End-of-Shift report
Timeframe: Freitag 17-06-2016 18:00 − Montag 20-06-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Locky, Dridex, and Angler among cybercrime groups to experience fall in activity
There has been a sudden drop off in activity relating to a number of major malware families in recent weeks. Dridex (W32.Cridex), Locky (Trojan.Cryptolocker.AF), the Angler exploit kit and Necurs (Backdoor.Necurs), are among the threats who appear affected by this development.
http://www.symantec.com/connect/blogs/locky-dridex-and-angler-among-cybercrime-groups-experience-fall-activity
Erpressungs-Trojaner RAA kommt mit Passwort-Dieb im Huckepack daher
Der Computer-Schädling RAA soll nicht nur Daten als Geisel nehmen und ein Lösegeld verlangen, sondern auch einen Trojaner mitbringen, der Passwörter abgreift.
http://heise.de/-3242139
You Acer holes! PC maker leaks payment cards in e-store hack
Lost info includes names, addresses, numbers and security codes Acers insecure customer database spilled peoples personal information - including full payment card numbers - into hackers hands for more than a year.
http://go.theregister.com/feed/www.theregister.co.uk/2016/06/17/what_a_pain_in_the_acer/
New Ransomware Written Entirely In JavaScript
An anonymous reader writes: Security researchers have discovered a new form of ransomware written entirely in JavaScript and using the CryptoJS library to encode a users files. Researchers say the file is being distributed through email attachments, according to SC Magazine, which reports that "Opening the attachment kicks off a series of steps that not only locks up the victims files, but also downloads some additional malware onto the target computer. ...
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MLUCGZ3AfdM/new-ransomware-written-entirely-in-javascript
GoToMyPC remote desktop service resets all passwords in wake of attack
GoToMyPC, a remote computer administration service offered by Citrix, has forced a password reset for all customers in the wake of what they call a 'very sophisticated password attack.' Effective immediately, you will be required to reset your GoToMyPC password before you can login again, the company told customers via email on Sunday, and advised them to use their regular GoToMyPC login link to reset the password, or go through the 'Forgot Password' link
https://www.helpnetsecurity.com/2016/06/20/gotomypc-resets-passwords/
Understanding Critical Windows Artifacts and Their Relevance During Investigation-Part 1
In this article, we will learn about critical Windows artifacts, what they mean, where they are located in the system, what can be inferred from them and how can they help in actual during the investigation. This will be a series of articles and in Part 1, we will learn about the NTFS timestamps which ...
http://resources.infosecinstitute.com/understanding-critical-windows-artifacts-and-their-relevance-during-investigation-part-1/
IBM Security Bulletins
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL and a vulnerability in GNU glibc affect IBM Security Proventia Network Enterprise Scanner
http://www-01.ibm.com/support/docview.wss?uid=swg21984794
IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0399)
http://www-01.ibm.com/support/docview.wss?uid=swg21984134
IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-0341)
http://www-01.ibm.com/support/docview.wss?uid=swg21985111
Cisco Security Advisories
Cisco IOS XE Software SNMP Subsystem Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-iosxe
Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc
Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-cbr
Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios
Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios1