End-of-Shift report
Timeframe: Freitag 21-08-2015 18:00 − Montag 24-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Extortionists Target Ashley Madison Users
People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters gets posted online for anyone to download - as is the case with the recent hack of infidelity hookup ..
http://krebsonsecurity.com/2015/08/extortionists-target-ashley-madison-users/
Exploring a 'Malwarebytes Anti-Malware for Windows 10 - website'
Here at Malwarebytes, we offer support for a wide variety of Windows Operating Systems - from XP right up to Windows 10. The latter OS is the starting point for this blog post, with a website located ..
https://blog.malwarebytes.org/online-security/2015/08/exploring-an-mbam-for-windows-10-website/
One font vulnerability to rule them all #4: Windows 8.1 64-bit sandbox escape exploitation
This is the final part #4 of the 'One font vulnerability to rule them all' blog post series. In the previous posts, we introduced the 'blend' PostScript operator vulnerability and successfully used it to first exploit Adobe Reader, and later escape ..
http://googleprojectzero.blogspot.com/2015/08/one-font-vulnerability-to-rule-them-all_21.html
Cisco Wireless LAN Controller IPv6 IAPP WIPS Report Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40586
BSI: Richtlinie für sicheren Mail-Transport zeigt bereits Wirkung
Mit dem Erscheinen der Richtlinie wird leichter verständlich, weshalb Web.de und GMX nicht nur die PGP-Verschlüsselung für Mails eingeführt haben, sondern überraschend auch auf die Sicherheitstechniken DNSSEC und DANE setzen.
http://heise.de/-2788316
MMD-0039-2015 - ChinaZ made new malware: ELF Linux/BillGates.Lite
There are tweets I posted which is related to this topic, Our team spotted the sample a week ago. And this post is the promised details, I am sorry for the delay for limited resource that we have since for a week I focused to help ..
http://blog.malwaremustdie.org/2015/08/mmd-0039-2015-chinaz-made-new-malware.html
Google Analyticator <= 6.4.9.4 - Multiple Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8159
Sending Windows Event Logs to Logstash
This topic is not brand new, there exists plenty of solutions to forward Windows event logs to Logstash (OSSEC, Snare or NXlog amongst many others). They perform a decent job to collect events on running systems ..
https://blog.rootshell.be/2015/08/24/sending-windows-event-logs-to-logstash/
Mass FTP Crawling
The combination of interesting files one can find on public FTP servers plus the technical expertise required to make a decent search engine motivated me to write Findex and ultimately this article.
http://findex.cedsys.nl/research/mass-ftp-crawling/
Bundestags-IT nach Reparatur wieder online
Das IT-System des Deutschen Bundestags ist nach mehrtägigen Reparaturarbeiten am Montag wieder hochgefahren worden. Nach Behebung der Folgen eines Hackerangriffs ging das System wieder ans Netz, wie eine Parlamentssprecherin bestätigte. Die Abgeordneten und Mitarbeiter wurden demnach per Lautsprecher am Montagvormittag über den Neustart des Systems informiert.
http://derstandard.at/2000021189218
Compromising a honeypot network through the Kippo password when logstash exec is used
We have been playing with Honeypots lately (shoutout to Theo and Sebastian for adding their honeypots to the network), collecting and visualizing the data from the honeypots is done ..
https://forsec.nl/2015/08/compromising-a-honeypot-network-through-the-kippo-password-when-logstash-exec-is-used/
Exploiting the Mercury Browser for Android
The Mercury Browser for Android suffers from an insecure Intent URI scheme implementation and a path traversal vulnerability within a custom web server used to support its WiFi Transfer feature. Chaining these vulnerabilities together can allow a ..
http://rotlogix.com/2015/08/23/exploiting-the-mercury-browser-for-android/
Username Enumeration against OpenSSH/SELinux with CVE-2015-3238
I recently disclosed a low-risk vulnerability in Linux-PAM versions prior to 1.2.1 which allows attackers to conduct username enumeration and denial of service attacks. The purpose of this post is to provide more technical details around this vulnerability.
https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/