[CERT-daily] Tageszusammenfassung - Mittwoch 15-07-2015

Wed Jul 15 18:42:27 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 14-07-2015 18:00 − Mittwoch 15-07-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Otmar Lendl

*** July 2015 Security Updates ***
---------------------------------------------
Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month's security updates and advisories visit the Security TechNet Library.  You can also follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse MSRC Team
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2015/07/14/july-2015-security-updates.aspx
https://technet.microsoft.com/en-us/library/security/MS15-JUL


*** TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities ***
---------------------------------------------
Original release date: July 14, 2015 Systems Affected Microsoft Windows systems with Adobe Flash Player installed. Overview Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges. Since attackers continue to target and find new vulnerabilities in popular, Internet-facing software, updating is not sufficient, and it is important to use exploit mitigation and other defensive
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA15-195A


*** Microsoft Patch Tuesday July 2015 ***
---------------------------------------------
Julys Patch Tuesday is here and brings with it a rather large 14 bulletins with 4 Critical and 10 Important rated patches. All combined this months release patches 59 vulnerabilities 29 of which are in the old stalwart Internet Explorer....
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Patch-Tuesday-July-2015/


*** Adobe, MS, Oracle Push Critical Security Fixes ***
---------------------------------------------
This being the second Tuesday of the month, its officially Patch Tuesday. But its not just Windows users who need to update today: Adobe has released fixes for several products, including a Flash Player bundle that patches two vulnerabilities for which exploit code is available online. Separately, Oracle issued a critical patch update that plugs more than two dozen security holes in Java.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/GZ70l-ulAqw/


*** Oracle Critical Patch Update dichtet 193 Lücken ab ***
---------------------------------------------
Wie üblich bei Oracles quartalsweisen Updates stopft die Firma massenweise Lücken in fast allen ihrer Produkte. Sogar die Ghost-Lücke vom Januar feiert ein Comeback. Besonders die Updates für Java und MySQL sollten baldigst installiert werden.
---------------------------------------------
http://heise.de/-2750641


*** Microsoft Ends Support for Windows Server 2003, Migration a Must ***
---------------------------------------------
End-of-life fun times are coming to infosec departments everywhere again. Just a year after the announcement of Windows XP's end-of-life, we see another body in the OS graveyard: Windows Server 2003. After July 14th, servers running this venerable OS will no longer be receiving any more security updates. This would leave you out in the cold 
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sr3phsOSoFM/


*** Microsoft Security Essentials is no longer available for Windows XP ***
---------------------------------------------
We strongly recommend that you complete your migration to a supported operating system as soon as possible so that you can receive regular security updates to help protect your computer from malicious attacks.
---------------------------------------------
http://windows.microsoft.com/en-us/windows/security-essentials-download?os=winxp&arch=other


*** Cisco Packet Data Network Gateway IP Stack Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39907


*** Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39872


*** Unit 42 Technical Analysis: Seaduke ***
---------------------------------------------
Earlier this week Symantec released a blog post detailing a new Trojan used by the "Duke" family of malware. Within this blog post, a payload containing a function named "forkmeiamfamous" was mentioned. While performing some ...
---------------------------------------------
http://feedproxy.google.com/~r/PaloAltoNetworks/~3/y_CGsjS6Bio/


*** An In-Depth Look at How Pawn Storm's Java Zero-Day Was Used ***
---------------------------------------------
Operation Pawn Storm is a campaign known to target military, embassy, and defense contractor personnel from the United States and its allies. The attackers behind Operation Pawn Storm have been active since at least 2007 and they continue to launch new campaigns. Over the past year or so, we have seen numerous techniques and tactics 
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/gJtU9nel0NM/


*** Hideouts for Lease: The Silent Role of Bulletproof Hosting Services in Cybercriminal Operations ***
---------------------------------------------
What do LeaseWeb, Galkahost, and Spamz have in common? All of them, at one point or another, have functioned as cybercriminal hideouts in the form of bulletproof hosting services (BPHS). Simply put, BPHS is any hosting facility that can store any type of malicious content like phishing sites, pornography, and command-and-control (C&C) infrastructure.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Ojxl_6lsUjU/


*** DFN-CERT-2015-1068/ BlackBerry Link: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1068/


*** Rootkits: User Mode ***
---------------------------------------------
In this article, we will learn about what rootkits are and how they operate. The focus will be on two types of Rootkits exploits: User Mode & Kernel Mode, what are the various ways in which rootkits exploit in both modes. 
---------------------------------------------
http://resources.infosecinstitute.com/rootkits-user-mode-kernel-mode-part-1/


*** Rootkits: Kernel Mode ***
---------------------------------------------
We have learned in part one of this series about the Rootkits and how they operate in User Mode, in this part of the series we will up the ante and look at the other part where rootkits operate, i.e. Kernel Mode.
---------------------------------------------
http://resources.infosecinstitute.com/rootkits-user-mode-kernel-mode-part-2/


*** Rootkits: User Mode & Kernel Mode-Part 2 ***
---------------------------------------------
We have learned in part one of this series about the Rootkits and how they operate in User Mode, in this part of the series we will up the ante and look at the other part where rootkits operate, i.e. Kernel Mode. 
---------------------------------------------
http://resources.infosecinstitute.com/rootkits-user-mode-kernel-mode-part-2/


*** FBI paid Hacking Team to identify Tor users ***
---------------------------------------------
Documents leaked online after the Hacking Team data breach revealed that the company supported the FBI in the investigation on Tor users. While the security experts are continuing to analyze the impressive amount of data stolen from the Hacking Team, new revelation are circulating over the Internet. Among the clients of the Italian security firm, there ...
---------------------------------------------
http://securityaffairs.co/wordpress/38601/cyber-crime/fbi-hacking-team-tor.html


*** Government Grade Malware: a Look at HackingTeam's RAT ***
---------------------------------------------
We have our hands on the code repositories of HackingTeam, and inside of them we've found the source code for a cross-platform, highly-featured, government-grade RAT (Remote Access Trojan). It's rare that we get to do analysis of complex malware at the source-code level, so I couldn't wait to write a blog about it!
---------------------------------------------
http://labs.bromium.com/2015/07/10/government-grade-malware-a-look-at-hackingteams-rat/


*** Epic Games, Epic Fail: Forumers info blown into dust by hack ***
---------------------------------------------
Company sorry for the inconvenience caused. Great Epic Games, known for its Unreal Engine and the Games of War series, sent a grovelling letter to its forum users this morning explaining that a hack "may have resulted in unauthorised access to your username, email address, password, and the date of birth you provided at registration."
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/15/epic_games_in_epic_fail_hack_leaves_forumtards_info_fragmented/


*** Details on Internet-wide Scans from SBA ***
---------------------------------------------
To clarify what we are scanning on the Internet, here are some details on the project and which tools we use. Most importantly: if you want your IP to be excluded from future scans, please send an email to abuse at sba-research.org. For quite some time now we scan Internet-wide for well-known ports that use TLS, most ...
---------------------------------------------
https://www.sba-research.org/2015/07/15/details-on-internet-wide-scans-from-sba/