[CERT-daily] Tageszusammenfassung - Mittwoch 30-09-2015

Wed Sep 30 18:08:15 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 29-09-2015 18:00 − Mittwoch 30-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Analyzing Black Hat URL Shorteners ***
---------------------------------------------
Hackers are known to use URL shortening services to obfuscate their real landing pages. It's very effective in clickbait scams on social networks. Some hackers think that using URL shorteners in site injections makes it less likely to be ..
---------------------------------------------
https://blog.sucuri.net/2015/09/analyzing-black-hat-url-shorteners.html


*** Updated PClock Ransomware Still Comes Up Short ***
---------------------------------------------
In recent years, ransomware families are often glamorized as being some of the most dangerous types of malware. They've certainly caused a wealth of damage to end users with some of the ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/09/updated-pclock-ransomware-still-comes-up-short/


*** New Tactic Finds RAT Operators Fast ***
---------------------------------------------
Low tolerance for latency makes RAT operators less likely to use proxies, easier to track back home.
---------------------------------------------
http://www.darkreading.com/analytics/new-tactic-finds-rat-operators-fast/d/d-id/1322409


*** Tricks for DLL analysis ***
---------------------------------------------
Very often I get questions on how to perform analysis on DLL files. The reason being that it is easier to perform behavioral analysis on executables, either using external sandboxes or a vmware with tools like the ones from the Sysinternals ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20195


*** Honeywell Experion PKS Directory Traversal Vulnerability ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01


*** Mitsubishi Electric MELSEC FX-Series Controllers Denial of Service ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-146-01


*** Baxter SIGMA Spectrum Infusion System Vulnerabilities ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01


*** RSA Web Threat Detection Bugs Let Remote Authenticated Users Obtain the AnnoDB Password and Local Users Gain Root Privileges ***
---------------------------------------------
Two vulnerabilities were reported in RSA Web Threat Detection. A local user can obtain root privileges on the target system. A remote authenticated user can obtain passwords on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1033672


*** RSA Certificate Manager and Registration Manager Input Validation Flaw in OneStep Component Lets Remote Users Traverse the Directory to View Files on the Target System ***
---------------------------------------------
A vulnerability was reported in RSA Certificate Manager and RSA Registration Manager. A remote user can view files on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1033671


*** freeswitch Heap Overflow ***
---------------------------------------------
A carefully crafted json string supplied to cJSON_Parse will trigger a
heap overflow with user controlled data. The underlying vulnerability occurs in the parse_string function.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015090190


*** Kontodaten via App ergaunert: Salzburgerin geschädigt  ***
---------------------------------------------
http://derstandard.at/2000022994264


*** WordPress Malware - VisitorTracker Campaign Update ***
---------------------------------------------
For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially ..
---------------------------------------------
https://blog.sucuri.net/2015/09/wordpress-malware-visitortracker-campaign-update.html


*** Companies leave vulnerabilities unpatched for up to 120 days ***
---------------------------------------------
Kenna studied the proliferation of non-targeted attacks and companies' ability to mitigate these threats through the timely remediation of security vulnerabilities ..
---------------------------------------------
http://www.net-security.org/secworld.php?id=18911


*** Security Advisory - Multiple Vulnerabilities in Huawei FusionServer Products ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-456219.htm


*** Multiple vulnerabilities in Typo3 extensions ***
---------------------------------------------
http://www.typo3.org/news/article/sql-injection-in-extension-httpbl-blocking-mh-httpbl/
http://www.typo3.org/news/article/cross-site-request-forgery-in-extension-typo3-quixplorer-t3quixplorer/
http://www.typo3.org/news/article/cross-site-scripting-in-extension-news-system-news/
http://www.typo3.org/news/article/information-disclosure-in-extension-ldap-eu-ldap/


*** Pwn The Docs: Vulnerability in readthedocs.org ***
---------------------------------------------
If youre not familiar with readthedocs.org its a really popular place for developers to post documentation on their open source code. Its a really great platform and we in fact use it regularly. Honestly, Ive struggled with whether I want to release this vulnerability because its maintained by a few dudes ..
---------------------------------------------
http://alex.hyperiongray.com/posts/302352-pwn-the-docs


*** The Cost of a Data Breach: How Harmful Can a Data Breach Be? ***
---------------------------------------------
There is this belief that businesses that have suffered a data security breach very often do not recover. But is that really so? What does it take to actually destroy a company with a data breach? Before we go to the analysis, ..
---------------------------------------------
http://resources.infosecinstitute.com/the-cost-of-a-data-breach-how-harmful-can-a-data-breach-be/


*** That Big Security Fix for Credit Cards Won't Stop Fraud ***
---------------------------------------------
The new chip cards and readers wont stop card fraud but will simply shift it to a different area.
---------------------------------------------
http://www.wired.com/2015/09/big-security-fix-credit-cards-wont-stop-fraud/


*** User Education, Carrot vs. Stick ***
---------------------------------------------
It's a perennial problem, after hours of presentations, online training, reminder emails, poster campaigns and memos, the phone rings, and a senior member of staff has opened a malicious email attachment, ..
---------------------------------------------
https://blog.team-cymru.org/2015/09/user-education-carrot-vs-stick/


*** Sicherheitslücken gestopft: SAP macht HANA sicherer ***
---------------------------------------------
SAP hat im Mai und April dieses Jahres zwölf Sicherheitslücken in der In-Memory-Plattform HANA geschlossen. Onapsis hat die Lücken erst jetzt gebündelt offengeleg, geht aus einer am gestrigen Dienstag veröffentlichten Sicherheitswarnung von Onapsis hervor.
---------------------------------------------
http://heise.de/-2835049


*** Europol: Cyber-Kriminelle werden immer aggressiver ***
---------------------------------------------
In Den Haag beraten 300 Experten von Europol und Interpol über wirksame Strategien gegen die Internet-Kriminalität.
---------------------------------------------
http://heise.de/-2835263


*** Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet ***
---------------------------------------------
Should have stayed under the skirt of Mother Russia. Just a thought Dimitry Belorossov - a Russian cyber-criminal who used the Citadel banking trojan - has been ..
---------------------------------------------
www.theregister.co.uk/2015/09/30/rainerfox_sentenced/


*** New 'Ghost Push' Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps ***
---------------------------------------------
Halloween is still a month from now and yet Android users are already being haunted by the previously reported 'Ghost Push' malware, which roots ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/new-ghost-push-variants-sport-guard-code-malware-creator-published-over-600-bad-android-apps