[CERT-daily] Tageszusammenfassung - Donnerstag 14-01-2016

Thu Jan 14 18:06:59 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 13-01-2016 18:00 − Donnerstag 14-01-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** SlemBunk Part II: Prolonged Attack Chain and Better-Organized Campaign ***
---------------------------------------------
Our follow-up investigation of a nasty Android banking malware we identified at the tail end of last year has not only revealed that the trojan is more persistent than we initially realized - thus making for a much more dangerous threat - but that it is also being used as part of an ongoing and evolving campaign.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2016/01/slembunk-part-two.html


*** Faulty ransomware renders files unrecoverable, even by the attacker ***
---------------------------------------------
A cybercriminal has built a ransomware program based on proof-of-concept code released online, but messed up the implementation, resulting in victims files being completely unrecoverable.Researchers from antivirus vendor Trend Micro recently ..
---------------------------------------------
http://www.cio.com/article/3022159/faulty-ransomware-renders-files-unrecoverable-even-by-the-attacker.html


*** As easy as Citrix123 - hacker claims he popped Citrixs CMS ***
---------------------------------------------
And once he was in, it became possible to pour malware onto all customers, allegedly A Russian hacker claims he broke into systems run by Citrix, and gained access to potentially a huge number of customers.
---------------------------------------------
www.theregister.co.uk/2016/01/13/ruskie_hacker_pops_citrix/


*** Ex-NSA-Chef: Hintertüren für Verschlüsselung sind eine furchtbare Idee ***
---------------------------------------------
Michael Hayden widerspricht den Forderungen von FBI-Boss James Comey
---------------------------------------------
http://derstandard.at/2000029033330


*** RedHen CRM - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-002 ***
---------------------------------------------
The Redhen set of modules allows you to build a CRM features in a Drupal site.When rendering individual Contacts, this module does not properly filter the certain data prior to display. When rendering listing of notes or engagement scores, ..
---------------------------------------------
https://www.drupal.org/node/2649800


*** Cisco kämpft mit statischem Passwort und fixt kritische Lücken ***
---------------------------------------------
In Ciscos Identity Services Engine klafft eine als kritisch und eine als hoch eingestufte Schwachstelle. Neben der Wireless-LAN-Controller-Software sind auch noch Aironet-Basisstationen der 1800-Serie verwundbar. Sicherheitsupdates stehen bereit.
---------------------------------------------
http://heise.de/-3070756


*** Angriff der Cyber-Eichhörnchen ***
---------------------------------------------
Eichhörnchen sind eine größere Gefahr für Internet- und Stromleitungen als Hacker. Das zeigt die Webseite CyberSquirrel1 auf augenzwinkernde Art und Weise. 
---------------------------------------------
http://www.golem.de/news/internet-und-stromausfaelle-angriff-der-cyber-eichhoernchen-1601-118533.html


*** OpenSSL version 1.1.0 pre release 2 published ***
---------------------------------------------
OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 2 has now been made available. For details of changes and known issues see the release ..
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-announce/2016-January/000057.html


*** Triple-Seven: OpenSSH-Schwachstelle leakt geheime Schlüssel ***
---------------------------------------------
Eine unfertige Option, die bei OpenSSH seit 2010 standardmäßig aktiviert ist, führt dazu, dass gekaperte Server die geheimen Schlüssel der sich verbindenden Nutzer auslesen können. Updates, welche die Lücke schließen, stehen bereit.
---------------------------------------------
http://heise.de/-3071372


*** Ransomware a Threat to Cloud Services, Too ***
---------------------------------------------
Ransomware -- malicious software that encrypts the victims files and holds them hostage unless and until the victim pays a ransom in Bitcoin -- has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.
---------------------------------------------
http://krebsonsecurity.com/2016/01/ransomware-a-threat-to-cloud-services-too/