[CERT-daily] Tageszusammenfassung - Mittwoch 12-04-2017

Wed Apr 12 18:11:28 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 11-04-2017 18:00 − Mittwoch 12-04-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Fake News at Work in Spam Kingpin’s Arrest? ***
---------------------------------------------
Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election. While there ..
---------------------------------------------
https://krebsonsecurity.com/2017/04/fake-news-at-work-in-spam-kingpins-arrest/


*** Schneider Electric Modicon Modbus Protocol ***
---------------------------------------------
This advisory contains mitigation details for authentication bypass by capture-replay and violation of secure design principles vulnerabilities in Schneider Electric’s Modicon Modbus protocol.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-101-01


*** Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2) ***
---------------------------------------------
Posted by Gal Beniamini, Project ZeroIn this blog post well continue our journey into gaining remote kernel code execution, by means of Wi-Fi communication alone. Having previously developed a remote code execution exploit ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html


*** CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler ***
---------------------------------------------
FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability ..
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html


*** Patchday: Adobe stopft kritische Lücken in Acrobat, Reader, Flash und Photoshop ***
---------------------------------------------
Kritische Lücken in Flash sowie in Adobe Acrobat und Reader benötigen sofortige Aufmerksamkeit. Auf ungepatchten Systemen können Angreifer Schadcode aus der Ferne ausführen. Photoshop ist diesmal auch mit Sicherheitslücken beim Patchday dabei.
---------------------------------------------
https://heise.de/-3682970


*** Malicious Image Defacement Hidden from Search Engines ***
---------------------------------------------
After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your business or website. In a recent blog post, we discussed a case in which a ..
---------------------------------------------
https://blog.sucuri.net/2017/04/malicious-image-defacement-hidden-from-search-engines.html


*** JSA10753 - 2016-07 Security Bulletin: SRX Series: Upgrades using partition option may allow unauthenticated root login (CVE-2016-1278) ***
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10753


*** Sundown EK gone missing, Terror EK flavours seen in active drive-by campaigns ***
---------------------------------------------
With another player out at the moment, we take a look at a rebranded exploit kit in current malware ..
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2017/04/sundown-ek-gone-missing-terror-ek-flavours-seen-in-active-drive-by-campaigns/


*** IT-Sicherheit: Wie ich mein Passwort im Stack Trace fand ***
---------------------------------------------
Unser Autor hat versehentlich das MySQL-Passwort seiner Webseite veröffentlicht. Hier schreibt er, wie es dazu kam. Er berichtet, warum Fehler selbst dann passieren, wenn ..
---------------------------------------------
https://www.golem.de/news/it-sicherheit-wie-ich-mein-passwort-im-stack-trace-fand-1704-127258.html


*** Patchday: Microsoft sichert Office gegen aktive Angriffe ab ***
---------------------------------------------
Im April verteilt Microsoft zwölf Sicherheitsupdates und stopft mehrere als kritisch eingestufte Schwachstellen. Aktuell haben es Angreifer gezielt auf eine Office-Lücke abgesehen.
---------------------------------------------
https://heise.de/-3683358


*** Investigation Finds Inmates Built Computers, Hid Them In Prison Ceiling ***
---------------------------------------------
An anonymous reader quotes a report from WRGB: The discovery of two working computers hidden in a ceiling at the Marion Correctional Institution prompted an investigation by the state into how inmates got access. In late ..
---------------------------------------------
https://hardware.slashdot.org/story/17/04/12/0328239/investigation-finds-inmates-built-computers-hid-them-in-prison-ceiling


*** Kelihos.E ***
---------------------------------------------
Kelihos.E Botnet – Law Enforcement Takedown On Monday April 10th 2017, The US Department of Justice (DOJ) announced a successful operation to take down the Kelihos Botnet and arrest the suspected botnet operator. The ..
---------------------------------------------
http://blog.shadowserver.org/2017/04/12/kelihos-e/


*** New NAS Vulnerabilities are as Bad as they Get ***
---------------------------------------------
If you have a QNAP network attached storage (NAS) device, you’d better make sure the firmware is updated. Earlier this year, F-Secure Senior Security ..
---------------------------------------------
https://safeandsavvy.f-secure.com/2017/04/12/new-nas-vulnerabilities-are-pretty-much-as-bad-as-they-get/