[CERT-daily] Tageszusammenfassung - Donnerstag 27-08-2015

Thu Aug 27 18:05:47 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 26-08-2015 18:00 − Donnerstag 27-08-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Paper: Not a GAMe maKER ***
---------------------------------------------
Raul Alvarez performs low-level analysis of information-stealing trojan.The Gamker information-stealing trojan (also known as Shiz) has been around for a few years. It made the news back in 2013 when it was found to target SAP ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/08_26.xml


*** Patched Ins0mnia Vulnerability Keeps Malicious iOS Apps Hidden ***
---------------------------------------------
Apple's monster security update of Aug. 13 included a patch for an iOS vulnerability that could beacon out location data and other personal information from a device, even if a ..
---------------------------------------------
http://threatpost.com/patched-ins0mnia-vulnerability-keeps-malicious-ios-apps-hidden/114423


*** Concerns new Tor weakness is being exploited prompt dark market shutdown ***
---------------------------------------------
A dark market website that relies on the Tor privacy network to keep its operators anonymous is temporarily shutting down amid concerns attackers are exploiting a newly reported weakness ..
---------------------------------------------
http://arstechnica.com/security/2015/08/concerns-new-tor-weakness-is-being-exploited-prompt-dark-market-shut-down/


*** Cisco ACE 4710 Application Control Engine CLI Privilege Escalation Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40666


*** PDF + maldoc1 = maldoc2 ***
---------------------------------------------
I received another example of a PDF file that contains a malicious MS Office document. Sample (MD5 0c044fd59cc6ccc28a48937bc69cc0c4). This time I want to focus on the analysis of such a sample. First we run pdfid to identify the sample.  It contains ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20079


*** Taking root ***
---------------------------------------------
We analyzed the statistics we had collected from May to August 2015 and identified three main Trojan families that use root privileges on the device to achieve their goals.
---------------------------------------------
http://securelist.com/blog/mobile/71981/taking-root/


*** Throwback Thursday: Safe Hex in the 21st Century ***
---------------------------------------------
This Throwback Thursday, we turn the clock back to July 2000, when we were already being warned that virus scanners were no longer enough.How many times have we heard commentators claim that anti-virus is dead? After all, in the current ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/08_27.xml


*** Phisher greifen iranische Aktivisten an, umgehen Googles Multifaktor-Anmeldung ***
---------------------------------------------
Eine Serie von Phishing-Angriffen hat es anscheinend auf iranische Aktivisten und Dissidenten abgesehen. Auch eine hochrangige Mitarbeiterin der EFF wurde angegriffen.
---------------------------------------------
http://heise.de/-2792580


*** Important Notice Regarding Public Availability of Stable Patches ***
---------------------------------------------
Grsecurity has existed for over 14 years now. During this time it has been the premier solution for hardening Linux against security exploits and served as a role model for many mainstream commercial applications elsewhere. All modern OSes took our lead and implemented to varying degrees a number of security ..
---------------------------------------------
https://grsecurity.net/announce.php


*** Angler Exploit Kit Strikes on MSN.com via Malvertising Campaign ***
---------------------------------------------
The same actors behind the recent Yahoo and Azure malvertising attacks went after MSN.com this time.
---------------------------------------------
https://blog.malwarebytes.org/malvertising-2/2015/08/angler-exploit-kit-strikes-on-msn-com-via-malvertising-campaign/