[CERT-daily] Tageszusammenfassung - Montag 19-01-2015

Mon Jan 19 18:14:58 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 16-01-2015 18:00 − Montag 19-01-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Survey says security products waste our time ***
---------------------------------------------
A survey of information-technology professionals published on Friday found that the average large organization has to sift through nearly 17,000 malware alerts each week to find the 19 percent that are considered reliable. The efforts at ..
---------------------------------------------
http://arstechnica.com/security/2015/01/survey-says-security-products-waste-our-time/


*** A Lot of Security Purchases Remain Shelfware ***
---------------------------------------------
Companies may be investing more in security, but many are either underutilizing their new purchases or not using them at all, an Osterman Research survey shows.
---------------------------------------------
http://www.darkreading.com/a-lot-of-security-purchases-remain-shelfware/d/d-id/1318648


*** Report: Mercenaries Behind APT Attacks ***
---------------------------------------------
An increasing number of sophisticated cyber-attacks are not being launched by governments - or their intelligence services - but rather by opportunistic mercenaries who sell whatever they can steal to the highest bidder, according to a new ..
---------------------------------------------
http://www.inforisktoday.com/report-mercenaries-behind-apt-attacks-a-7806


*** Dridex Banking Trojan Begins 2015 with a Bang ***
---------------------------------------------
In October, we called out a series of attacks installing the Dridex Trojan using macros in Microsoft Word documents. Those attacks continued over the last few ...
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/01/dridex-banking-trojan-begins-2015-bang/


*** Use-after-Free: New Protections, and how to Defeat them ***
---------------------------------------------
The Problem Memory corruption has plagued computers for decades, and these bugs can often be transformed into working cyber-attacks. Memory corruption is a situation where an attacker (malicious user of an application or network protocol) is ..
---------------------------------------------
http://labs.bromium.com/2015/01/17/use-after-free-new-protections-and-how-to-defeat-them/


*** Bypassing the Android PIN using fast tapping - Lock screens are still hard ***
---------------------------------------------
It turns out that during that brief period we have access to the phone and if we time our actions right, we can start programs or change settings by quickly tapping on the screen. Surely it's a bit tedious to do so, but ..
---------------------------------------------
http://itinsight.hu/en/posts/articles/2015-01-28-android-bypass/


*** New Guide by ENISA: Actionable Information for Security Incident Response ***
---------------------------------------------
ENISA publishes a good practice guide on Actionable Information for Security Incident Response, aiming to provide a picture of the challenges national CERTs and other security organizations encounter ...
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/new-guide-by-enisa-actionable-information-for-security-incident-response


*** VB2014 paper: OPSEC for security researchers ***
---------------------------------------------
Vicente Diaz teaches researchers the basics of OPSEC.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added OPSEC for security researchers by Kaspersky researchers Vicente ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/01_19.xml


*** DSA-3131 xdg-utils - security update ***
---------------------------------------------
John Houwer discovered a way to cause xdg-open, a tool that automaticallyopens URLs in a users preferred application, to execute arbitrarycommands remotely.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3131


*** Hacked. A Short Story. ***
---------------------------------------------
It all started when I was asked (as a freelancer) to configure exim4, so that newsletters would not fall into spam folders. They even sent me a link to a tutorial. I thought the work would take a couple of hours, including the DNS update, but I was wrong. After logging in as root, I started my favorite ..
---------------------------------------------
http://kukuruku.co/hub/infosec/hacked-a-short-story-of-a-hack


*** 2013-11-08: Remote code execution vulnerability in CAP 501 / CAP 505 / SMS 510 ***
---------------------------------------------
http://search.abb.com/library/Download.aspx?DocumentID=1MRS757865&LanguageCode=en&DocumentPartId=&Action=Launch


*** Tyupkin ATM Malware Analysis ***
---------------------------------------------
Introduction Some time ago, Kaspersky discovered and reported a new type of malicious program called Tyupkin, which targets ATM machines by moving beyond targeting consumers with card skimmers that steal debit card numbers to directly getting cash ..
---------------------------------------------
http://resources.infosecinstitute.com/tyupkin-atm-malware-analysis/


*** China: Attacke gegen Microsofts Outlook ***
---------------------------------------------
Offenbar Versuch einer Man-in-the-Middle-Attacke - Angreifer wollten Verschlüsselung austricksen
---------------------------------------------
http://derstandard.at/2000010596970


*** Certified Secure Advisory 14-01-2015-0.1 - PolarSSL ***
---------------------------------------------
During a routine research session, Certified Secure found a "Use of uninitialized memory" vulnerability in the PolarSSL (https://polarssl.org) library. The vulnerability is present in the asn1_get_sequence_of routine that is ..
---------------------------------------------
https://www.certifiedsecure.com/polarssl-advisory/


*** Traffic Patterns For CryptoWall 3.0 ***
---------------------------------------------
This is a guest diary submitted by Brad Duncan. Various sources have reported version 3 of CryptoWall has appeared [1] [2] [3]. This malware is currently seen from exploit kits and phishing emails. CryptoWall is one of many ransomware trojans that encrypt the personal files on your computer ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19203