[CERT-daily] Tageszusammenfassung - Dienstag 3-03-2015

Tue Mar 3 18:06:09 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 02-03-2015 18:00 − Dienstag 03-03-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Ads Gone Bad ***
---------------------------------------------
FireEye Labs tracks malvertising activity and recently discovered hundreds of sites that may have been exposed to malvertisements via abuse of ad networks that use real-time bidding (RTB). Since February 4, 2015, FireEye Labs has seen over 1,700 advertiser RTB requests that resulted in downloading of malicious SWF files. We believe this activity is part of an active malvertising operation.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/03/ads_gone_bad.html


*** D-Link Routers Haunted by Remote Command Injection Bug ***
---------------------------------------------
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link's home routers and the key ..
---------------------------------------------
http://threatpost.com/d-link-routers-haunted-by-remote-command-injection-bug/111355


*** Older Keen Team Use-After-Free IE Exploit Added to Angler Exploit Kit ***
---------------------------------------------
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsofts Internet Explorer browser.
---------------------------------------------
http://threatpost.com/older-keen-team-use-after-free-ie-exploit-added-to-angler-exploit-kit/111350


*** How to keep your Smart Home safe ***
---------------------------------------------
The Internet of Things (IoT) devices can help you save time and hassle and improve your quality of life. As an example, you can check the contents of your fridge and turn on the oven while at the grocery store thus saving money, uncertainty, and ..
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002792.html


*** Symantec NetBackup OpsCenter Server Javascript Injection RCE ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150302_00


*** SSH-Client Putty: Fast vergessene Sicherheitslücke geschlossen ***
---------------------------------------------
Der Schöpfer von Putty entschuldigt sich dafür, eine Sicherheitslücke erst nach eineinhalb Jahren vollständig geschlossen zu haben und ergänzt die neue Version um weitere Bugfixes und zwei neue Funktionen.
---------------------------------------------
http://heise.de/-2563230


*** SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass ***
---------------------------------------------
https://www.drupal.org/node/2428851


*** New gTLD Portals Taken Offline by ICANN Due to Security Flaw ***
---------------------------------------------
The Internet Corporation for Assigned Names and Numbers (ICANN) shut down two new generic top-level domain (gTLD) portals on February 27 after learning of a vulnerability that could have been exploited to view users' data.
---------------------------------------------
http://www.securityweek.com/new-gtld-portals-taken-offline-icann-due-security-flaw


*** Cyber criminals target call center operators in Apple Pay fraud schema ***
---------------------------------------------
Cybercriminals are targeting call centers operators in Apple Pay fraud to circumvent the checks implemented by Apple, banks and card issuers. The security expert Cherian Abraham revealed a spike in the fraud on Apple's ..
---------------------------------------------
http://securityaffairs.co/wordpress/34359/cyber-crime/apple-pay-fraud.html


*** Captcha <= 4.0.6 - Captcha Bypass ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7822


*** Financial Trojans in 2014: Takedowns contributed to 53 percent drop in infections, but threat is still prevalent ***
---------------------------------------------
While the number of financial Trojan detections decreased in 2014, the threat was still ..
---------------------------------------------
http://www.symantec.com/connect/blogs/financial-trojans-2014-takedowns-contributed-53-percent-drop-infections-threat-still-prevalent


*** phpMoAdmin Zero-day Vulnerability Puts Websites Using MongoDB at Risk ***
---------------------------------------------
About two weeks back, over 40,000 organizations running MongoDB were found unprotected and vulnerable to hackers. Now, once again the users of MongoDB database are at risk because of a critical zero-day vulnerability making ..
---------------------------------------------
http://thehackernews.com/2015/03/phpMoAdmin-mongoDB-exploit.html


*** Ted Unangst: OpenBSD will Browser sicherer machen ***
---------------------------------------------
Mindestens ein Webbrowser soll durch die Umsetzung einer Speicherrichtlinie aus OpenBSD abgesichert werden. Dafür bezahlt die Stiftung des Betriebssystems einen Entwickler mit Erfahrung bei Libressl.
---------------------------------------------
http://www.golem.de/news/ted-unangst-openbsd-will-browser-sicherer-machen-1503-112725.html


*** Thanks for the Memories: Identifying Malware from a Memory Capture ***
---------------------------------------------
Weve all seen attackers try and disguise their running malware as something legitimate. They might use a file name of a legitimate Windows file or even inject code into a legitimate process thats already running. Regardless of how its done, that code has to run, which means it has to be in memory. Somewhere.
---------------------------------------------
http://www.contextis.com/resources/blog/thanks-memories-identifying-malware-memory-capture/


*** LogPOS - New Point of Sale Malware Using Mailslots ***
---------------------------------------------
There has been an explosion in POS malware in the last year. At Morphick, Jeremy Humble and I found 2 undiscovered families in 2014 and we just found our first new family of 2015. This new malware which were calling ..
---------------------------------------------
http://morphick.com/blog/2015/2/27/mailslot-pos


*** Change to Lollipop Encryption Policy May Not Have Much Effect, Experts Say ***
---------------------------------------------
Google has made a subtle, but important, shift in the requirements for Android handset makers, saying now that OEMs manufacturing phones that will run Lollipop do not have to enable disk encryption by default. This is a major change from the ..
---------------------------------------------
http://threatpost.com/change-to-lollipop-encryption-policy-may-not-have-much-effect-experts-say/111386


*** Cisco Network Analysis Module Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0656