[CERT-daily] Tageszusammenfassung - Donnerstag 1-10-2015

Thu Oct 1 18:03:25 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 30-09-2015 18:00 − Donnerstag 01-10-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Updates for multiple Apple products, including iOS and OS X ***
---------------------------------------------
https://support.apple.com/kb/HT205284
https://support.apple.com/kb/HT205267
https://support.apple.com/kb/HT205265


*** Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41240


*** Mistakenly-deployed test patch leads to suspicious Windows update ***
---------------------------------------------
Earlier today, various sources reporteda highly-suspicious Windows update. According to Ars Technica,a Microsoft spokesperson stated the company hadincorrectly published a test update and isin the process of removing it [1]. The update is no longer ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20201


*** User Dashboard - SQL Injection - Critical - SA-CONTRIB-2015-152 ***
---------------------------------------------
https://www.drupal.org/node/2577901


*** Apple Gatekeeper Bypass Opens Door for Malicious Code ***
---------------------------------------------
Gatekeeper is Mac OS X's guardian against rogue applications and malware sneaking into Apple's famous walled garden. It's also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow ..
---------------------------------------------
https://threatpost.com/apple-gatekeeper-bypass-opens-door-for-malicious-code/114851/


*** Car-Hacking Tool Turns Repair Shops Into Malware 'Brothels' ***
---------------------------------------------
A new hacking device finds vulnerabilities in auto diagnostic tools that could be used to spread malware to thousands of vehicles.
---------------------------------------------
http://www.wired.com/2015/10/car-hacking-tool-turns-repair-shops-malware-brothels/


*** Jumping through the hoops: multi-stage malicious PDF spam ***
---------------------------------------------
Weve recently encountered a number of malicious spam messages with PDFs attached. The PDFs themselves are not malicious as they dont contain executable code, but they do contain images with ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Jumping-through-the-hoops--multi-stage-malicious-PDF-spam/


*** Quaverse RAT: Remote-Access-as-a-Service ***
---------------------------------------------
Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java RAT. As you might expect from a RAT, the tool is capable of grabbing passwords, key logging and browsing files on the victim's computer. On a regular basis for the past several months, we have observed the inclusion of QRAT in a number of spam campaigns. 
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-as-a-Service/


*** VMSA-2015-0006.1 ***
---------------------------------------------
VMware vCenter Server updates address a LDAP certificate validation issue
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0006.html


*** Beta Bot Analysis: Part 2 ***
---------------------------------------------
This article is Part 2 in a two-part series. Extracting the Botnet Configuration: The bot configuration is encrypted inside the bot and decrypted while the bot is running. In 1.0.2.5, 1.5 and 1.6 versions, BetaBot uses RC4 and some XOR encryption; you ..
---------------------------------------------
http://resources.infosecinstitute.com/beta-bot-analysis-part-2/


*** VMSA-2015-0007 ***
---------------------------------------------
VMware vCenter and ESXi updates address critical security issues.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0007.html


*** HTTPS Available as Opt-In for Blogspot ***
---------------------------------------------
Google announced that it has made HTTPS available as an opt-in for its Blogspot blog-publishing service.
---------------------------------------------
http://threatpost.com/https-available-as-opt-in-for-blogspot/114872/


*** German Users Hit By Dirty Mobile Banking Malware Posing As PayPal App ***
---------------------------------------------
Additional analysis by Joachim Capiral Mobile banking is now used by more and more users, so it shouldn't be a surprise to see banking Trojans trying to hit these users as well. We've seen spammed mails that pretend to be an update notification for an official PayPal app. These mails ask the user to click on ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/german-users-hit-by-dirty-mobile-banking-malware-posing-as-paypal-app/


*** Important Security Notice from Patreon ***
---------------------------------------------
Yesterday I learned that there was unauthorized access to a Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community.
---------------------------------------------
https://www.patreon.com/posts/important-notice-3457485