[CERT-daily] Tageszusammenfassung - Montag 31-10-2016

Mon Oct 31 18:10:47 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 28-10-2016 18:00 − Montag 31-10-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** Of course smart homes are targets for hackers ***
---------------------------------------------
The Wirecutter, an in-depth comparative review site for various electrical and electronic devices, just published an opinion piece on whether users should be worried about security issues in IoT devices. The summary: avoid devices that dont require passwords (or dont force you to change a default and devices that want you to disable security, follow general network security best practices but otherwise dont worry - criminals arent likely to target you.This is terrible, irresponsible advice. Its
---------------------------------------------
http://mjg59.dreamwidth.org/45483.html


*** Ensuring that ICS/SCADA isn't our next IoT nightmare ***
---------------------------------------------
The DDoS chaos of the past month tells us that we need to work together to ensure future standards and reduce security risks
---------------------------------------------
https://nakedsecurity.sophos.com/2016/10/28/ensuring-that-icsscada-isnt-our-next-iot-nightmare/


*** Volatility Bot: Automated Memory Analysis, (Sun, Oct 30th) ***
---------------------------------------------
Few weeks ago Ive attended the SANS DFIR Summit in Prague, and one of the very interesting talks was from Martin Korman (@MartinKorman), who presented a new tool he developed: Volatility Bot. According to his description, Volatility Bot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. Not only does it automatically extract the executable...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21655&rss


*** Masque Attack Abuses iOS's Code Signing to Spoof Apps and Bypass Privacy Protection ***
---------------------------------------------
First reported in 2014, Masque Attack allowed hackers to replace a genuine app from the App Store with a malformed, enterprise-signed app that had the same Bundle Identifier (Bundle ID). Apple subsequently patched the vulnerabilities (CVE-2015-3772 and CVE-2015-3725), but while it closed a door, scammers seemed to have opened a window. Haima's repackaged, adware-laden apps and its native helper application prove that App Store scammers are still at it.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ffHuC_yu178/


*** DDOS-Attacke gegen Server legt Wiener TU-Informatiker lahm ***
---------------------------------------------
Eine DDOS-Attacke gegen Server der Fachschaft Informatik der TU Wien hat zu Webseiten-Ausfällen geführt.
---------------------------------------------
https://futurezone.at/digital-life/ddos-attacke-gegen-server-legt-wiener-tu-informatiker-lahm/228.263.954


*** Joomla websites attacked en masse using recently patched exploits ***
---------------------------------------------
Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled. They were patched in Joomla 3.6.4, released Tuesday.Hackers didnt waste any time reverse engineering the patches to understand how the two vulnerabilities can be exploited to compromise websites,...
---------------------------------------------
http://www.csoonline.com/article/3136933/security/joomla-websites-attacked-en-masse-using-recently-patched-exploits.html#tk.rss_applicationsecurity


*** CardComplete-Phishingmail: 3-D Secure Aktualisierung ***
---------------------------------------------
In einer vermeintlichen CardComplete-Benachrichtigung heißt es, dass Kreditkarteninhaber/innen ihr 3-D Secure Verfahren aktualisieren müssen. Dazu sollen sie eine Website aufrufen und ihre persönlichen Kreditkarteninformationen bekannt geben. In Wahrheit stammt die E-Mail von Kriminellen, die damit sensible Daten stehlen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/cardcomplete-phishingmail-3-d-secure-aktualisierung/


*** "AtomBombing": Forscher warnen vor "unpatchbarer" Windows-Lücke ***
---------------------------------------------
Angeblich alle Windows-Systeme betroffen - Gefahrenpotenzial allerdings unklar
---------------------------------------------
http://derstandard.at/2000046630311


*** Cybercrime-Report 2015: Elf Prozent mehr Anzeigen in Österreich ***
---------------------------------------------
Mehr Fälle bei Internetbetrug, Erpressung und Datenmissbrauch
---------------------------------------------
http://derstandard.at/2000046762022


*** The Week in Ransomware - October 28 2016 - Locky, Angry Duck, and More! ***
---------------------------------------------
Lots and lots of little ransomware and in-dev variants released this week. Of particular note is the quick release of two Locky variants that used .sh*t and then a day later the .thor extension for encrypted files.
---------------------------------------------
http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/


*** Security Advisory: OpenSSL vulnerability CVE-2016-2181 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59298921.html?ref=rss


*** Vuln: Moodle CVE-2016-7919 Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93971


*** GNU tar 1.29 Extract Pathname Bypass ***
---------------------------------------------
Topic: GNU tar 1.29 Extract Pathname Bypass Risk: Low Text: - t216 special vulnerability release -- Vulnerability: POINTYFEATHER aka Tar extract pathname bypass ...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016100254


*** About the security content of iOS 10.1.1 ***
---------------------------------------------
This document describes the security content of iOS 10.1.1.
---------------------------------------------
https://support.apple.com/en-us/HT207287


*** Vulnerabilities in InfraPower PPS-02-S Q213V1 ***
---------------------------------------------
*** InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery ***
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5375.php
---------------------------------------------
*** InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability ***
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5374.php
---------------------------------------------
*** InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass ***
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5373.php
---------------------------------------------
*** InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution ***
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5372.php
---------------------------------------------
*** InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access ***
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5371.php
---------------------------------------------
*** InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability ***
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5370.php
---------------------------------------------
*** InfraPower PPS-02-S Q213V1 Multiple XSS Vulnerabilities ***
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5369.php
---------------------------------------------


Next End-of-Shift report: 2016-11-02