[CERT-daily] Tageszusammenfassung - Dienstag 3-05-2016

Tue May 3 18:04:55 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 02-05-2016 18:00 − Dienstag 03-05-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** GOZNYM MALWARE ***
---------------------------------------------
Antivirus software detects GozNym hybrid as Nymaim variant GozNym samples resolve domains, do not connect to IPs returned. Separate IP used for HTTP comms. C2 channel for GozNym appears to be HTTP POST requests, in line with ..
---------------------------------------------
https://blog.team-cymru.org/2016/05/goznym-malware/


*** JSA10748 - Protect-RE (loopback) Firewall Filter does not discard OSPF packets from non-permitted prefixes ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10748&actp=RSS


*** Acunetix WVS 10 - Remote command execution (SYSTEM privilege) ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016050003


*** 3-in-4 Android phones, slabs, gizmos menaced by fresh hijack flaws ***
---------------------------------------------
Another month, another round of critical vulnerabilities patched by Google Google has today issued a bundle of 40 security patches for its Android operating system.
---------------------------------------------
www.theregister.co.uk/2016/05/02/android_may_patch_batch/


*** Fake Security Conferences ***
---------------------------------------------
Turns out there are two different conferences with the title International Conference on Cyber Security (ICCS 2016), one real and one fake. Richard Clayton has the story ..
---------------------------------------------
https://www.schneier.com/blog/archives/2016/05/fake_security_c.html


*** RSA Data Loss Prevention Bugs Let Remote Users Conduct Cross-Site Scripting and Clickjacking Attacks and Let Remote Authenticated Users Bypass Security Controls and Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1035714


*** SNMP Pentesting ***
---------------------------------------------
In the previous article about SNMP, we have discussed how to set up your own vulnerable lab where we have configured pfSense and VyOS with SNMP misconfigurations. You can find this article here. In this article, we will discuss how to assess the security ..
---------------------------------------------
http://resources.infosecinstitute.com/snmp-pentesting/


*** l+f: Webseite des Ministeriums für digitale Infrastruktur erneut löchrig ***
---------------------------------------------
Nach Heartbleed nun XSS: Der Web-Auftritt des Bundesministeriums für Verkehr und digitale Infrastruktur war abermals unzureichend abgesichert.
---------------------------------------------
http://heise.de/-3196376


*** OpenSSL Security Advisory [3rd May 2016] ***
---------------------------------------------
https://openssl.org/news/secadv/20160503.txt


*** OpenSSL schließt Abkömmling der Lucky-13-Lücke ***
---------------------------------------------
Die vielgenutzte Krypto-Bibliothek erhält Patches für sechs Sicherheitslücken. Zwei davon haben die Priorität ..
---------------------------------------------
http://heise.de/-3196510


*** Ransomware deployments after brute force RDP attack ***
---------------------------------------------
Fox-IT has encountered various ways in which ransomware is being spread and activated. Many infections happen by sending spam e-mails and luring the receiver in opening the infected ..
---------------------------------------------
https://blog.fox-it.com/2016/05/02/ransomware-deployments-after-brute-force-rdp-attack/