[CERT-daily] Tageszusammenfassung - Freitag 4-09-2015

Fri Sep 4 18:02:49 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 03-09-2015 18:00 − Freitag 04-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** More Adult Themed Android Ransomware ***
---------------------------------------------
During the course of our daily malware hunt, we came across a new mobile ransomware variant that leverages pornography to lure victims into downloading and installing it. Wed previously ..
---------------------------------------------
http://research.zscaler.com/2015/09/more-adult-themed-android-ransomware.html


*** Analyzing Popular Layer 7 Application DDoS Attacks ***
---------------------------------------------
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken down and kept offline because of them. Even over-provisioned servers can be ..
---------------------------------------------
https://blog.sucuri.net/2015/09/analyzing-popular-layer-7-application-ddos-attacks.html


*** Cogent DataHub Code Injection Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01


*** Schneider Electric Modicon PLC Vulnerabilities ***
---------------------------------------------
This advisory is a follow-up to the alert titled ICS-ALERT-15-224-02 Schneider Electric Modicon M340 PLC Station P34 Module Vulnerabilities that was published August 12, 2015, to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in the Schneider Electric Modicon PLC.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02


*** Moxa Industrial Managed Switch Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Moxa EDS-405A/EDS-408A series managed Ethernet switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-03


*** SMA Solar Technology AG Sunny WebBox Hard-coded Account Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a hard-coded account vulnerability in the SMA Solar Technology AG Sunny WebBox product.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-02


*** APPLE-SA-2015-09-03-1 OS X: Flash Player plug-in blocked ***
---------------------------------------------
Due to security issues in older versions, Apple has updated the
web plug-in blocking mechanism to disable all versions prior to
Flash Player 18.0.0.232.
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2015/Sep/msg00000.html


*** Google, Mozilla, Microsoft to Sever RC4 Support in Early 2016 ***
---------------------------------------------
Google and Mozilla today announced they've settled on a timeframe to permanently deprecate the shaky RC4 encryption algorithm.
---------------------------------------------
http://threatpost.com/google-mozilla-microsoft-to-sever-rc4-support-in-early-2016/114498/


*** How to Kick-Out the Bad Guy? ***
---------------------------------------------
A quick blog post about an issue I faced this morning. While drinking my morning coffee and reviewing what happened during the last night in my logs, I detected that one of my website (leakedin.com) was entirely mirrored by a guy from Brazil. I'm not against sharing information but in this case, it was consuming bandwidth and server resources for nothing. I was time to ..
---------------------------------------------
https://blog.rootshell.be/2015/09/04/kick-bad-guy/


*** CVE-2014-7216: A Journey Through Yahoo's Bug Bounty Program ***
---------------------------------------------
I have published another security advisory about a vulnerability, which I have 'recently' reported to Yahoo! via their Bug-Bounty program hosted by HackerOne. So this blog post is about the technical details of the CVE-2014-7216 (which is not very thrilling), but more about my experience with Yahoo's Bug Bounty program.
---------------------------------------------
https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/


*** LinkedIn Sockpuppets Are Targeting Security Researchers ***
---------------------------------------------
Multiple LinkedIn accounts recently targeted numerous security specialists in an attempt to map their social graphs. Several of our researchers received these LinkedIn invitations themselves and Daavid from our Threat Intelligence team decided to investigate. Here's an example of one so-called 'recruiter' account.
---------------------------------------------
https://labsblog.f-secure.com/2015/09/03/linkedin-sockpuppets-targeting-security-researchers/


*** Office Malware: AGB gegen Spammer ***
---------------------------------------------
Ein russischer Entwickler möchte nicht, dass seine Office Malware MWI von Spammern verwendet wird. Doch seine allgemeinen Geschäftsbedingungen zeigen nur begrenzt Wirkung. Ein kurioser Blick in den Malware-Markt.
---------------------------------------------
http://www.golem.de/news/office-malware-agb-gegen-spammer-1509-116130.html


*** Sleepy Puppy: Netflix-Tool jagt XXS-Lücken ***
---------------------------------------------
Sicherheitsforscher können mit Sleepy Puppy tief in Netzwerken graben und an verschiedenen Stellen Schwachstellen für Cross-Site-Scripting ausfindig machen.
---------------------------------------------
http://heise.de/-2805316


*** Nach Erpressungsversuch: Webhoster 1blu tauscht tausende SSL-Zertifikate ***
---------------------------------------------
Vor zwei Monaten Erfuhr die Hosting-Firma, dass sich ein Angreifer weitreichenden Zugriff auf Kundendaten verschaffen konnte. Jetzt stellt sich heraus, dass offenbar auch die SSL-Zertifikate der Kunden betroffen sind.
---------------------------------------------
http://heise.de/-2803573