[CERT-daily] Tageszusammenfassung - Montag 12-12-2016

Mon Dec 12 18:38:32 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 09-12-2016 18:00 − Montag 12-12-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Windows 10: protection, detection, and response against recent Depriz malware attacks ***
---------------------------------------------
A few weeks ago, multiple organizations in the Middle East fell victim to targeted and destructive attacks that wiped data from computers, and in many cases rendering them unstable and unbootable. Destructive attacks like these have been observed repeatedly over the years and the Windows Defender and Windows Defender Advanced Threat Protection Threat Intelligence teams...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/


*** Microsoft Edges malware alerts can be faked, researcher says ***
---------------------------------------------
Fiddle with a URL and you can pop up and tell users to do anything Technical support scammers have new bait with the discovery that Microsofts Edge browser can be abused to display native and legitimate-looking warning messages.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/12/microsoft_edges_malware_alerts_can_be_faked/


*** New Ransomware Offers The Decryption Keys If You Infect Your Friends ***
---------------------------------------------
MalwareHunterTeam has discovered "Popcorn Time," a new in-development ransomware with a twist. Gumbercules!! writes: "With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key," writes Bleeping Computer. Infected victims are given a "referral code" and, if two people are infected by that code and pay up -- the original victim is given their...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/BAJPIfARkR0/new-ransomware-offers-the-decryption-keys-if-you-infect-your-friends


*** Escaping a restricted shell ***
---------------------------------------------
help command outputs this list of available commands we can use, It's almost basically the web interface disguised as a shell session; Well not really but i'm sure you guys got the point. So let's begin with command substitution (a.k.a command injection) technique:...
---------------------------------------------
https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/


*** Zcash, or the return of malicious miners ***
---------------------------------------------
Despite this dramatic drop from the initial values (which was anticipated), Zcash mining remains among the most profitable compared to other cryptocurrencies. This has led to the revival of a particular type of cybercriminal activity - the creation of botnets for mining. A few years ago, botnets were created for bitcoin mining, but the business all but died out after it became only marginally profitable.
---------------------------------------------
https://securelist.com/blog/research/76862/zcash-or-the-return-of-malicious-miners/


*** 5 Questions to Ask your IoT Vendors; But Do Not Expect an Answer. ***
---------------------------------------------
1 - For how long, after I purchase a device, should I expect security updates? 
2 - How will I learn about security updates? 
3 - Can you share a pentest report for your device? 
4 - How can I report vulnerabilities? 
5 - If you use encryption, then disclose what algorithms you use and how it is implemented
---------------------------------------------
https://isc.sans.edu/diary/5+Questions+to+Ask+your+IoT+Vendors%3B+But+Do+Not+Expect+an+Answer./21807


*** VB2016 paper: Modern attacks on Russian financial institutions ***
---------------------------------------------
Today, we publish the VB2016 paper and presentation (recording) by ESET researchers Jean-Ian Boutin and Anton Cherepanov, in which they look at sophisticated attacks against Russian financial institutions.
---------------------------------------------
https://www.virusbulletin.com/blog/2016/december/vb2016-paper-modern-attacks-russian-financial-institutions/


*** Pentesting ICS Systems ***
---------------------------------------------
Security of ICS systems is one of the most critical issues of this last year. In this article, we will have a brief introduction to ICS systems, risks, and finally, methodology and tools to pentest ICS based systems Introduction Industrial control system (ICS) is a term that includes many types of control systems and instrumentation...
---------------------------------------------
http://resources.infosecinstitute.com/pentesting-ics-systems/


*** Ongoing Windows update bug woes affecting all ISPs ***
---------------------------------------------
Virgin also advising customers knocked offline An ongoing software update bug on Windows 8 and 10 appears affecting users of several UK ISPs, with Virgin Media the latest provider to admit the problem is knocking a number of its customers offline.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/12/ongoing_windows_8_10_dhcp_problems_affecting_all_isps/


*** Netgear-Router trivial angreifbar, noch kein Patch in Sicht ***
---------------------------------------------
Im Web-Interface einiger Netgear-Router klafft offenbar eine kritische Sicherheitslücke, die Angreifer leicht ausnutzen können, um Code mit Root-Rechten auszuführen. Schutz verspricht bisher nur ein unorthodoxer Weg: Man soll die Lücke selbst ausnutzen.
---------------------------------------------
https://heise.de/-3568679


*** DDoS tool encourages users to compete against each other for points ***
---------------------------------------------
Sledgehammer tool encourages hackers to launch DDoS attacks - but theres a sting in the tail
---------------------------------------------
https://nakedsecurity.sophos.com/2016/12/12/ddos-tool-encourages-users-to-compete-against-each-other-for-points/


*** VU#582384: Multiple Netgear routers are vulnerable to arbitrary command injection ***
---------------------------------------------
Vulnerability Note VU#582384 Multiple Netgear routers are vulnerable to arbitrary command injection Original Release date: 09 Dec 2016 | Last revised: 09 Dec 2016   Overview Netgear R7000 and R6400 routers and possibly other models are vulnerable to arbitrary command injection.  Description CWE-77: Improper Neutralization of Special Elements used in a Command (Command Injection) Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and...
---------------------------------------------
http://www.kb.cert.org/vuls/id/582384


*** DSA-3730 icedove - security update ***
---------------------------------------------
Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors,same-origin policy bypass issues, integer overflows, buffer overflowsand use-after-frees may lead to the execution of arbitrary code ordenial of service.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3730


*** Vuln: McAfee VirusScan Enterprise Multiple Security Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/94823


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: One vulnerability in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1 and v1.0.1.1 (CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995653
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK for Node.js ***
http://www.ibm.com/support/docview.wss?uid=swg21993007
---------------------------------------------
*** IBM Security Bulletin: Open Source Apache Tomcat Commons FileUpload Vulnerabilities affects Atlas Policy Suite (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995382
---------------------------------------------
*** IBM Security Bulletin: Potential Information Disclosure vulnerability in IBM MessageSight (CVE-2016-5986) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995246
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in OpenSSH (CVE-2015-5352, CVE-2015-6563, CVE-2015-6564) ***
http://www.ibm.com/support/docview.wss?uid=swg21992610
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web version 7 software (CVE-2016-3550, CVE-2016-3485) ***
http://www.ibm.com/support/docview.wss?uid=swg21993132
---------------------------------------------
*** IBM Security Bulletin: Open Redirect vulnerability in IBM MessageSight (CVE-2016-3040) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995247
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 - Includes Oracle Apr 2016 CPU affect for IBM Connections (CVE-2016-0264 ) ***
https://www-01.ibm.com/support/docview.wss?uid=swg21988365
---------------------------------------------
*** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 - Includes Oracle Apr 2016 CPU affect Content Collector for Email (CVE-2016-0264) ***
https://www-01.ibm.com/support/docview.wss?uid=swg21988357
---------------------------------------------
*** IBM Security Bulletin: Information Disclosure in IBM MessageSight (CVE-2016-0378) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995238
---------------------------------------------