[CERT-daily] Tageszusammenfassung - Donnerstag 31-03-2016

Thu Mar 31 18:11:17 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 30-03-2016 18:00 − Donnerstag 31-03-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Auch Google sollte für US-Behörden Smartphones entsperren ***
---------------------------------------------
Alles dreht sich im aktuellen Streit um gesperrte Smartphones von mutmaßlichen Straftätern um Apple und das FBI - US-Behörden haben aber auch an Google zahlreiche derartiger Aufforderungen verschickt. Das hat die Bürgerrechtsvereinigung ACLU herausgefunden. 
---------------------------------------------
http://www.golem.de/news/nicht-nur-apple-auch-google-sollte-fuer-us-behoerden-smartphones-entsperren-1603-120050.html


*** Lücke bei SAP-Software: Hunderttausende Unternehmen gefährdet ***
---------------------------------------------
Deutsche Behörden stufen die Mängel als "kritisch" ein, erst seit Oktober behoben
---------------------------------------------
http://derstandard.at/2000033938536


*** Trend-Micro-Produkte öffneten triviale Hintertür ***
---------------------------------------------
Antiviren-Software soll das System vor bösartiger Software schützen. Immer öfter stellt sich jedoch heraus, dass sie selbst als Einfallstor dienen kann. Ein Sicherheitsexperte demonstriert das zum wiederholten Mal mit Trend Micros Security-Produkten.
---------------------------------------------
http://heise.de/-3159436


*** Automatisierte Medikamenten-Verteiler mit über 1400 Sicherheitslücken ***
---------------------------------------------
Veraltete SupplyStation-Systeme sind nach wie vor in Krankenhäusern im Einsatz und haben tausende Sicherheitslücken. Das ICS-CERT in den USA warnt deswegen vor dem Sicherheitsrisiko durch diese Medikamenten-Verteiler.
---------------------------------------------
http://heise.de/-3159439


*** Snort Covert Channels ***
---------------------------------------------
Lab 3: Covert Channels Covert channels are used by outside attackers to establish communications with the compromised system, or by malicious insiders to secretly transfer data to unauthorized locations. There are various implementations ..
---------------------------------------------
http://resources.infosecinstitute.com/snort-covert-channels/


*** Security best practices for git users ***
---------------------------------------------
In recent years git has become one of most popular SCM/Version Control systems. Usage in some high-profile open-source projects like Linux or Raspberry Pi and support from vendors like GitHub and GitLab definitively helped to gain fame. As ..
---------------------------------------------
http://resources.infosecinstitute.com/security-best-practices-for-git-users/


*** PowerWare 'Fileless Infection' Deepens Ransomware Conundrum for Healthcare Providers ***
---------------------------------------------
The recent wave of ransomware attacks on healthcare institutions is not only raising questions about contingency planning, but also about whether healthcare is becoming the 'go-to' target for cyber extortionists looking to make quick ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/powerware-fileless-infection-deepens-ransomware-conundrum-for-healthcare-providers


*** DFN-CERT PGP-Schlüssel ***
---------------------------------------------
https://www.dfn-cert.de/aktuell/dfn-cert-schluessel.html


*** Cisco Firepower Malware Block Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp


*** Let Me Get That Door for You: Remote Root Vulnerability in HID Door Controllers ***
---------------------------------------------
If you've ever been inside an airport, university campus, hospital, government complex, or office building, you've probably seen one of HID's brand of card readers standing guard over a restricted area. HID is one of the world's largest ..
---------------------------------------------
http://blog.trendmicro.com/let-get-door-remote-root-vulnerability-hid-door-controllers/


*** The Linux Remaiten malware is building a Botnet of IoT devices ***
---------------------------------------------
Experts from the ESET firm have spotted a new threat in the wild dubbed Remaiten that targets embedded systems to recruit them in a botnet. ESET is actively monitoring malicious codes that target IoT systems such as routers, gateways ..
---------------------------------------------
http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html


*** Ransomware Petya - a technical review ***
---------------------------------------------
In March 24, researchers at G DATA received a sample of a new type of ransomware which was dubbed 'Petya'. Unlike other types of ransomware, Petya prevents the operating system from starting by manipulating the MBR and installing its own ..
---------------------------------------------
https://blog.gdatasoftware.com/2016/03/28226-ransomware-petya-a-technical-review