[CERT-daily] Tageszusammenfassung - Freitag 25-11-2016

Fri Nov 25 18:03:13 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 24-11-2016 18:00 − Freitag 25-11-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Kriminelle bieten Mirai-Botnetz mit 400.000 IoT-Geräten zur Miete an ***
---------------------------------------------
Was macht das Mirai-Botnetz gerade? Die beiden Sicherheitsforscher mit den Pseudonymen 2sec4u und MalwareTech überwachen das Mirai-Botnetz und teilen aktuelle Aktivitäten via Twitter und eine Webseite. Aus der Live Map der Webseite geht hervor, dass bislang über die ganze Welt verteilt insgesamt mehr als 3 Millionen Geräte im Mirai-Botnetz gefangen waren. In den letzten 24 Stunden waren es knapp unter 100.000.
---------------------------------------------
https://www.heise.de/security/meldung/Kriminelle-bieten-Mirai-Botnetz-mit-400-000-IoT-Geraeten-zur-Miete-an-3504584.html


*** Gehackte Zugänge: Kriminelle versenden Malware mit Mailchimp-Accounts ***
---------------------------------------------
Kriminelle nutzen offenbar übernommene Mailchimp-Accounts, um Malware zu verbreiten. Das geschieht vor allem über Mails mit angeblichen Rechnungen. Alle 2.000 betroffenen Accounts wurden vorläufig stillgelegt.
---------------------------------------------
http://www.golem.de/news/gehackte-zugaenge-kriminelle-versenden-malware-mit-mailchimp-accounts-1611-124714-rss.html


*** Locky hidden in image file hitting Facebook, LinkedIn users ***
---------------------------------------------
Malware masquerading as an image file is still spreading on Facebook, LinkedIn, and other social networks. Check Point researchers have apparently discovered how cyber crooks are embedding malware in graphic and image files, and how they are executing the malicious code within these images to infect social media users with Locky ransomware variants. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file.
---------------------------------------------
https://www.helpnetsecurity.com/2016/11/25/locky-image-file-facebook-linkedin/


*** The Week in Ransomware - November 25th 2016 - Locky, Decryptors, Cerber, Open Source Ransomware sucks, and More ***
---------------------------------------------
Lots of ransomware stories this week. We have two new decryptors, quite a few new ransomware infections, PadCrypt being hidden inside a fake credit card generator, and a few new variants. The biggest news is two new variants of the Locky ransomware that append the .zzzzz and .aesir extensions for encrypted files. [...]
---------------------------------------------
http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-25th-2016-locky-decryptors-cerber-open-source-ransomware-sucks-and-more/


*** Free Software Quick Security Checklist, (Fri, Nov 25th) ***
---------------------------------------------
Free software (open source or not) is interesting for many reasons. It can be adapted to your own needs, it can be easily integrated within complex architectures but the most important remains, of course, the price. Even if they are many hidden costs related to free software. In case of issues, a lot of time may be spent in searching for a solution or diving into the source code (and everybody knows that time is money!). Today, more and more organisationsare not afraid anymore to deployfree...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21751&rss


*** DFN-CERT-2016-1945: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebiger SQL-Befehle ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1945/


*** Security Advisory - Buffer Overflow Vulnerability in Huawei Firewall Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161125-01-usg-en


*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to compromise the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.0. CVE-2016-9379, CVE-2016-9380, CVE-2016-9381, CVE-2016-9382, CVE-2016-9383, CVE-2016-9385, CVE-2016-9386
---------------------------------------------
https://support.citrix.com/article/CTX218775