for authentication bypass by capture-replay and violation of secure design principles vulnerabilities in Schneider Electric’s Modicon Modbus protocol.
https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01
Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)
Posted by Gal Beniamini, Project ZeroIn this blog post well continue our journey into gaining remote kernel code execution, by means of Wi-Fi communication alone. Having previously developed a remote code execution exploit ..
http://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html
CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler
FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability ..
http://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html
Patchday: Adobe stopft kritische Lücken in Acrobat, Reader, Flash und Photoshop
Kritische Lücken in Flash sowie in Adobe Acrobat und Reader benötigen sofortige Aufmerksamkeit. Auf ungepatchten Systemen können Angreifer Schadcode aus der Ferne ausführen. Photoshop ist diesmal auch mit Sicherheitslücken beim Patchday dabei.
https://heise.de/-3682970
Malicious Image Defacement Hidden from Search Engines
After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your business or website. In a recent blog post, we discussed a case in which a ..
https://blog.sucuri.net/2017/04/malicious-image-defacement-hidden-from-search-engines.html
JSA10753 - 2016-07 Security Bulletin: SRX Series: Upgrades using partition option may allow unauthenticated root login (CVE-2016-1278)
http://kb.juniper.net/InfoCenter/index/content&id=JSA10753
Sundown EK gone missing, Terror EK flavours seen in active drive-by campaigns
With another player out at the moment, we take a look at a rebranded exploit kit in current malware ..
https://blog.malwarebytes.com/threat-analysis/2017/04/sundown-ek-gone-missing-terror-ek-flavours-seen-in-active-drive-by-campaigns/
IT-Sicherheit: Wie ich mein Passwort im Stack Trace fand
Unser Autor hat versehentlich das MySQL-Passwort seiner Webseite veröffentlicht. Hier schreibt er, wie es dazu kam. Er berichtet, warum Fehler selbst dann passieren, wenn ..
https://www.golem.de/news/it-sicherheit-wie-ich-mein-passwort-im-stack-trace-fand-1704-127258.html
Patchday: Microsoft sichert Office gegen aktive Angriffe ab
Im April verteilt Microsoft zwölf Sicherheitsupdates und stopft mehrere als kritisch eingestufte Schwachstellen. Aktuell haben es Angreifer gezielt auf eine Office-Lücke abgesehen.
https://heise.de/-3683358
Investigation Finds Inmates Built Computers, Hid Them In Prison Ceiling
An anonymous reader quotes a report from WRGB: The discovery of two working computers hidden in a ceiling at the Marion Correctional Institution prompted an investigation by the state into how inmates got access. In late ..
https://hardware.slashdot.org/story/17/04/12/0328239/investigation-finds-inmates-built-computers-hid-them-in-prison-ceiling
Kelihos.E
Kelihos.E Botnet – Law Enforcement Takedown On Monday April 10th 2017, The US Department of Justice (DOJ) announced a successful operation to take down the Kelihos Botnet and arrest the suspected botnet operator. The ..
http://blog.shadowserver.org/2017/04/12/kelihos-e/
New NAS Vulnerabilities are as Bad as they Get
If you have a QNAP network attached storage (NAS) device, you’d better make sure the firmware is updated. Earlier this year, F-Secure Senior Security ..
https://safeandsavvy.f-secure.com/2017/04/12/new-nas-vulnerabilities-are-pretty-much-as-bad-as-they-get/