[CERT-daily] Tageszusammenfassung - Mittwoch 16-09-2015

Wed Sep 16 18:08:00 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 15-09-2015 18:00 − Mittwoch 16-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** CoreBot Adds New Capabilities, Transitions to Banking Trojan ***
---------------------------------------------
As many researchers expected it would, CoreBot, the credential-stealing malware that first surfaced last month, has added a bevy of new capabilities and reinvented itself as a robust banking Trojan.
---------------------------------------------
http://threatpost.com/corebot-adds-new-capabilities-transitions-to-banking-trojan/114667/


*** Hacking Team looks to hire hacker ***
---------------------------------------------
Following the compromising of nearly all its databases and emails, and then the subsequent release of those company details, Hacking Team posted a job listing for a "hacker/developer."
---------------------------------------------
http://www.scmagazine.com/hacking-team-looks-to-expand-team-after-breach/article/438717/


*** WordPress Brute Force Attacks - 2015 Threat Landscape ***
---------------------------------------------
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A co-worker set up a test server and chose a very weak root password. A few days later, the box was compromised ..
---------------------------------------------
https://blog.sucuri.net/2015/09/wordpress-brute-force-attacks-2015-threat-landscape.html


*** Malicious spam with zip attachments containing .js files, (Wed, Sep 16th) ***
---------------------------------------------
On 2015-07-29, the ISC publisheda diary covering malicious spam (malspam) with zip archives of javascript (.js) files [1]. Since then, weve received notifications from others who have found this type of malspam. Lets revisit the spam filters, search for this type of email, and see if anything ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20153


*** "Unternehmen wollen Sicherheitslösungen aus Europa" ***
---------------------------------------------
SBA Research hat den ersten österreichischen Inkubator für Cybersicherheits-Start-ups ins Leben gerufen. Die futurezone hat die Geschäftsführer des Kompetenzentrums befragt. 
---------------------------------------------
http://futurezone.at/thema/start-ups/unternehmen-wollen-sicherheitsloesungen-aus-europa/152.858.704


*** In Search of SYNful Routers ***
---------------------------------------------
On Tuesday, September 15, 2015, Mandiant and FireEye disclosed SYNful Knock, a router implant discovered on fourteen Cisco routers in India, Mexico, the Philippines, and Ukraine. The implant consists a modified version of the Cisco firmware that provides attackers with unrestricted access to the router including the ability to load additional modules. The attack is ..
---------------------------------------------
https://zmap.io/synful/


*** Can an inevitable evil be conquered? ***
---------------------------------------------
Scanning an object (a file or web resource) with an Internet security program essentially comes down to making a binary decision: dangerous or safe? An antivirus engine puts forward the hypothesis that an object is malicious and then checks ..
---------------------------------------------
http://securelist.com/blog/opinions/72180/can-an-inevitable-evil-be-conquered/


*** Enthüllungsplattform Cryptome: PGP-Schlüssel kompromittiert ***
---------------------------------------------
Mit Zugang zu den Schlüsseln der Plattform und des Gründers John Young könnten Angreifer verschlüsselte Mails lesen und sich als Betreiber der Webseite ausgeben.
---------------------------------------------
http://heise.de/-2817797


*** Cyberkriminalität in Österreich: Fragen und Antworten ***
---------------------------------------------
Das Bundeskriminalamt präsentiert gemeinsam mit der futurezone den Cybercrime-Report 2014. Wir laden am Montagabend zur Diskussion über Trends in der Cyberkriminalität. 
---------------------------------------------
http://futurezone.at/digital-life/cyberkriminalitaet-in-oesterreich-fragen-und-antworten/153.021.413


*** Android-Passwortsperre lässt sich zum Teil leicht austricksen ***
---------------------------------------------
Bei Nexus-Geräten demonstriert, unklar ob andere Geräte betroffen sind – Google liefert bereits Update
---------------------------------------------
http://derstandard.at/2000022284907


*** Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a cleartext transmission vulnerability in Schneider Electric's StruxureWare Building Expert product.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-01


*** 3S CODESYS Gateway Server Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a heap-based buffer overflow vulnerability in 3S-Smart Software Solutions GmbH's CODESYS Gateway Server.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-02


*** GE MDS PulseNET Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for two vulnerabilities in GE's MDS PulseNET and MDS PulseNET Enterprise Network Management Software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03


*** Advantech WebAccess Stack-Based Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a stack-based buffer overflow vulnerability in Advantech's WebAccess application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-04


*** Attacks over DNS ***
---------------------------------------------
DNS is a naming system used for all devices connected to the Internet or a network. DNS is easy to remember instead of IP addresses for users. It is a method in which domain names are translated into an IP (Internet Protocol) addresses. The DNS works ..
---------------------------------------------
http://resources.infosecinstitute.com/attacks-over-dns/


*** SYNful Knock - A Cisco router implant - Part II ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis0.html


*** Trojan.MWZLesson.a Trojan for POS terminals ***
---------------------------------------------
For many years POS terminals remain one the most favorite targets for virus makers. Due to the fact that this technology is used by a large number of sales organizations around the world to process payments made using bank cards, cybercriminals just ..
---------------------------------------------
http://news.drweb.com/show/?i=9615&lng=en&c=9


*** Einstweilige Verfügung: Fireeye geht juristisch gegen Sicherheitsforscher vor ***
---------------------------------------------
Ein Team von Sicherheitsforschern wollte auf einer Konferenz über Sicherheitslücken in Fireeye-Produkten berichten. Fireeye sah durch die Präsentation Geschäftsgeheimnisse bedroht und hat eine einstweilige Verfügung erwirkt.
---------------------------------------------
http://www.golem.de/news/einstweilige-verfuegung-fireeye-geht-juristisch-gegen-sicherheitsforscher-vor-1509-116346.html


*** TeslaCrypt 2.0: Cyber Crime Malware Behavior, Capabilities and Communications ***
---------------------------------------------
As part of our normal course of operations as a cyber threat intelligence provider, we monitor the cyber crime underground and provide analysis to our clients on new and emerging threats. As you can imagine, we naturally run into large quantities of malware on a daily basis. From time to time, we ..
---------------------------------------------
http://www.isightpartners.com/2015/09/teslacrypt-2-0-cyber-crime-malware-behavior-capabilities-and-communications/


*** Free and Commercial Tools to Implement the SANS Top 20 Security Controls, Part 2 ***
---------------------------------------------
This is Part 2 of a How-To is an effort to compile a list of tools (free and commercial) that can help an IT administrator comply with the Security Controls. In Part 1 we looked at Inventory of Authorized and Unauthorized Devices. The controls (ordered 1-20) are in order of importance. In other words, completing ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/free-and-commercial-tools-to-implement-the-sans-top-20-security-controls-part-2