[CERT-daily] Tageszusammenfassung - Montag 8-06-2015

Mon Jun 8 18:05:46 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 05-06-2015 18:00 − Montag 08-06-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** �UnfriendAlert� wants your Facebook Credentials ***
---------------------------------------------
For our first "PUP Friday" post, we talked about UnfriendAlert, a program that purports to notify users ..
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/06/unfriendalert-wants-your-facebook-credentials/


*** Changes in Oracle Database 12c password hashes ***
---------------------------------------------
Oracle has made improvements to user password hashes within Oracle Database 12c. By using a PBKDF2-based SHA512 hashing algorithm, instead of simple SHA1 hash, password ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Changes-in-Oracle-Database-12c-password-hashes/


*** [Honeypot Alert] Fritz!Box � Remote Command Execution Exploit Attempt ***
---------------------------------------------
Our web honeypots picked up some exploit attempts for a remote command execution vulnerability in FRITZ!Box, a series of routers produced by AVM. This exploit targets router ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Fritz!Box-%e2%80%93-Remote-Command-Execution-Exploit-Attempt/


*** Checking for BACNet devices inside corporate networks ***
---------------------------------------------
Building automation Networks are very common today for intelligent buildings. They interconnect several type of devices like escalators, elevators, power circuits, heating, ventilating and air conditioning (HVAC) to the main control ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19771


*** Insider vs. Outsider Threats: Identify and Prevent ***
---------------------------------------------
In my last article, we discussed on a step-by-step approach on APT attacks. The origin of any kind of cyber-attack is through an external or an internal source. Multiple sophisticated insider attacks resulted in the exfiltration of ..
---------------------------------------------
http://resources.infosecinstitute.com/insider-vs-outsider-threats-identify-and-prevent/


*** Antiquated environment and bad security practices aided OPM hackers ***
---------------------------------------------
By now, youve all heard about the massive breach at the US Office of Personnel Managements (OPM), and that the attackers have accessed (and likely made off with) personal information ..
---------------------------------------------
http://www.net-security.org/secworld.php?id=18484


*** Plex verschl�sselt Verbindung zur eigenen Medienzentrale ***
---------------------------------------------
Den bisher größte Einsatz von Sicherheitszertifikaten heftet sich die Medienzentrale Plex auf die eigenen Fahnen. In einer Kooperation mit DigiCert bekommen sämtliche Nutzer der Software ein kostenloses SSL/TLS-Zertifikat für ihren Server ausgestellt.
---------------------------------------------
http://derstandard.at/2000017144835


*** DSA-3281 - Debian Security Team PGP/GPG key change notice ***
---------------------------------------------
This is a notice that the Debian Security Team has changed its PGP/GPGcontact key because of a periodic regular key rollover.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3281


*** Matryoshka dolls: analysing a packer for CTB locker ***
---------------------------------------------
We recently encountered a phishing campaign distributing CTB locker. Victims were sent an e-mail that appeared to be from a Dutch webshop, with the e-mail describing a Fifa15 order for Playstation 3.  While no one uses PS3 anymore , there were users who ..
---------------------------------------------
https://www.dearbytes.com/en/nieuws/matroesjka-poppen-ctb-locker/


*** Raub im Zug: Datendiebstahl - ganz analog ***
---------------------------------------------
Banden stehlen Handys und Laptops von Managern, um die Besitzer oder deren Firmen mit den erbeuteten Daten zu erpressen.
---------------------------------------------
http://www.golem.de/news/raub-im-zug-datendiebstahl-ganz-analog-1506-114530.html


*** Malware zapft Kreditkartendaten von Oracle-Kassensystemen ab ***
---------------------------------------------
Ein weiterer Schädling nistet sich in Point-of-Sales-Terminals ein und kopiert die Daten ahnungsloser Kreditkarten-Nutzer. MalaumPOS hat es auf ein weit verbreitetes Kassensystem von Oracle abgesehen.
---------------------------------------------
http://heise.de/-2680638


*** Bugtraq: strongswan security update ***
---------------------------------------------
Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec
suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP,
the constraints on the ..
---------------------------------------------
http://www.securityfocus.com/archive/1/535708


*** Zeus Isn�t Dead, New Version Evades All Antivirus Detection Tools ***
---------------------------------------------
The venerable Zeus banking Trojan has been killed off many times; disappearing from the global Internet time and time again only to reappear with new modifications designed ..
---------------------------------------------
http://www.pcrisk.com/internet-threat-news/9068-zeus-evades-all-antivirus-detection-tools


*** Many Drug Pumps Open to Variety of Security Flaws ***
---------------------------------------------
In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to ..
---------------------------------------------
http://threatpost.com/many-drug-pumps-open-to-variety-of-security-flaws/113202