[CERT-daily] Tageszusammenfassung - Dienstag 5-08-2014

Tue Aug 5 18:06:43 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 04-08-2014 18:00 − Dienstag 05-08-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Synology - erste Informationen bezüglich "Synolocker" ***
---------------------------------------------
Special Notes SynoLocker Message Issue - If NAS is not infected: First, close all open ports for external access for now. Backup the data on the DiskStation and update DSM to the latest version. Synology will provide further information as soon as possible if you are vulnerable. If NAS is infected, first do not trust (and ignore) any unauthorized, non-Synology messages or emails. Hard shut down the DiskStation to prevent any further issues.
---------------------------------------------
https://myds.synology.com/support/support_form.php?lang=us


*** Synolocker: Why OFFLINE Backups are important, (Tue, Aug 5th) ***
---------------------------------------------
One current threat causing a lot of sleepless nights to victims is "Cryptolocker" like malware. Various variations of this type of malware are still haunting small businesses and home users by encrypting files and asking for ransom to obtain the decryption key. Your best defense against this type of malware is a good backup. Shadow volume copies may help, but arent always available and complete. In particular for small businesses, various simple NAS systems have become popular over
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18481&rss


*** Ubuntu-Sperrbildschirm verliert Tastatureingaben ***
---------------------------------------------
Eine jetzt geschlossene Sicherheitslücke im Sperrbildschirm der Linux-Distribution Ubuntu könnte zur Folge haben, dass Nutzer ihr Passwort aus Versehen öffentlich im Internet bekanntgeben.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Ubuntu-Sperrbildschirm-verliert-Tastatureingaben-2283211.html


*** Barracuda Web Application Firewall Reusable URL-Based Authentication Tokens Let Remote Users Bypass Authentication ***
---------------------------------------------
http://www.securitytracker.com/id/1030665


*** Evernote Patches Vulnerability in Android App ***
---------------------------------------------
We have previously discussed an Android vulnerability that may lead to user data being captured or used to launch attacks. We discovered that the popular Android app for Evernote contained the said vulnerability. We disclosed the details to Evernote, and they took action by issuing an update to the Android version of their app. Evernote has added additional...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/BBLQmuk3RrQ/


*** Symantec Endpoint Protection Local Client Application Device Control Buffer Overflow ***
---------------------------------------------
Revisions None Severity CVSS2Base ScoreImpactExploitabilityCVSS2 VectorSEP Local Client ADC Buffer Overflow- Medium6....
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140804_00


*** Bugtraq: SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533024


*** A Peek Into the Lions Den - The Magnitude [aka PopAds] Exploit Kit ***
---------------------------------------------
Recently we managed to have an unusual peek into the content that is used on the servers of the prevalent exploit kit, Magnitude. In this blog post we'll review its most up-to-date administration panel and capabilities, as well as review some infection statistics provided by Magnitude over the course of several weeks. These days, after the arrest of Paunch, Blackhole exploit kit creator, exploit kit developers and sellers have learned their lesson regarding doing business in the
---------------------------------------------
http://blog.spiderlabs.com/2014/08/a-peek-into-the-lions-den-the-magnitude-aka-popads-exploit-kit.html


*** Vulnerability in Spotify Android App May Lead to Phishing ***
---------------------------------------------
We have discovered a vulnerability that affects versions of the Spotify app for Android older than 1.1.1. If exploited, the vulnerability can allow bad guys to control what is being displayed on the app interface. This vulnerability can be potentially abused by cybercriminals to launch phishing attacks that may result to information loss or theft.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/GZKakDZwRhw/