Vulnerability Spotlight: Apple Quicktime Corrupt stbl Atom Remote Code Execution

By Talos Group This post was authored by Rich Johnson , William Largent , and Ryan Pentney . Earl Carter contributed to this post. Cisco Talos, in conjunction with Apple’s security advisory issued on June 30th, is disclosing the discovery of a remote code execution vulnerability within Apple Quicktime. This vulnerability was initially discovered by the Talos Vulnerability Research & Development Team and reported in accordance with responsible disclosure policies to Apple. There is a remote code execution vulnerability in Apple Quicktime (TALOS-CAN-0018, CVE-2015-3667). An attacker who can control the data []

Source:: Cisco Security Notice

Vulnerability Spotlight: Apple Quicktime Corrupt stbl Atom Remote Code Execution

By Talos Group This post was authored by Rich Johnson , William Largent , and Ryan Pentney . Earl Carter contributed to this post. Cisco Talos, in conjunction with Apple’s security advisory issued on June 30th, is disclosing the discovery of a remote code execution vulnerability within Apple Quicktime. This vulnerability was initially discovered by the Talos Vulnerability Research & Development Team and reported in accordance with responsible disclosure policies to Apple. There is a remote code execution vulnerability in Apple Quicktime (TALOS-CAN-0018, CVE-2015-3667). An attacker who can control the data []

Source:: Cisco Security Notice

Gesucht: Die gefährlichste Stadt im Internet

Von unserem Distributor für Security-Lösungen, Wick Hill, erhielten wir die aktuelle Dokumentation zum Thema Hacker-Ethik, die in Kooperation mit dem Hersteller Symantec veröffentlicht wurde.

Anschauen lohnt sich hier: Dokumentation „Gesucht: Die gefährlichste Stadt im Internet“

 

Bei Fragen zu Themen im Bereich Netzwerksicherheit stehen wir Ihnen gerne zur Verfügung unter 02261 9155050 oder vertrieb@oberberg.net

 

AMP Threat Grid integrates with Tripwire Enterprise

By Joe Malenfant Today’s threat landscape is completely different than last year; and next years will be, not surprisingly, even worse. The Industrialization of Hacking has spawned a new era of professional, entrepreneurial, and resourceful cyber criminals. In recent year’s dynamic malware analysis (aka sandboxing) has become the shiny new technology that we all want, no, need to have. At one time anti-virus held this position as well, and the same will eventually be said of sandbox technology used to fight advanced malware. []

Source:: Cisco Security Notice

AMP Threat Grid integrates with Tripwire Enterprise

By Joe Malenfant Today’s threat landscape is completely different than last year; and next years will be, not surprisingly, even worse. The Industrialization of Hacking has spawned a new era of professional, entrepreneurial, and resourceful cyber criminals. In recent year’s dynamic malware analysis (aka sandboxing) has become the shiny new technology that we all want, no, need to have. At one time anti-virus held this position as well, and the same will eventually be said of sandbox technology used to fight advanced malware. []

Source:: Cisco Security Notice

How to Land Yourself in A Dream Career in Cybersecurity

By Evelyn de Souza Last week I had the wonderful honor of being a presenter in the Cisco Networking Academy Find Yourself in The Future Series. To date this series has attracted over 9000 live attendees, which is testament to the extremely high levels of interest in technology careers in this region as well as the extraordinary efforts of the APAC marketing team. One figure blew me away in particular: 70% of attendees are interested in pursuing careers in cybersecurity. Cybersecurity is an incredibly exciting field. It draws in []

Source:: Cisco Security Notice

How to Land Yourself in A Dream Career in Cybersecurity

By Evelyn de Souza Last week I had the wonderful honor of being a presenter in the Cisco Networking Academy Find Yourself in The Future Series. To date this series has attracted over 9000 live attendees, which is testament to the extremely high levels of interest in technology careers in this region as well as the extraordinary efforts of the APAC marketing team. One figure blew me away in particular: 70% of attendees are interested in pursuing careers in cybersecurity. Cybersecurity is an incredibly exciting field. It draws in []

