[CERT-daily] Tageszusammenfassung - Mittwoch 24-06-2015

Wed Jun 24 18:05:34 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 23-06-2015 18:00 − Mittwoch 24-06-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Operation Clandestine Wolf � Adobe Flash Zero-Day in APT3 PhishingCampaign ***
---------------------------------------------
In June, FireEye�s FireEye as a Service team in Singapore uncovered a phishing campaign exploiting an Adobe Flash Player zero-day vulnerability (CVE-2015-3113). The attackers� emails included links to compromised web servers that served either benign content or a malicious Adobe Flash Player file that exploits CVE-2015-3113.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html


*** Digital Snake Oil ***
---------------------------------------------
One of the most common complaints we see on our forums, and from our users, concerns a particular category of program called �Registry Optimizers� or �Registry Cleaners� or �Registry Defragmenters�. For this post, we will just refer to them as ..
---------------------------------------------
https://blog.malwarebytes.org/social-engineering/2015/06/digital-snake-oil/


*** Websites Hacked Via Website Backups ***
---------------------------------------------
The past few months we�ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wrong; interestingly enough though, they are often the forgotten pillar of security. It�s why we ..
---------------------------------------------
https://blog.sucuri.net/2015/06/websites-hacked-via-website-backups.html


*** Cisco AnyConnect Client for Windows Privilege Escalation Vulnerability ***
---------------------------------------------
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39466


*** MMD-0033-2015 - Linux/XorDDoS infection incident report (CNC: HOSTASA.ORG) ***
---------------------------------------------
This post is an actual malware infection incident of the"Linux/XOR.DDoS" malware, see this previous post as reference, malware was in attempt to infect a real service. Incident details: Source of attack: An attack ..
---------------------------------------------
http://blog.malwaremustdie.org/2015/06/mmd-0033-2015-linuxxorddos-infection_23.html


*** Analysis and Exploitation of an ESET Vulnerability ***
---------------------------------------------
Many antivirus products include emulation capabilities that are intended to allow unpackers to run for a few cycles before signatures are applied. ESET NOD32 uses a minifilter or kext to intercept all disk I/O, which is analyzed and then emulated if ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/06/analysis-and-exploitation-of-eset.html


*** Of Privacy, Security, and the Art of Scanning ***
---------------------------------------------
With all the recent news and attention on world events the concept and concern around privacy has increased over the last several years. This is an excellent progression of personal protection and should be pursued ..
---------------------------------------------
http://blog.shadowserver.org/2015/06/23/of-privacy-security-and-the-art-of-scanning/


*** Attacking Ruby Gem Security with CVE-2015-3900 ***
---------------------------------------------
A Ruby gem is a standard packaging format used for Ruby libraries and applications. This packaging format allows Ruby software developers a clearly defined format in which they can ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/


*** Samsung deliberately disabling Windows Update ***
---------------------------------------------
On my home forum Sysnative, a user (wavly) was being assisted with a WU issue, which was going well, aside from the fact that wavlys WU kept getting disabled randomly. It was figured out eventually after using auditpol.exe and registry security ..
---------------------------------------------
http://bsodanalysis.blogspot.de/2015/06/samsung-deliberately-disabling-windows.html


*** Kaspersky hilft Facebook User-PCs nach Viren zu scannen ***
---------------------------------------------
Facebook will die Verbreitung von Malware über das soziale Netzwerk eindämmen. Dafür werden nicht nur Profile nach verdächtigen Aktivitäten gescannt. Das Unternehmen bietet Nutzern auch die Möglichkeit an, einen kostenlosen Scan ihres Computers durchzuführen. Seit einiger Zeit ..
---------------------------------------------
http://derstandard.at/2000017946165


*** Identifying vulnerable code ***
---------------------------------------------
No matter how much care you take during development of any software, security issues creep in. Hence, it is important to get the code reviewed for security loopholes. Code is the only advantage for organizations over the hackers and they need ..
---------------------------------------------
http://resources.infosecinstitute.com/identifying-vulnerable-code/


*** Am 30. Juni ist DNSSEC-Day ***
---------------------------------------------
Am 30. Juni 2015 veranstalten das BSI, der DENIC und heise online den DNSSEC-Day. Kern der Veranstaltung ist ein Livestreaming, bei dem Fachleute Nutzen und ..
---------------------------------------------
http://heise.de/-2723932


*** Results of my recent PostScript Charstring security research unveiled ***
---------------------------------------------
Some months ago, I started reverse engineering and investigating the security posture of the Adobe Type Manager Font Driver (ATMFD.DLL) module, which provides support for Type 1 and OpenType fonts in the Windows kernel since Windows NT 4.0, ..
---------------------------------------------
http://j00ru.vexillium.org/?p=2520