[CERT-daily] Tageszusammenfassung - Montag 7-09-2015

Mon Sep 7 18:05:44 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 04-09-2015 18:00 − Montag 07-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Paper: Custom packer defeats multiple automation systems ***
---------------------------------------------
Combination of anti-automation, anti-VM and anti-reverse engineering to make researchers lives harder.Ever since the number of new malware samples became so large we could no longer list them in Virus Bulletin magazine, security researchers ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/09_04.xml


*** Neutrino exploit used to inject Teslascrypt into sites using outdated CMS tools ***
---------------------------------------------
Heimdal Security reported an increase in malicious scripts infecting legitimate websites that then redirect the victim to the Neurtino exploit kit server that could potentially impact more than 400 million web users.
---------------------------------------------
http://www.scmagazine.com/outdated-websites-deliver-teslacrypt-via-neutrino-exploit-kit-heimdal/article/436910/


*** Firefox-Sicherheitslücken: Angreifer hatte Zugriff auf Mozilla-Bugtracker ***
---------------------------------------------
Ein priviligierter Account für den Mozilla-Bugtracker ist unter der Kontrolle eines Angreifers gewesen. Dadurch gelang es diesem, Informationen über noch nicht behobene Sicherheitslücken in Firefox zu erhalten. 
---------------------------------------------
http://www.golem.de/news/firefox-sicherheitsluecken-angreifer-hatte-zugriff-auf-mozilla-bugtracker-1509-116145.html


*** Extorting money from Ashley Madison customers is actually pretty easy ***
---------------------------------------------
1.05 bitcoins, or $243, is a low enough price to avoid further embarrassment. In the wake of the recent Ashley Madison e-mail dump, some customers have gotten demand e-mails like ..
---------------------------------------------
http://arstechnica.com/business/2015/09/extorting-money-from-ashley-madison-customers-is-actually-pretty-easy/


*** Baby-Monitore sind leicht zu hacken ***
---------------------------------------------
Wie ein Sicherheitsforscher herausfand, sind acht von neun Babyfons mit Internet-Verbindung relativ einfach als Spionage-Kameras einsetzbar.
---------------------------------------------
http://futurezone.at/digital-life/baby-monitore-sind-leicht-zu-hacken/151.031.106


*** Auto-Hacking: Kritik an Sicherheitsupdates per Post ***
---------------------------------------------
Wie stopft man kritische Sicherheitslücken in der Software von Autos? Nach Ansicht eines Sicherheitsexperten ist der von Fiat Chrysler gewählte Weg eine Einladung an Hacker. 
---------------------------------------------
http://www.golem.de/news/auto-hacking-kritik-an-sicherheitsupdates-per-post-1509-116150.html


*** Files on Seagate wireless disks can be poisoned, purloined ***
---------------------------------------------
Download everything, seed with malware, move on to next sucker CERT.org has reported Seagate wireless hard drives include 'undocumented Telnet services' accessible with a hard-coded password and allowing unrestricted file ..
---------------------------------------------
www.theregister.co.uk/2015/09/07/files_on_seagate_wireless_disks_can_be_poisoned_purloined/


*** CryptDB: Angriff auf verschlüsselte Datenbanken ***
---------------------------------------------
Ein Team von Microsoft-Wissenschaftlern hat einen Angriff auf die verschlüsselte Datenbank-Software CryptDB vorgestellt. Als Demonstrationsobjekt nutzte es US-Gesundheitsdatenbanken. Ein ehemaliger Entwickler kritisiert den Angriff jedoch als unrealistisch.
---------------------------------------------
http://www.golem.de/news/cryptdb-angriff-auf-verschluesselte-datenbanken-1509-116157-rss.html


*** Arrests Tied to Citadel, Dridex Malware ***
---------------------------------------------
Authorities in Europe have arrested alleged key players behind the development and deployment of ultra-sophisticated banking malware, including Citadel and Dridex. The arrests involved a Russian national and a Moldovan man, both of whom were traveling ..
---------------------------------------------
http://krebsonsecurity.com/2015/09/arrests-tied-to-citadel-dridex-malware/


*** Crypto-trouble in Poison Ivys C2 protocol ***
---------------------------------------------
During the course of some research regarding the security of RAT C2 protocols and infrastructure i came across a stack buffer overflow disclosed in 2011 (OSVDB-83774) affecting the C2 server component of the Poison Ivy RAT. Poison Ivy (PIVY) is a golden oldie RAT probably everyone in infosec circles is familiar ..
---------------------------------------------
https://samvartaka.github.io/malware/2015/09/07/poison-ivy-reliable-exploitation/


*** Ghost Got Secrets - Ghostbins Guts Part 1 ***
---------------------------------------------
Privacy and anonymity are critical tools for maintaining freedom in our growingly-digital world. Even so, privacy and anonymity are commonly used by individuals performing malicious activities. These two sides of the same coin are what ..
---------------------------------------------
http://l.avala.mp/blog/ghost-got-secrets-ghostbins-guts-part-1/