Source:: Cisco Security Notice

GDATA-Security-Blog: Neuer Dridex-Infektionsvektor identifiziert

Heute empfehlen wir zur Lektüre einen aktuellen Eintrag im Blog unseres Hersteller-Partners GDATA:

Die Entwickler des Banking-Trojaners nutzen zum Infizieren von Systemen einen Microsoft Office-Trick und einen legitimen Service

22.06.2015  | Autor: Paul Rascagnères

Malware-Entwickler sind manchmal recht kreativ, um zum einen ihre Zielpersonen zu manipulieren und zum anderen Sicherheitsprodukte zu umgehen. Die Experten von G DATA SecurityLabs analysierten ein speziell manipuliertes Microsoft Word-Dokument, das die Angreifer für die Installation des ziemlich bekannten Banking-Trojaners Dridex nutzen. Dieses bösartige Dokument stellt eine Verbindung zu einer völlig legitimen Website her, um die letztendliche Payload herunterzuladen. Wir gehen davon aus, dass diese beiden Elemente ausgewählt wurden, um Sicherheitsprodukte auszutricksen. Die Infektion, Schritt für Schritt erklärt.

Schritt 1:

Die Spam-Kampagne Diese Infektion begann mit einer Spam-E-Mail, also einer Methode, die wir schon unzählige Male gesehen haben. Der Inhalt der E-Mail besagt, dass eine Vertriebsabteilung den Empfänger über einen Auftrag informiert, den dieser angeblich selbst erteilt hat und der nun bearbeitet wird. Die entsprechende gefälschte Rechnung, ein Microsoft Office-Dokument, ist an die E-Mail angehängt.

Schritt 2:

Öffnen des Microsoft Office-Dokuments Der Name des Dokuments lautet YU96260LFZ.doc SHA256 e2d878a43607c04f151052e81a560a80525a343ea4e719c3a79e1cc8c45e47c5 Die Dateinamenerweiterung lässt darauf schließen, dass es sich bei der Datei um eine .doc-Datei handelt. In Wirklichkeit ist das Dokument jedoch ein MHTML-Dokument. Dabei handelt es sich um ein legitimes Archivformat für Webseiten. Dieser Standard wird von Microsoft Word mit der Erweiterung .mht unterstützt. Wir gehen davon aus, dass der Angreifer ursprünglich eine MHT-Datei erstellt und dann einfach die Dateinamenerweiterung in .doc abgeändert hat.

Angreifer nutzen gängige Dateierweiterungen für ihre Social Engineering-Angriffsversuche, da die Benutzer bekannte Dateitypen sorgloser öffnen. Zudem weisen MHT- und DOC-Dateien dasselbe Symbol auf, was die Datei bei den meisten Benutzern noch weniger verdächtig macht…

Lesen Sie den vollständigen Eintrag mit weiteren Schritten und Tipps auf:

https://blog.gdata.de/artikel/neuer-dridex-infektionsvektor-identifiziert/

Hook, Line & Sinker: Catching Unsuspecting Users Off Guard

By Talos Group This post was authored by Earl Carter . Attackers are constantly looking for ways to monetize their malicious activity. In many instances this involves targeting user data and accounts. Talos continues to see phishing attacks targeting customers of multiple high profile financial institutions. In the past couple of months, we have observed phishing attacks against various financial customers including credit card companies, banks, credit unions, and insurance companies, as well as online businesses such as Paypal and Amazon. These phishing attacks have []

Source:: Cisco Security Notice

Hook, Line & Sinker: Catching Unsuspecting Users Off Guard

By Talos Group This post was authored by Earl Carter . Attackers are constantly looking for ways to monetize their malicious activity. In many instances this involves targeting user data and accounts. Talos continues to see phishing attacks targeting customers of multiple high profile financial institutions. In the past couple of months, we have observed phishing attacks against various financial customers including credit card companies, banks, credit unions, and insurance companies, as well as online businesses such as Paypal and Amazon. These phishing attacks have []

Source:: Cisco Security Notice