[CERT-daily] Tageszusammenfassung - Donnerstag 11-06-2015

Thu Jun 11 18:18:26 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 10-06-2015 18:00 − Donnerstag 11-06-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** Increase in CryptoWall 3.0 from malicious spam and Angler exploit kit, (Thu, Jun 11th) ***
---------------------------------------------
Introduction Since Monday2015-05-25(a bitmore than 2 weeks ago), weve seen a significantamount of CryptoWall 3.0 ransomware from">) and theAngler exploit kit (EK). A malspam campaign pushing CryptoWall 3.0 started as early as Monday 2015-05-25, but it hasincreased significantly since Monday 2015-06-08. The CryptoWall3.0push from Angler EK appears to have started around the same time. Both campaigns (malspam and Angler EK) were active as recently as Wednesday 2015-06-10.  The timing of...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19785&rss


*** Factsheet: Software has an expiry date ***
---------------------------------------------
Software vendors regularly make announcements that certain versions of software will no longer be supported after a particular date. Such dates are known as End-of-Life. After the End-of-Life, software is no longer supported and can therefore not be considered to be secure. The NCSC advises to update systems after the announcement as soon as possible.
---------------------------------------------
https://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/factsheets/software-has-an-expiry-date.html


*** Cyberangriff: Bundestag benötigt komplett neues Computer-Netzwerk ***
---------------------------------------------
Das Computer-Netzwerk im Bundestag ist hinüber. Der Cyberangriff auf den deutschen Bundestag hat weitreichendere Folgen als bisher angenommen. Das Parlament muss ein völlig neues Computer-Netzwerk errichten.
---------------------------------------------
http://www.golem.de/news/cyberangriff-bundestag-benoetigt-komplett-neues-computer-netzwerk-1506-114593-rss.html


*** Bundestag: "Von einem Totalschaden kann keine Rede sein" ***
---------------------------------------------
Nur 15 Rechner sollen von dem Hacker-Angriff auf den Bundestag betroffen sein. Das berichtet der Unionsabgeordnete Thomas Jarzombek und beruft sich auf das BSI.
---------------------------------------------
http://www.golem.de/news/bundestag-von-einem-totalschaden-kann-keine-rede-sein-1506-114610-rss.html


*** MSRT June 2015: BrobanDel ***
---------------------------------------------
Providing further protections for our customers, this month we added three new malware families and two variants to the Microsoft Malicious Software Removal Tool (MSRT):   Win32/Bagopos Win32/BrobanDel Win32/Gatak PWS:Win32/OnLineGames.AH PWS:Win32/OnLineGames.MV   Gatak is a family of information-stealing malware that collects sensitive information and sends it to a remote attacker, if a system is compromised. Bagopos is another information-stealing malware family that targets credit card...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/06/09/msrt-june-2015-brobandel.aspx


*** Windows 10 to offer application developers new malware defenses ***
---------------------------------------------
Application developers can now actively participate in malware defense - in a new way to help protect customers from dynamic script-based malware and non-traditional avenues of cyberattack. Microsoft is making that possible through the  Antimalware Scan Interface (AMSI) - a generic interface standard that allows applications and services to integrate with any antimalware product present on a machine. AMSI is currently available through the Windows 10 Technical Preview, and will be fully...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses.aspx


*** Advances in Scripting Security and Protection in Windows 10 and PowerShell V5 ***
---------------------------------------------
In the last several releases of Windows, we've been working hard to make the platform much more powerful for administrators, developers, and power users alike. PowerShell is an incredibly useful and powerful language for managing Windows domains. Unfortunately, attackers can take advantage of these same properties when performing "post-exploitation" activities (actions that are performed after a system has been compromised). The PowerShell team, recognizing this behavior, have
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2015/06/10/advances-in-scripting-security-and-protection-in-windows-10-and-powershell-v5.aspx


*** CSDanube ***
---------------------------------------------
CERT.at ist keine isolierte Einrichtung, im Gegenteil: Wir kooperieren in diversen Kreisen mit anderen Institutionen und Firmen. Das reicht von unserer Einbettung in die Umsetzung der ÖSCS, lokalen Partnern in der Industrie und Forschung bis hin zur globalen Vernetzung der CERTs. In diesem Kontext nehmen wir an einem Projekt teil, dass im Rahmen des START Programms der Danube Region Strategy gefördert wird: Es geht bei diesem Projekt darum, dass die CERTs der Region...
---------------------------------------------
http://www.cert.at/services/blog/20150611115640-1547.html


*** Security Advisory: Object Injection Vulnerability in WooCommerce ***
---------------------------------------------
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Object Injection Patched Version: 2.3.11 During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability which could, in certain contexts, be used by an attacker to download any file on the vulnerable server. Are you at risk? The vulnerability is only...
---------------------------------------------
https://blog.sucuri.net/2015/06/security-advisory-object-injection-vulnerability-in-woocommerce.html


*** Hospira Plum A+ and Symbiq Infusion Systems Vulnerabilities ***
---------------------------------------------
This advisory provides publicly disclosed vulnerabilities and compensating measures for the Hospira Plum A+ and Symbiq Infusion System that are similar to vulnerabilities identified in the Hospira LifeCare PCA Infusion System discussed in the updated advisory ICSA-15-125-01B Hospira LifeCare PCA Infusion System Vulnerabilities.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01


*** HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities ***
---------------------------------------------
Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities.
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04686230


*** Cisco IOS XR telnetd Packet Processing Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39293


*** Cisco Nexus and Cisco Multilayer Director Switches MOTD Telnet Login Reset Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39280


*** Cisco Identity Services Engine Improper Web Page Controls Privilege Escalation Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39299