[CERT-daily] Tageszusammenfassung - Mittwoch 22-06-2016

Wed Jun 22 18:07:28 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 21-06-2016 18:00 − Mittwoch 22-06-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Macro Malware Adds Tricks, Uses MaxMind to Avoid Detection ***
---------------------------------------------
Macro malware continues to evolve and use new tricks to evade detection. This threat is responsible for downloading malicious Trojans such as Dridex and ransomware such as Locky. Recently McAfee Labs has encountered a new variant of macro ..
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/macro-malware-adds-tricks-uses-maxmind-to-avoid-detection/


*** Advantech WebAccess ActiveX Vulnerabilities ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01


*** Schneider Electric PowerLogic PM8ECC Cross-site Scripting Vulnerability ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-02


*** DHL Packstation: Sicherheitslücke begünstigt Missbrauch der fast 3000 Paketautomaten ***
---------------------------------------------
Durch eine Sicherheitslücke konnten Online-Ganoven unnötig leicht auf die Paketfächer der rund acht Millionen Packstation-Nutzer zugreifen. Als DHL das Problem bestritt, hat c't es selbst versucht.
---------------------------------------------
http://heise.de/-3243343


*** Hacker, Bromium donate $30,000 in bug bounty cash to charity ***
---------------------------------------------
Google hacker Tavis Ormandy and security firm Bromium have handed Amnesty International US$30,000 in bug bounty cash awarded after the former broke the latters security controls.
---------------------------------------------
www.theregister.co.uk/2016/06/22/hacker_bromium_donate_30000_in_bug_bounty_cash_to_charity/


*** ENISA discusses cyber challenges of the digital transformation ***
---------------------------------------------
https://www.enisa.europa.eu/news/executive-news/enisa-discusses-cyber-challenges-of-the-digital-transformation


*** DNS-Sicherheitslücke bei Apple: Weitere Plattformen betroffen ***
---------------------------------------------
Neben den AirPort-Basisstationen sind auch iOS, OS X und watchOS von einer kritischen Lücke betroffen ..
---------------------------------------------
http://heise.de/-3244645


*** E-Mail-Verschlüsselung: EU-Kommission hat Angst vor verschlüsseltem Spam ***
---------------------------------------------
PGP ist sicher, aber in der Handhabung oft kompliziert, gerade in grossen Unternehmen. Die EU-Kommission will die Technik in einem Pilotprojekt für alle Mitarbeiter einführen. Eine Angst geht dabei um: die vor verschlüsselten Spammails.
---------------------------------------------
http://www.golem.de/news/e-mail-verschluesselung-eu-kommission-hat-angst-vor-verschluesseltem-spam-1606-121638-rss.html


*** KSN Report: Ransomware from 2014-2016 ***
---------------------------------------------
The number of users attacked with ransomware is huge. But how big is it? Ransomware seems to be a global threat. But maybe there are regions at a higher risk of danger? There seem to be a lot of ransomware malware groups. But what are the most widespread and dangerous?
---------------------------------------------
http://securelist.com/analysis/publications/75145/pc-ransomware-in-2014-2016/


*** Microsofts entrauscht homomorphe Krypto-Library SEAL ***
---------------------------------------------
Das Rechnen mit verschlüsselten Daten rückt heran. Durch einen Wechsel des zugrundeliegenden Krypto-Systems will Microsoft die homomorphe Verschlüsselung auf eine neue Stufe heben.
---------------------------------------------
http://heise.de/-3243299


*** Exploiting Public Information for OSINT ***
---------------------------------------------
Open source intelligence is an act of finding the information using publicly available sources; these sources could be anything, for instance; newspaper, business directories, annual reports, etc. And the scope of OSINT is not only limited to ..
---------------------------------------------
http://resources.infosecinstitute.com/exploiting-public-information-for-osint/


*** Online-Backup-Anbieter Carbonite fordert Nutzer zu Passwort-Reset auf ***
---------------------------------------------
Wegen einer vermehrten Anzahl von unautorisierten Zugriffen auf Accounts sollten Nutzer des Online-Backup-Services Carbonite ihr Passwort zurücksetzen.
---------------------------------------------
http://heise.de/-3245465


*** Return of Locky ***
---------------------------------------------
There's been a lot of discussion recently of the Necurs botnet being quiet. Today, Necurs activity resumed, and a new Locky malspam campaign began! Let's look at it!
---------------------------------------------
https://malcat.moe/?p=53


*** Interview with a Craigslist scammer ***
---------------------------------------------
Ever wondered what motivates people who swindle others on Craigslist? Read on for a fascinating look into the mind of a small-time ..
---------------------------------------------
http://www.infoworld.com/article/3086304/cyber-crime/interview-with-a-craigslist-scammer.html


*** 105.386 Österreicher von LinkedIn-Datenleck betroffen ***
---------------------------------------------
In der Datenbank des Karriere-Netzwerks LinkedIn befanden sich insgesamt 15.386 österreichische Mail-Adressen und 76.344 Passwörter. 
---------------------------------------------
http://futurezone.at/digital-life/105-386-oesterreicher-von-linkedin-datenleck-betroffen/205.911.379


*** Vulnerability Spotlight: Pidgin Vulnerabilities ***
---------------------------------------------
Pidgin is a universal chat client that is used on millions of systems worldwide. The Pidgin chat client enables you to communicate on multiple chat networks simultaneously. Talos has identified multiple vulnerabilities in the way Pidgin handles the MXit ..
---------------------------------------------
http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html