[CERT-daily] Tageszusammenfassung - Montag 19-10-2015

Mon Oct 19 18:02:52 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 16-10-2015 18:00 − Montag 19-10-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** eFast browser hijacks file associations ***
---------------------------------------------
We take a look at an Eorezo/Tuto4PC hijacker that installs a new browser called eFast rather than hijacking an existing one.
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/10/efast-browser-hijacks-file-associations/


*** Surveillance Malware Trends: Tracking Predator Pain and HawkEye ***
---------------------------------------------
Malicious actors employ a range of tools to achieve their objectives. One of the most damaging activities an actor pursues is the theft of authentication information, whether it ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/10/surveillance-malware-trends-tracking-predator-pain-and-hawkeye/


*** SDG Technologies Plug and Play SCADA XSS Vulnerability ***
---------------------------------------------
NCCIC/ICS-CERT is aware of a public disclosure of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting SDG Technologies Plug and Play SCADA, a supervisory control and data acquisition/human-machine ..
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-288-01


*** DSA-3373 owncloud - security update ***
---------------------------------------------
Multiple vulnerabilities were discovered in ownCloud, a cloud storageweb service for files, music, contacts, calendars and many more. These flaws may lead to the execution of arbitrary code, authorization bypass,information disclosure, cross-site scripting or denial of service.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3373


*** Massive Magento Guruincsite Infection ***
---------------------------------------------
We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from 'guruincsite[.]com'. Google already blacklisted about seven thousand sites because of this malware. There are two ..
---------------------------------------------
https://blog.sucuri.net/2015/10/massive-magento-guruincsite-infection.html


*** New Neutrino EK Campaign Drops Andromeda ***
---------------------------------------------
On October 15th, we started seeing a new pattern of redirections to the Neutrino Exploit Kit via compromised websites. What actually caught our attention was one of the file names used to inject an iframe pointing to the exploit kit landing page. Ironically, it was called neitrino.php.
---------------------------------------------
https://blog.malwarebytes.org/exploits-2/2015/10/new-neutrino-ek-campaign-drops-andromeda/


*** Freies Unix: OpenBSD 5.8 zähmt das System ***
---------------------------------------------
Etwas eher als üblich ist OpenBSD auf den Tag genau 20 Jahre nach der Projektgründung erschienen. Für bessere Sicherheit wird das NX-Bit nun auch in der 32-Bit-X86-Architektur genutzt, der Sudo-Befehl ist ersetzt worden und das System kann offiziell gezähmt werden. 
---------------------------------------------
http://www.golem.de/news/freies-unix-openbsd-5-8-zaehmt-das-system-1510-116971.html


*** 1Password Leaks Your Data ***
---------------------------------------------
For those of you who don't know, 1PasswordAnywhere is a feature of 1Password which allows you to access your data without needing their client software. 1Password originally only used the �Agile Keychain� format to store their data (not including when they were OS X keychain only). This format basically stores your data as a series of JavaScript files which are decrypted ..
---------------------------------------------
http://myers.io/2015/10/22/1password-leaks-your-data/


*** Staatliche Hackerangriffe: Facebook will seine Nutzer warnen ***
---------------------------------------------
Facebook will von staatlichen Angriffen bedrohte Nutzer künftig warnen und ihnen den Einsatz von Zwei-Faktor-Authentifizeriung empfehlen. Bei der Klarnamenpflicht bleibt das Unternehmen aber bei seiner Position.
---------------------------------------------
http://www.golem.de/news/staatliche-hackerangriffe-facebook-will-seine-nutzer-warnen-1510-116975.html


*** Supporting the Android Ecosystem ***
---------------------------------------------
A few months ago, a widely-publicized set of vulnerabilities called StageFright hit the Android ecosystem. While Google fixed the vulnerabilities in what appears to be a reasonable amount of time, the deployment of those fixes to ..
---------------------------------------------
https://insights.sei.cmu.edu/cert/2015/10/supporting-the-android-ecosystem.html