[CERT-daily] Tageszusammenfassung - Dienstag 14-06-2016

Tue Jun 14 18:04:20 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 13-06-2016 18:00 − Dienstag 14-06-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** ATM Insert Skimmers In Action ***
---------------------------------------------
KrebsOnSecurity has featured several recent posts on "insert skimmers," ATM skimming devices made to fit snugly and invisibly inside a cash machines card acceptance slot. Im revisiting the subject again because Ive recently ..
---------------------------------------------
http://krebsonsecurity.com/2016/06/atm-insert-skimmers-in-action/


*** DSA-3601 icedove - security update ***
---------------------------------------------
Multiple security issues have been found in Icedove, Debians version ofthe Mozilla Thunderbird mail client: Multiple memory safety errors maylead to the execution of arbitrary code or denial of service.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3601


*** Virenscanner infiziert Systeme mit Sality-Virus ***
---------------------------------------------
Durch ein Update landete des Virenscanners Rising landet eine infizierte Datei auf den Systeme, die sich dann daran macht, den Sality-Virus weiter zu verbreiten.
---------------------------------------------
http://heise.de/-3237654


*** Vawtrak banking Trojan shifts to new targets ***
---------------------------------------------
The Vawtrak banking Trojan (aka Snifula) is slowly but surely becoming a serious threat. With version 2, the malware has acquired the capability to target ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/14/vawtrak-banking-trojan-shifts-new-targets/


*** Kritische Sicherheitslücke: Angreifer können Adminrechte in Oxid-E-Shop erlangen ***
---------------------------------------------
Eine Sicherheitslücke im E-Shop-System Oxid ermöglicht Angreifern den Zugriff auf das Admininterface, es kann auch Code ins Frontend injiziert werden. Aktuelle Versionen werden mit einem Patch abgesichert, für ältere existiert lediglich ein Workaround.
---------------------------------------------
http://www.golem.de/news/kritische-sicherheitsluecke-angreifer-koennen-adminrechte-in-oxid-e-shop-erlangen-1606-121497.html


*** Aufregung um Linkedin-Hack in .at: Nutzer sollten dringend Passwort ändern ***
---------------------------------------------
Vollständige Nutzerdatenbank aus dem Jahr 2012 kursiert, und sorgt nun auch hierzulande für Schlagzeilen.
---------------------------------------------
http://derstandard.at/2000038935519


*** Weaponizing Nessus ***
---------------------------------------------
Once in a blue moon we come across a client that has truly done security right (or at least, tried really hard to do so). All the low hanging fruit has ..
---------------------------------------------
http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus


*** The PhotoMiner Campaign ***
---------------------------------------------
Over the past few months, we've been following a new type of worm we named PhotoMiner. PhotoMiner features a unique infection mechanism, reaching endpoints by infecting websites hosted on FTP servers while making money by ..
---------------------------------------------
https://www.guardicore.com/2016/06/the-photominer-campaign/


*** Finding pearls; fuzzing ClamAV ***
---------------------------------------------
Previously, I wrote about the general workflow to follow if you wanted to seriously begin fuzzing applications, while covering fuzzing a small YAML library. In this post, we will cover taking that workflow and applying it in real life to the open-source antivirus project ClamAV. This fuzz job was ..
---------------------------------------------
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/


*** phpMyAdmin Project Successfully Completes Security Audit ***
---------------------------------------------
Software Freedom Conservancy congratulates its phpMyAdmin project on succesfuly completing completing a thorough security audit, as part of Mozillas Secure Open Source Fund. No serious issues were found in the phyMyAdmin codebase.
---------------------------------------------
https://www.phpmyadmin.net/news/2016/6/13/phpmyadmin-project-successfully-completes-security-audit/


*** Netgear-Router dank festinstallierter Schlüssel einfach zu knacken ***
---------------------------------------------
Die Router D6000 und D3600 können von Angreifern gekapert werden, da sie fest installierte Krypto-Schlüssel nutzen, die immer gleich sind. Ausserdem lässt sich das Administrator-Passwort sehr einfach auslesen.
---------------------------------------------
http://heise.de/-3237907


*** Making Curl | Bash safe(r) ***
---------------------------------------------
You know those software installation instructions that tell you to download and run a script directly from the internet, as root, using something like the following?
---------------------------------------------
https://sysdig.com/blog/making-curl-bash-safer/