[CERT-daily] Tageszusammenfassung - Dienstag 12-04-2016

Daily end-of-shift report team at cert.at
Tue Apr 12 18:04:42 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 11-04-2016 18:00 − Dienstag 12-04-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Manamecrypt - a ransomware that takes a different route ***
---------------------------------------------
Hardly a week passes these days without a new family of ransomware making the headlines. This week our analysts are taking apart Manamecrypt, also referred to as CryptoHost. Basically, Manamecrypt is a ransomware Trojan horse, but it differs from other ransomware families in a number of aspects. For ..
---------------------------------------------
https://blog.gdatasoftware.com/2016/04/28234-manamecrypt-a-ransomware-that-takes-a-different-route




*** Von IP-Adressen, Kloschüsseln und einer abgelegenen Farm ***
---------------------------------------------
Kansas ist das Herz des Cybercrime - zumindest wenn man einer Anwendung glauben schenkt, die IP-Adressen auf einer Karte verortet. Tatsächlich leben dort unschuldige Menschen, die nun viele wütende Anrufe und Kloschüsseln bekommen. 
---------------------------------------------
http://www.golem.de/news/skurrile-belaestigungen-von-ip-adressen-kloschuesseln-und-einer-abgelegenen-farm-1604-120266.html




*** KickassTorrent touts adoption of two-factor authentication ***
---------------------------------------------
A torrent site has added an extra layer of security for users logging in.
---------------------------------------------
http://www.scmagazine.com/kickasstorrent-touts-adoption-of-two-factor-authentication/article/488804/




*** Rokku Ransomware shows possible link with Chimera ***
---------------------------------------------
Rokku is yet another ransomware, discovered in recent weeks. Currently, it's most common distribution method is spam where a malicious executable is dropped by a VB script attached to an e-mail. The building blocks ..
---------------------------------------------
https://blog.malwarebytes.org/threat-analysis/2016/04/rokku-ransomware/




*** Ramdo click-fraud malware uses evasive maneuvers to draw first blood from researchers ***
---------------------------------------------
A thorough dissection of the click-fraud malware Ramdo shows a constantly evolving threat whose capabilities now include traffic encryption, random domain generation and improved virtualization detection.
---------------------------------------------
http://www.scmagazine.com/ramdo-click-fraud-malware-uses-evasive-maneuvers-to-draw-first-blood-from-researchers/article/489001/




*** Websites take control of USB devices: Googlers propose WebUSB API ***
---------------------------------------------
What could possibly go wrong? Wait, what could possibly go right Two Google engineers have drafted a ..
---------------------------------------------
www.theregister.co.uk/2016/04/11/google_posts_usb_devices_tool/




*** Half of people plug in USB drives they find in the parking lot ***
---------------------------------------------
Why do we even bother with security software? A new study has found that almost half the people who pick up a USB stick they happen across in a parking lot plug said drives into their PCs.
---------------------------------------------
www.theregister.co.uk/2016/04/11/half_plug_in_found_drives/




*** DSA-3547 imagemagick - security update ***
---------------------------------------------
Several vulnerabilities were discovered in Imagemagick, a program suite forimage manipulation. This update fixes a large number of potential securityproblems such as null-pointer access and buffer-overflows that might leadto memory leaks or denial of service. None of these security problems havea CVE number assigned.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3547




*** Atmos, the Citadel Trojan successor is in the wild ***
---------------------------------------------
Security experts from the Heimdal Security firm are issuing an alert on the Atmos malware which is the successor of the dreaded Citadel Trojan. Months ago, the author of the dreaded Citadel malware was sentenced to prison, but in ..
---------------------------------------------
http://securityaffairs.co/wordpress/46252/malware/atmos-trojan.html




*** TYPO3 CMS 6.2.20, 7.6.5 and 8.0.1 released ***
---------------------------------------------
https://typo3.org/news/article/typo3-cms-6220-765-and-801-released/




*** Snort Lab: Payload Detection Rules (PCRE) ***
---------------------------------------------
Until now, when we used Snort to look for certain content within the payload, we've always looked for some specific values. What if we wanted to look for something that we ..
---------------------------------------------
http://resources.infosecinstitute.com/snort-lab-payload-detection-rules-pcre/




*** Kernel: Oracle startet eigene Sammlung von Linux-Sicherheitspatches ***
---------------------------------------------
Um Updates leichter einspielen zu können, will Oracle Zweige des Linux-Kernel pflegen, die ausschließlich Patches für Sicherheitslücken enthalten. Was gut klingt, ist aber eine kontroverse Idee, da die Auswirkungen von Kernel-Fehlern schwer zu beurteilen sind. 
---------------------------------------------
http://www.golem.de/news/kernel-oracle-startet-eigene-sammlung-von-linux-sicherheitspatches-1604-120284.html






More information about the Daily mailing list