[CERT-daily] Tageszusammenfassung - Dienstag 24-06-2014

Daily end-of-shift report team at cert.at
Tue Jun 24 18:04:35 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 23-06-2014 18:00 − Dienstag 24-06-2014 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Stop running this script? notification redirects to Angler Exploit Kit ***
---------------------------------------------
ESET researchers identified a website serving up a Stop running this script? notification that, when clicked, redirects Internet Explorer users to the Angler Exploit Kit.
---------------------------------------------
http://www.scmagazine.com/stop-running-this-script-notification-redirects-to-angler-exploit-kit/article/357370/




*** Android KeyStore::getKeyForName buffer overflow ***
---------------------------------------------
Google Android is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the KeyStore::getKeyForName method. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system under the keystore process.
...
Remedy:
Upgrade to the latest version of Android (4.4 or later), available from the Google Web site. See References.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/93916




*** Havex Hunts for ICS/SCADA Systems ***
---------------------------------------------
During the past year, weve been keeping a close eye on the Havex malware family and the group behind it. Havex is known to be used in targeted attacks against different industry sectors, and it was earlier reported to have specific interest in the energy sector. The main components of Havex are a general purpose Remote Access Trojan (RAT) and a server written in PHP.
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002718.html




*** Beware of Skype Adware ***
---------------------------------------------
During our daily log analysis, we recently encountered a sample purporting to power up Skype with different emoticons. The binary, when installed, integrated itself with Skype and sent the following message contacts without further intervention.
---------------------------------------------
http://research.zscaler.com/2014/06/beware-of-skype-adware.html




*** Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks ***
---------------------------------------------
95 percent of vulnerable NTP servers leveraged in massive DDoS attacks earlier this year have been patched, but the remaining servers still have experts concerned.
---------------------------------------------
http://threatpost.com/dramatic-drop-in-vulnerable-ntp-servers-used-in-ddos-attacks/106835






More information about the Daily mailing list