[CERT-daily] Tageszusammenfassung - Montag 6-06-2016

Daily end-of-shift report team at cert.at
Mon Jun 6 18:29:18 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 03-06-2016 18:00 − Montag 06-06-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Magento Credit Card Stealer for Braintree Extension ***
---------------------------------------------
We regularly find and write about malware that steals credit card details from Magento sites because attackers discover new techniques to obtain sensitive data daily. This time, the malicious code is specifically designed for Magento sites that use the Braintree extension. This extension connects a Magento store with the Braintree payment processing service that is...
---------------------------------------------
https://blog.sucuri.net/2016/06/magento-credit-card-stealer-braintree-extension.html




*** WordPress Sites Under Attack From New Zero-Day In WP Mobile Detector Plugin ***
---------------------------------------------
An anonymous reader writes: A large number of websites have been infected with SEO spam thanks to a new zero-day in the WP Mobile Detector plugin that was installed on over 10,000 websites. The zero-day was used in real-world attacks since May 26, but only surfaced to light on May 29 when researchers notified the plugins developer. Seeing that the developer was slow to react, security researchers informed Automattic, who had the plugin delisted from WordPress.orgs Plugin Directory on May 31. In...
---------------------------------------------
https://tech.slashdot.org/story/16/06/03/2243238/wordpress-sites-under-attack-from-new-zero-day-in-wp-mobile-detector-plugin
https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html




*** Whats Going on With libtiff?, (Sun, Jun 5th) ***
---------------------------------------------
libtiff, as the name implies, is a library used to parse TIFF formatted images. While you dont run into TIFF images on the web every day, the format is quite popular for higher-resolution/high qualityapplications like printing. TIFF allows the user to select between lossless or lossycompression depending on the preferences of the user. While the library is very popular, a reader wrote in last week asking if the library is still maintained. Currently, there are three security issues listed in...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21131&rss




*** Destructive BadBlock ransomware can be foiled ***
---------------------------------------------
If you have been hit with ransomware, you want that malware to be BadBlock - but only if you haven't restarted your computer. This particular malware is a lacklustre attempt to create something on par with more popular ransomware, and that allowed Emsisoft security researcher Fabian Wosar to create a decrypter tool for it. The tool can be downloaded for free, and Bleeping Computer has offered instructions on how to use it. But, aside from...
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/06/destructive-badblock-ransomware-can-foiled/




*** Researchers hack the Mitsubishi Outlander SUV, shut off alarm remotely ***
---------------------------------------------
Mitsubishi Outlander, a popular hybrid SUV sold around the world, can be easily broken into by attackers exploiting security weaknesses in the setup that allows the car to be remotely controlled via an app. The weaknesses were discovered by Pen Test Partners, and include: The mobile app connects to the car through a Wi-Fi access point on it, instead via a web service and GSM module, making it impossible to use if one is not...
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/06/researchers-hack-mitsubishi-outlander/




*** Dangerous self-spreading successor of Zeus and Carberp discovered ***
---------------------------------------------
June 3, 2016 In June, Doctor Web security researchers examined a new dangerous virus targeting Russian bank clients. The virus is designed to steal money from bank accounts and monitor user activity. It has borrowed a lot of features from its predecessors Zeus (Trojan.PWS.Panda) and Carberp. Yet, unlike them, it can be spread without any user intervention infecting executable files. Besides, curing of the infected computer is rather complicated and may take several hours.  Due to the ability to...
---------------------------------------------
http://news.drweb.com/show/?i=9999&lng=en&c=9




*** Firmware Analysis for IoT Devices ***
---------------------------------------------
Introduction This is the second post in the IoT Exploitation and Penetration Testing series. In this post, we are going to have a look at a key component in an IoT device architecture - Firmware. Any IoT device you use, you will be interacting with firmware, and this is because firmware can be thought of...
---------------------------------------------
http://resources.infosecinstitute.com/firmware-analysis-for-iot-devices/




*** Widespread exploits evade protections enforced by Microsoft EMET ***
---------------------------------------------
Its bad news for businesses. Hackers have launched large-scale attacks that are capable of bypassing the security protections added by Microsofts Enhanced Mitigation Experience Toolkit (EMET), a tool whose goal is to stop software exploits.Security researchers from FireEye have observed Silverlight and Flash Player exploits designed to evade EMET mitigations such as Data Execution Prevention (DEP), Export Address Table Access Filtering (EAF) and Export Address Table Access Filtering Plus
---------------------------------------------
http://www.cio.com/article/3079747/widespread-exploits-evade-protections-enforced-by-microsoft-emet.html#tk.rss_security




*** Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160606-aap




*** Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp




*** JSA10749 - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability (CVE-2016-1409) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10749&actp=RSS




*** Security Advisory: NTP vulnerability CVE-2016-1548 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/63/sol63675293.html?ref=rss




*** DSA-3595 mariadb-10.0 - security update ***
---------------------------------------------
Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.25. Please see the MariaDB 10.0 Release Notes for furtherdetails:
---------------------------------------------
https://www.debian.org/security/2016/dsa-3595




*** Bugtraq: [security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538597




*** DFN-CERT-2016-0908: VideoLAN VLC Media Player: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes mit Benutzerrechten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0908/




*** Citrix NetScaler Gateway Lets Remote Users Hijack the Target Users Login Form Credentials ***
---------------------------------------------
http://www.securitytracker.com/id/1036020


More information about the Daily mailing list