[CERT-daily] Tageszusammenfassung - Donnerstag 8-06-2017

Thu Jun 8 18:13:49 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 07-06-2017 18:00 − Donnerstag 08-06-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  Olaf Schwarz


*** Deceptive Advertisements: What they do and where they come from ***
---------------------------------------------
About a week ago, a reader asked for help with a nasty typo squatting incident:  The site, yotube.com, at the time redirected to fake tech support sites. These sites typically pop up a message alerting the user of a made-up problem and offer a phone number for tech support. Investigating the site, I found ads, all of which can be characterized as deceptive.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22494


*** SSTIC 2017 Wrap-Up Day #1 ***
---------------------------------------------
I’m in Rennes, France to attend my very first edition of the SSTIC conference. SSTIC is an event organised in France, by and for French people. The acronym means “Symposium sur la sécurité des technologies de l’information et des communications“. The event has a good reputation about its content but is also known to have a very strong policy to sell tickets.
---------------------------------------------
https://blog.rootshell.be/2017/06/08/sstic-2017-wrap-day-1/


*** Summer STEM for Kids ***
---------------------------------------------
Its summertime and your little hackers need something to keep them busy! Let look at some of the options for kids to try out. Ive tried out each of these programs and have had good luck with them. Please post in comments any site you have been successful with your kids in teaching them STEM or IT Security.   
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22496


*** Sicherheitsupdates: VMware vSphere Data Protection angreifbar ***
---------------------------------------------
In einer Komponente von vSphere klaffen zwei als kritisch eingestufte Lücken, über die Angreifer beliebige Befehle ausführen und Log-in-Daten abziehen können.
---------------------------------------------
https://heise.de/-3737673


*** Foscam: IoT-Hersteller ignoriert Sicherheitslücken monatelang ***
---------------------------------------------
Die IoT-Apokalypse hört nicht auf: Erneut wurden zahlreiche Schwachstellen in einer IP-Kamera dokumentiert. Der Hersteller reagiert mehrere Monate lang nicht auf die Warnungen.
---------------------------------------------
https://www.golem.de/news/foscam-iot-hersteller-ignoriert-sicherheitsluecken-monatelang-1706-128277-rss.html


*** A new Linux Malware targets Raspberry Pi devices to mine Cryptocurrency ***
---------------------------------------------
Security researchers at Dr. Web discovered two new Linux Malware, one of them mines for cryptocurrency using Raspberry Pi Devices. Malware researchers at the Russian antivirus maker Dr.Web have discovered a new Linux trojan, tracked as Kinux.MulDrop.14, that is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.
---------------------------------------------
http://securityaffairs.co/wordpress/59842/malware/linux-malware-raspberry-pi.html


*** The Reigning King of IP Camera Botnets and its Challengers ***
---------------------------------------------
Early this month we discussed a new Internet of Things (IoT) botnet called Persirai (detected by Trend Micro as ELF_PERSIRAI.A), which targets over 1000 Internet Protocol (IP) camera models. Currently, through Shodan and our own research, we see that 64% of tracked IP cameras with custom http servers are infected with Persirai. But, because these cameras are such common targets, there is some competition between malware.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XMVX_tvNlNw/


*** Versehentlich aktiviertes Debugging-Tool gefährdet Cisco Data Center Network Manager ***
---------------------------------------------
Sicherheitsupdates schließen zum Teil als kritisch eingestufte Lücken in Cisco AnyConnect, DCNM und TelePresence.
---------------------------------------------
https://heise.de/-3737633


*** Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability ***
---------------------------------------------
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1


*** Cisco Context Service SDK Arbitrary Code Execution Vulnerability ***
---------------------------------------------
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server.The vulnerability is due to insufficient validation of the update JAR files signature.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ccs