[CERT-daily] Tageszusammenfassung - Freitag 1-08-2014

Fri Aug 1 18:09:02 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 31-07-2014 18:00 − Freitag 01-08-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Russian ransomware author takes the easy route ***
---------------------------------------------
Symantec Security Response has observed a new variant of ransomcrypt malware which is easy to update and uses open source components to encrypt files. The variant, detected as Trojan.Ransomcrypt.L, uses a legitimate open source implementation of the OpenPGP standard to encrypt files on the victim’s computer. The threat then displays a ransom notice in Russian, asking the user to pay in order to unlock the files.
---------------------------------------------
http://www.symantec.com/connect/blogs/russian-ransomware-author-takes-easy-route


*** Announcing EMET 5.0 ***
---------------------------------------------
Today, we are excited to announce the general availability of the Enhanced Mitigation Experience Toolkit (EMET) 5.0. As many of you already know, EMET is a free tool, designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation techniques ..
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2014/07/31/announcing-emet-v5.aspx


*** Backoff - Technical Analysis ***
---------------------------------------------
As discussed in the an advisory published by US-CERT, Trustwave SpiderLabs has discovered a previously unidentified family of Point of Sale (PoS) malware. This blog post serves as a technical analysis of the Backoff malware family. While a number ..
---------------------------------------------
http://blog.spiderlabs.com/2014/07/backoff-technical-analysis.html


*** BadUSB: Wenn USB-Geräte böse werden ***
---------------------------------------------
Wer die Firmware eines USB-Sticks kontrolliert, kann den zu einem perfekten Trojaner umfunktionieren. Deutsche Forscher zeigen, dass das komplett via Software möglich ist und sich damit ganz neue Infektions-Szenarien eröffnen.
---------------------------------------------
http://www.heise.de/security/meldung/BadUSB-Wenn-USB-Geraete-boese-werden-2281098.html


*** Backups - The Forgotten Website Security Pillar ***
---------------------------------------------
I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads - namely website security education and awareness. In these travels, regardless of the community I am engaging with, there are always common questions ..
---------------------------------------------
http://blog.sucuri.net/2014/07/backups-the-forgotten-website-security-pillar.html


*** The Severe Flaw Found in Certain File Locker Apps ***
---------------------------------------------
Protecting data has always been one of the most important aspects of our digital life. Given the amount of activity done on smartphones, this is especially rings true for smartphones. While users may use the built-in privacy and security settings of their devices, others take it a step further and employ security ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-severe-flaw-found-in-certain-file-locker-apps/


*** MediaWiki Input Validation Flaws Permit Cross-Site Scripting and Clickjacking Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1030660


*** Offensive Security reports of Symantec Endpoint Protection zero-day vulnerability (July 2014) ***
---------------------------------------------
This Knowledge Base article will be updated as further information becomes available. Please subscribe to this document to receive update notifications automatically. To mitigate this issue while research is underway and solutions are being identified, uninstall or disable the sysplant driver.
---------------------------------------------
http://www.symantec.com/business/support/index?page=content&id=TECH223338


*** Backdoor.Gates: Also Works for Windows ***
---------------------------------------------
We have received reports about a Linux malware known as Backdoor.Gates. Analysis showed that this malware has the following features ..
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002728.html


*** SubSTATION Server Telegyr 8979 Master Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for a Buffer Overflow Vulnerability in the SUBNET Solutions Inc (SUBNET), SubSTATION Server 2, Telegyr 8979 Master ..
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-196-01


*** Yes, Hackers Could Build an iPhone Botnet - Thanks to Windows ***
---------------------------------------------
A reminder to Apple and smug iPhone owners: Just because iOS has never been the victim of a widespread malware outbreak doesn't mean mass iPhone hacking isn't still possible. Now one group of security researchers plans ..
---------------------------------------------
http://www.wired.com/2014/08/yes-hackers-could-build-an-iphone-botnetthanks-to-windows/


*** Citadel Malware Variant Allows Attackers Remote Access, Even After Removal ***
---------------------------------------------
A new variant of the Citadel banking Trojan has been discovered where the attackers are using Windows remote shell commands to be enable Remote Desktop Protocol access, even if the malware is discovered and removed.
---------------------------------------------
http://threatpost.com/citadel-malware-variant-allows-attackers-remote-access-even-after-removal/107562