[CERT-daily] Tageszusammenfassung - Donnerstag 1-09-2016

Daily end-of-shift report team at cert.at
Thu Sep 1 18:00:46 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 31-08-2016 18:00 − Donnerstag 01-09-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** There are really only two effectively distinct settings for the UAC slider ***
---------------------------------------------
Theres a control panel that lets you specify how often you want to be prompted by UAC. You can set any of four levels: ... Although it looks like there are four settings, in a theoretical sense, there really are only two settings.
---------------------------------------------
https://blogs.msdn.microsoft.com/oldnewthing/20160816-00/?p=94105




*** Flag - Moderately Critical - Access Bypass - SA-CONTRIB-2016-050 ***
---------------------------------------------
https://www.drupal.org/node/2793115




*** So much for counter-phishing training: Half of people click anything sent to them ***
---------------------------------------------
Even people who claimed to be aware of risks clicked out of curiosity.
---------------------------------------------
http://arstechnica.com/security/2016/08/researchers-demonstrate-half-of-people-will-click-on-any-link-theyre-sent/




*** New Version of Cerber Ransomware Distributed via Malvertising ***
---------------------------------------------
Crber has become one of the most notorious and popular ransomware families to date. It now has a new variant that, while superficially similar to earlier variants, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/new-version-cerber-ransomware-distributed-via-malvertising/




*** MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled.. ***
---------------------------------------------
Background From August 4th 2016 several sysadmin friends were starting to upload this malware files to our dropbox. The samples warent easy to retrieve, so there are good ones and also some broken ones, I listed in this post for the good ones. This threat is made by the ELF trojan backdoor, the ..
---------------------------------------------
http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html




*** Maxmind.com (Ab)used As Anti-Analysis Technique ***
---------------------------------------------
A long time ago I wrote a diary[1] about malware samples which use online geolocalization services. Such services are used to target only specific victims. If the malware detects that it is executed from a specific area, it just stops. This ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21435




*** Breaching a CA – Blind Cross-site Scripting (BXSS) in the GeoTrust SSL Operations Panel Using XSS Hunter ***
---------------------------------------------
This is a continuation of a series of blog posts which will cover blind cross-site scripting (XSS) and its impact on the internal systems which suffer from it. Previously, ..
---------------------------------------------
https://thehackerblog.com/breaching-a-ca-blind-cross-site-scripting-bxss-in-the-geotrust-ssl-operations-panel-using-xss-hunter/




*** Spotify: Einfach mal Passwörter ändern ***
---------------------------------------------
Schon wieder neue Passwörter: Einige Kunden von Spotify sollen sie als Vorsichtsmaßnahme ändern, der Hintergrund bleibt vage. Auch nach welchen Kriterien die Kunden ausgewählt wurden, ist nicht bekannt. 
---------------------------------------------
http://www.golem.de/news/spotify-einfach-mal-passwoerter-aendern-1609-123010.html




*** Bundeskriminalamt warnt vor Erpressungs-Trojaner in falschen Bewerbungsmails ***
---------------------------------------------
Computer wird verschlüsselt und Lösegeld gefordert
---------------------------------------------
http://derstandard.at/2000043687916




*** Unix: OpenBSD 6.0 erzwingt W^X für das Basissystem ***
---------------------------------------------
Das OpenBSD-Projekt sichert sein Basissystem ab, indem der genutzte Speicher entweder beschreibbar oder ausführbar (W^X) ist. Zudem verzichtet das Team auf VAX- und Linux-Support, hat aber die ARMv7-Unterstützung erweitert.
---------------------------------------------
http://www.golem.de/news/unix-openbsd-6-0-erzwingt-w-x-fuer-das-basissystem-1609-123021.html




*** Darknet: Festnahme nach Drogenrazzia bei Chemical-Love-Kunden ***
---------------------------------------------
Bei einer bundesweiten Razzia konnten Ermittler größere Mengen Drogen sicherstellen, die die Verdächtigen zuvor im Darknet gekauft haben sollen. Die Beschuldigten sollen als Händler tätig gewesen sein.
---------------------------------------------
http://www.golem.de/news/darknet-festnahme-nach-drogenrazzia-bei-chemical-love-kunden-1609-123024.html




*** Retefe-Trojaner in gefälschten Rechnungen ***
---------------------------------------------
In E-Mailpostfachen finden sich Nachrichten mit dem Betreff „Ihre Zahlung 631 EUR“, „167 EUR Bestellung“, „33 EUR Zahlung“ oder „81 EUR Rechnung“. Sie stammen angeblich von der ..
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/retefe-trojaner-in-gefaelschten-rechnungen/


More information about the Daily mailing list