[CERT-daily] Tageszusammenfassung - Dienstag 29-09-2015

Tue Sep 29 18:06:49 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 28-09-2015 18:00 − Dienstag 29-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Hacker nutzen Imgur-Lücke beim Angriff auf Reddit und 8chan ***
---------------------------------------------
Eine Lücke in einem beliebten Bilder-Hoster wie Imgur kann fatale Folgen haben. Wie im vorliegenden Fall, als Hacker über Bande die Nutzer von Reddit und 8chan ins Visier nahmen.
---------------------------------------------
http://heise.de/-2828142


*** Revisiting Apple IPC: (1) Distributed Objects ***
---------------------------------------------
Earlier this year I gave a talk at the inaugural Jailbreak Security Summit entitled Auditing and Exploiting Apple IPC [ slides | video ]. As part of my research for that talk I wanted to find at least one bug involving each of the available IPC mechanisms on OS X/iOS; many of which remain unexplored and poorly-documented from ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/09/revisiting-apple-ipc-1-distributed_28.html


*** Regaining Control Over Edge ***
---------------------------------------------
Getting stuck in a loop is no fun especially when it makes your browser unusable. Microsoft Edge has a bigger chance of that happening due to its default settings.
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/09/regaining-control-over-edge/


*** CryptoWall's 'Customer Journey' Sounds Like A Real Nightmare ***
---------------------------------------------
The latest episode of Radiolab has what is without a doubt the best malware victim interview I've ever heard. Inna Simone's computer was infected by CryptoWall late last year and based on her telling of it, the worst part of the experience was trying to buy the Bitcoin she needed to pay off the extortionists.
---------------------------------------------
https://labsblog.f-secure.com/2015/09/28/cryptowalls-customer-journey/


*** ZDI-15-451: InduSoft Web Studio Remote Agent Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-451/


*** VeraCrypt Patched Against Two Critical TrueCrypt Flaws ***
---------------------------------------------
Two privilege escalation vulnerabilities in the last TrueCrypt build were discovered by James Forshaw of Google Project Zero, and patched in VeraCrypt.
---------------------------------------------
http://threatpost.com/veracrypt-patched-against-two-critical-truecrypt-flaws/114833/


*** Oysters tablet comes preinstalled with Trojanized Android firmware ***
---------------------------------------------
Keeping your mobile device free of malware requires intentional care, but sometimes even that is not enough. As Dr. Web researchers recently pointed out, a device you buy from ..
---------------------------------------------
http://www.net-security.org/malware_news.php?id=3115


*** NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015090182


*** Lebenswichtige medizinische Geräte ungeschützt im Internet ***
---------------------------------------------
Herzschrittmacher, Infusionsgeräte, Magnetresonanztomographen: Sicherheitsforscher haben Zehntausende medizinische Geräte entdeckt, die über das Internet leicht angegriffen werden können - weil sie meist noch mit Windows XP laufen. Die Forscher setzten Defibrillatoren und MRTs als Honeypots ein. 
---------------------------------------------
http://www.golem.de/news/it-sicherheit-lebenswichtige-medizinische-geraete-ungeschuetzt-im-internet-1509-116563.html


*** Abusing GDI for ring0 exploit primitives ***
---------------------------------------------
Not long ago I came across a certain font related vulnerability, it was a 0day being exploited in the wild. The vulnerability was in a driver I was somewhat familiar with ATFMD.SYS.
---------------------------------------------
https://blog.coresecurity.com/2015/09/28/abusing-gdi-for-ring0-exploit-primitives/


*** Botnet preying on Linux computers delivers potent DDoS attacks ***
---------------------------------------------
XOR DDoS bombards as many as 20 targets per day, sometimes with 150 GBpS of traffic.
---------------------------------------------
http://arstechnica.com/security/2015/09/botnet-preying-on-linux-computers-delivers-potent-ddos-attacks/


*** There is an app commandlet for that ***
---------------------------------------------
Allegedly dubbed as Microsoft's post-exploitation language powershell is Microsoft attempt to provide good command-line interface for administrators, developers and power users. Despite being 8 years old it only recently started getting widespread adoption with enterprises moving on to Windows 7 and 2008 environments.
---------------------------------------------
https://dfirblog.wordpress.com/2015/09/27/dissecting-powershell-attacks/


*** Reverse Engineering Virtual Machine Protected Binaries ***
---------------------------------------------
In code obfuscation, a virtual machine is a mechanism used to execute a different instruction set than the one used by machine that runs the program. For example, a virtual machine can support executing the ARM instruction set on a 32-bit x86 architecture. Virtual machines used in code obfuscation are completely ..
---------------------------------------------
http://resources.infosecinstitute.com/reverse-engineering-virtual-machine-protected-binaries/


*** Disclosing Vulnerabilities, Using Data Dumps & Sharing Threat Intelligence ***
---------------------------------------------
In recent years, there has been an explosion in the number of information security conferences held around the world. Despite this, the weeks leading up to Black Hat in Las Vegas are still reserved for some of the most significant security announcements, advancements and hacks of ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/disclosing-vulnerabilities-using-data-dumps-sharing-threat-intelligence


*** ATM Skimmer Gang Firebombed Antivirus Firm ***
---------------------------------------------
Its notable whenever cybercime spills over into real-world, physical attacks. This is the story of a Russian security firm whose operations were pelted with Molotov cocktail attacks after exposing an organized crime gang that developed and sold malicious software to steal cash from ATMs.
---------------------------------------------
http://krebsonsecurity.com/2015/09/atm-skimmer-gang-firebombed-antivirus-firm/


*** Warning: Malicious emails claiming to be from Doctor Web ***
---------------------------------------------
Virus makers often use names of well-known anti-virus companies to gain their victims trust and make them install some malicious program on their computers. At the end of September, cybercriminals employed this method to distribute a dangerous Trojan designed ..
---------------------------------------------
http://news.drweb.com/show/?i=9631&lng=en&c=9


*** Security Advisory 2015-01: Vulnerability in OTRS iPhoneHandle interface allows user with valid session privilege escalation ***
---------------------------------------------
September 29, 2015 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security at otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2016-03-02] uid OTRS Security Team  GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22
---------------------------------------------
https://www.otrs.com/security-advisory-2015-01-vulnerability-in-otrs-iphone-handle/


*** Security Advisory 2015-02: Scheduler Process ID File Access ***
---------------------------------------------
September 29, 2015 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security at otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2016-03-02] uid OTRS Security Team  GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22
---------------------------------------------
https://www.otrs.com/security-advisory-2015-02-scheduler-process-id-file-access/