[CERT-daily] Tageszusammenfassung - Dienstag 19-07-2016

Tue Jul 19 18:08:03 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 18-07-2016 18:00 − Dienstag 19-07-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Third time (un)lucky – improved Petya is out ***
---------------------------------------------
So far, we dedicated several articles to the interesting, low-level ransomware called Petya, hijacking the boot sector. Each of those versions was using Salsa20 algorithm to encrypt Master File Table and make disk inaccessible. However, ..
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2016/07/third-time-unlucky-improved-petya-is-out/


*** DSA-3622 python-django - security update ***
---------------------------------------------
It was discovered that Django, a high-level Python web developmentframework, is prone to a cross-site scripting vulnerability in theadmins add/change related popup.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3622


*** World-Check terror suspect DB hits the web at just US$6750 ***
---------------------------------------------
Last months borked Couchdb breach delivers more pain to Thomson Reuters The World-Check database that lists "heightened risk individuals and organizations" is reportedly up for sale on the dark web.
---------------------------------------------
www.theregister.co.uk/2016/07/19/6750_buys_you_22_million_worldcheck_citizen_terror_records/


*** Carbanak Gang Tied to Russian Security Firm? ***
---------------------------------------------
Among the more plunderous cybercrime gangs is a group known as "Carbanak," Eastern European hackers blamed for stealing more than a billion dollars from banks. Today ..
---------------------------------------------
http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/


*** Lauschangriff: Netzwerk-Geräte von Juniper akzeptierten selbst signierte Zertifikate ***
---------------------------------------------
Juniper hat in seinem Betriebssystem Junos OS einen Bug geschlossen, der die Signatur-Prüfung von Zertifikaten aushebelte.
---------------------------------------------
http://heise.de/-3270285


*** Apple aktualisiert alle seine Betriebssysteme ***
---------------------------------------------
iOS 9.3.3, OS X El Captian 10.11.6, watchOS 2.2.2 und tvOS 9.2.2 stehen zum Download bereit – und beheben Fehler vor dem nächsten großen Update.
---------------------------------------------
http://heise.de/-3270059


*** Malware History: Code Red ***
---------------------------------------------
Fifteen years (5479 days) ago… Code Red hit its peak. An infamous computer worm, Code Red exploited a vulnerability in Microsoft Internet Information Server (IIS) to propagate. Infected servers displayed the following ..
---------------------------------------------
https://labsblog.f-secure.com/2016/07/19/malware-history-code-red/


*** Cross-Site Scripting in third party library mso/idna-convert ***
---------------------------------------------
https://typo3.org/news/article/cross-site-scripting-in-third-party-library-msoidna-convert/


*** Cross-Site Scripting vulnerability in typolinks ***
---------------------------------------------
https://typo3.org/news/article/cross-site-scripting-vulnerability-in-typolinks-1/


*** SQL Injection in TYPO3 Frontend Login ***
---------------------------------------------
https://typo3.org/news/article/sql-injection-in-typo3-frontend-login/


*** Cross-Site Scripting in TYPO3 Backend ***
---------------------------------------------
https://typo3.org/news/article/cross-site-scripting-in-typo3-backend-1/


*** Pokémon Go: Sicherheitsforscher stoßen auf 215 Fake-Apps ***
---------------------------------------------
In verschiedenen Android-App-Stores sollen gefährliche Trittbrettfahrer-Apps lauern, die mit Pokémon Go bis auf den Namen nichts gemein haben. Im schlimmsten Fall spionieren sie Geräte aus.
---------------------------------------------
http://heise.de/-3270676


*** Long lasting Magnitude EK malvertising campaign not affected by slowdown in EK activity ***
---------------------------------------------
We have been tracking a malvertising campaign distributing the Cerber ransomware linked to the actor behind the Magnitude exploit kit for months. Despite a global slowdown in ..
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/exploits/2016/07/long-lasting-magnitude-ek-malvertising-campaign-not-affected-by-slowdown-in-ek-activity/