[CERT-daily] Tageszusammenfassung - Montag 6-07-2015

Mon Jul 6 18:12:34 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 03-07-2015 18:00 − Montag 06-07-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** [20150602] - Core - CSRF Protection ***
---------------------------------------------
http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html


*** [20150601] - Core - Open Redirect ***
---------------------------------------------
http://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html


*** This 20-year-old Student Has Written 100 Malware Programs in Two Years ***
---------------------------------------------
Security firm Trend Micro has identified a 20-year-old Brazilian college student responsible for developing and distributing over 100 Banking Trojans selling each for around ..
---------------------------------------------
http://thehackernews.com/2015/07/student-hacker.html


*** A .BUP File Is An OLE File ***
---------------------------------------------
Yesterday I mentioned that McAfee quarantine files on Windows (.BUP extension) are actually OLE files. Im going to write a couple of diary entries highlighting some file types that are OLE files, and ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19869


*** MMD-0036-2015 - KINS (or ZeusVM) v2.0.0.0 tookit (builder & panel) leaked. ***
---------------------------------------------
The background KINS (or ZeusVM to be precised) v2.0.0.0 tookit (builder & panel) was leaked and spread all over the internet. On Jun 26th 2015 we were informed about this and after several internal discussion, considering that: "so ..
---------------------------------------------
http://blog.malwaremustdie.org/2015/07/mmd-0036-2015-kins-or-zeusvm-v2000.html


*** A fileless Ursnif doing some POS focused reco ***
---------------------------------------------
http://malware.dontneedcoffee.com/2015/07/a-fileless-ursnif-doing-some-pos.html


*** BizCN gate actor changes from Fiesta to Nuclear exploit kit ***
---------------------------------------------
Introduction An actor using gates registered through BizCN recently switched from Fiesta to Nuclear exploit kit (EK). This happened around last month, and we first noticed the change on 2015-06-15. I started writing about this actor in 2014 ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19875


*** Don't Be Fooled By Phony Online Reviews ***
---------------------------------------------
The Internet is a fantastic resource for researching the reputation of companies with which you may wish to do business. Unfortunately, this same ease-of-use can lull the unwary into falling for marketing scams originally perfected ..
---------------------------------------------
http://krebsonsecurity.com/2015/07/dont-be-fooled-by-phony-online-reviews/


*** Spionagefirma Hacking Team: "Feind des Internets" selbst gehackt ***
---------------------------------------------
Die italienische Überwachungsfirma Hacking Team wurde selbst Opfer eines massiven Hacks: Eindringlinge konnten rund 480 GB an internen Daten übernehmen und diese als Download bereitstellen. Auch der Twitter-Account des Unternehmens wurde übernommen und in "Hacked Team" umbenannt. Die veröffentlichten Informationen ..
---------------------------------------------
http://derstandard.at/2000018630550


*** Blue-Pill-Lücke in Xen geschlossen ***
---------------------------------------------
In der langen Liste der Sicherheits-Verbesserungen von Xen 4.5.1 finden sich auch eine Lücke, die den Ausbruch aus einer virtuellen Maschine erlaubt - und ein geheimnisvoller, noch undokumentierte Eintrag.
---------------------------------------------
http://heise.de/-2736158


*** ManageEngine Password Manager Pro 8.1 SQL Injection ***
---------------------------------------------
An authenticated user (even the guest user) is able to execute arbitrary SQL code using a forged request to the SQLAdvancedALSearchResult.cc. The SQL query is build manually and is not escaped properly in the AdvanceSearch.class of AdventNetPassTrix.jar.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015070020


*** Insider Threats Defined ***
---------------------------------------------
According to the second annual SANS survey on the security of the financial services sector, the number one threat companies are concerned about doesn’t relate to nation-states, organised criminal gangs or ‘APTs’. Rather the main worry revolves around insider threats – but what exactly is an insider threat and what can be done to detect and respond to these threats?
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/insider-threats-defined


*** How to Deal with Reverse Domain Name Hijacking ***
---------------------------------------------
The fact that one owns a trademark which is identical or confusingly similar to a domain name does not necessarily mean that she is entitled to that domain name. For ..
---------------------------------------------
http://resources.infosecinstitute.com/how-to-deal-with-reverse-domain-name-hijacking/


*** Rätselaufgaben gegen DDoS-Angriffe auf TLS ***
---------------------------------------------
Ein Akamai-Mitarbeiter beschreibt, wie mit einfachen Rechenaufgaben DDoS-Angriffe durch Clients auf TLS-Verbindungen minimiert werden könnten. Die Idee ist zwar noch ein Entwurf, könnte aber als Erweiterung für TLS 1.3 standardisiert werden. 
---------------------------------------------
http://www.golem.de/news/ietf-raetselaufgaben-gegen-ddos-angriffe-auf-tls-1507-115068.html


*** AWS Best Practices for DDoS Resiliency (PDF) ***
---------------------------------------------
http://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf


*** No one expect command execution ! ***
---------------------------------------------
Unix is a beautiful world where your shell gives you the power of launching any command you like. But sometimes, command can be used to launch another commands, and thats sometimes unexpected.
---------------------------------------------
http://0x90909090.blogspot.fr/2015/07/no-one-expect-command-execution.html