[CERT-daily] Tageszusammenfassung - Montag 17-10-2016

Mon Oct 17 18:03:15 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 14-10-2016 18:00 − Montag 17-10-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** pseudoDarkleech Rig EK ***
---------------------------------------------
Since Monday 2016-10-03, the pseudoDarkleech campaign has been using Rig exploit kit (EK) to distribute Cerber ransomware." /> Shown above: An infection chain of events. Let" /> Shown above:" /> Shown above: UDP traffic seen ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21595


*** Sierra Wireless Mitigations Against Mirai Malware ***
---------------------------------------------
NCCIC/ICS-CERT received a technical bulletin from the Sierra Wireless company, outlining mitigations to secure Airlink Cellular Gateway devices affected by (or at risk of) the “Mirai” malware. While the Sierra Wireless ..
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-286-01


*** Vuln: Magento CMS Multiple Cross-Site Request Forgery Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/93576


*** Vuln: Magento CMS Flash File Uploader Cross Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93575


*** Vuln: PHP password_verify() Function Out-of-Bounds Read Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93578


*** Maldoc VBA Anti-Analysis ***
---------------------------------------------
I was asked for help with the analysis of sample 7c9505f2c041ba588bed854258344c43. Turns out this malicious Word document has some anti-analysis tricks (here is an older diary entry with other anti-analysis tricks). Here is the analysis with oledump.py:  Stream 8 contains VBA ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21599


*** Symantec observed a surge of spam emails using malicious WSF files ***
---------------------------------------------
Symantec observed a significant increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments. Experts from Symantec are observing a significant increase in the number of email-based ..
---------------------------------------------
http://securityaffairs.co/wordpress/52341/cyber-crime/spam-wsf-files.html


*** Analyzing Office Maldocs With Decoder.xls, (Sun, Oct 16th) ***
---------------------------------------------
In my last diary entry, I show how to decode VBA maldoc strings with Excel. A similar technique can be used to decode a payload (like shellcode). I explain ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21601


*** Outlook-on-Android alternative Nine leaked Exchange Server creds ***
---------------------------------------------
Patches slung to fix popular third-party email app Staff logging into Exchange Server through a popular app could have placed their enterprise credentials at risk through a since-closed vulnerability.
---------------------------------------------
www.theregister.co.uk/2016/10/17/outlook_app_slapped_in_maninthemiddle_diddle/


*** VMSA-2016-0016 ***
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0016.html


*** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director (CVE-2016-0264, CVE-2016-3426) ***
---------------------------------------------
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version ..
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024427


*** No More Ransom adds law enforcement partners from 13 new countries ***
---------------------------------------------
Intel Security and Kaspersky Labs today announced that 13 law enforcement agencies have joined No More Ransom, a partnership between cybersecurity industry and law enforcement organizations to provide ransomware victims education and decryption tools through www.nomoreransom.org. Intel ..
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/no-ransom-adds-law-enforcement-partners-13-new-countries/