End-of-Shift report
Timeframe: Dienstag 02-05-2017 18:00 − Mittwoch 03-05-2017 18:00
Handler: Olaf Schwarz
Co-Handler: Petr Sikuta
Co-Handler: Stephan Richter
Malware Hunter - Shodans new tool to find Malware C&C Servers
Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks. But now finding malicious servers, hosted by attackers, that control botnet of infected machines gets a bit easier. Thanks to Shodan and [...]
https://thehackernews.com/2017/05/shodan-malware-hunter.html
Disambiguate "Zero-Day" Before Considering Countermeasures
"Zero-day" is the all-powerful boogieman of the information security industry. Too many of us invoke it when discussing scary threats against which we feel powerless. We need to define and disambiguate this term before attempting to determine whether we've accounted for the associated threats when designing security programs. Avoid Zero-Day Confusion I've seen "zero-day" used to describe two related, but independent concepts. First,... Read more
https://zeltser.com/zero-day-terminology/
Outlook Forms and Shells
I set out to try and find another way to get a shell through Outlook, in the case of us having valid credentials[...] Fortunately for us, Outlook has a massive attack surface and provides several other interesting automation features. One of these is Outlook Forms.
https://sensepost.com/blog/2017/outlook-forms-and-shells/
Compromising Industrial Robots: The Fallacy of Industrial Routers in the Industry 4.0 Ecosystem
The increased connectivity of computer and robot systems in the industry 4.0. ecosystem, is, and will be exposing robots to cyber attacks in the future. Indeed, industrial robots - originally conceived to be isolated - have evolved, and are now exposed to corporate networks and the internet.While this provides synergy effects and higher efficiency in production, the security posture is not on par. In our latest report Rogue Robots: Testing the Limits of an Industrial Robot's [...]
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6F0kroJASMA/
Steps to Stronger Passwords
A journey of password The utilization of passwords is known to be old. Sentries would challenge those wishing to enter a territory or moving toward it to supply a secret word, and would just enable a man or gathering to pass if they knew the secret key. In present day times, username and passwords are [...]
http://resources.infosecinstitute.com/steps-make-stronger-passwords/
Deutsche Bankkonten über UMTS-Sicherheitslücken ausgeräumt
Kriminelle Hacker haben Konten von deutschen Bankkunden über Sicherheitslücken im Mobilfunknetz ausgeräumt, die seit Jahren bekannt sind. Eigentlich wollten die Provider schon 2014 entsprechende Gegenmaßnahmen ergreifen.
https://heise.de/-3702194
Diskurs|Digital - Einblicke in gelebte Partizipation
May 23, 2017 - 6:00 pm - 8:00 pm SBA Research Favoritenstraße 16 1040 Wien
https://www.sba-research.org/events/diskursdigital-einblicke-in-gelebte-partizipation/
Linuxwochen gastieren wieder in Wien
Sowohl technische als auch netzpolitische Vorträge - Von Open Source bis Softwarepatenten
http://derstandard.at/2000056925982
DFN-CERT-2017-0755: Intel Active Management Technology (AMT), Intel Small Business Technology (SBT), Intel Standard Manageability (ISM): Eine Schwachstelle ermöglicht die komplette Systemübernahme
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0755/
Android Security Bulletin—May 2017
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer site. Security patch levels of May 05, 2017 or later address all of these issues. Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level.
https://source.android.com/security/bulletin/2017-05-01
Schneider Electric Wonderware Historian Client
This advisory contains mitigation details for an improper XML parser configuration vulnerability in Schneider Electric's Wonderware Historian Client.
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01
CyberVision Kaa IoT Platform
This advisory contains mitigation details for a code injection vulnerability in CyberVision's Kaa IoT Platform.
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-02
Advantech B+B SmartWorx MESR901
This advisory contains mitigation details for a use of client-side authentication vulnerability in the Advantech B+B SmartWorx MESR901 Modbus gateway.
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03
IBM Security Bulletins
IBM Security Bulletin: Open Redirect Vulnerability in IBM WebSphere Portal (CVE-2017-1156)
http://www-01.ibm.com/support/docview.wss?uid=swg22000153
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Identity Governance (CVE-2016-8610 CVE-2017-3731)
http://www.ibm.com/support/docview.wss?uid=swg22002387
IBM Security Bulletin: Multiple vulnerabilities in IBM JAVA Runtime affect AppScan Source (CVE-2016-5547 CVE-2016-2183)
http://www.ibm.com/support/docview.wss?uid=swg22002633
IBM Security Bulletin: A Vulnerability in IBM Java SDK affects IBM Streams (CVE-2016-5597)
http://www.ibm.com/support/docview.wss?uid=swg22002189
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker and IBM Integration Bus
http://www.ibm.com/support/docview.wss?uid=swg22002242
IBM Security Bulletin: Multiple vulnerabilities in Open Source openSSL affect IBM Security Identity Governance Appliance
http://www.ibm.com/support/docview.wss?uid=swg22002397
IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Composite Application Manager for Transactions
http://www-01.ibm.com/support/docview.wss?uid=swg22002374
IBM Security Bulletin: Privilege escalation vulnerability affects IBM DB2 LUW (CVE-2017-1134)
http://www-01.ibm.com/support/docview.wss?uid=swg22002573
IBM Security Bulletin: Cross Site Scripting vulnerability in IBM Marketing Platform (CVE-2016-0255)
http://www-01.ibm.com/support/docview.wss?uid=swg22001950