[CERT-daily] Tageszusammenfassung - Montag 24-11-2014

Mon Nov 24 18:17:02 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 21-11-2014 18:00 − Montag 24-11-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Website Malware Removal: Phishing ***
---------------------------------------------
As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a ..
---------------------------------------------
http://blog.sucuri.net/2014/11/website-malware-removal-phishing.html


*** Asterisk IP address security bypass ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98863


*** "NotCompatible": Die bisher hartnäckigste Android-Malware ***
---------------------------------------------
Schadsoftware infiziert täglich 20.000 Geräte - Für Spam-Versand, Ticket-Kauf und Word-Press-Hacking
---------------------------------------------
http://derstandard.at/2000008502545


*** DoubleDirect MitM Attack Targets Android, iOS and OS X Users ***
---------------------------------------------
Security researchers have discovered a new type of "Man-in-the-Middle" (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world. The MitM attack, dubbed DoubleDirect, enables an attacker to redirect a victim's traffic of major websites ..
---------------------------------------------
http://thehackernews.com/2014/11/doubledirect-mitm-attack-targets_22.html


*** Spearphishing: Jeder Fünfte geht in die Falle ***
---------------------------------------------
IT-Benutzer sind gutgläubig. Ein Rabattversprechen reicht, um jede Menge Passwörter einzusammeln. Auf der Wiener Security-Konferenz Deepsec wurden erschreckende Zahlen aus der Praxis verraten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Spearphishing-Jeder-Fuenfte-geht-in-die-Falle-2461982.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** A Nightmare on Malware Street ***
---------------------------------------------
Another ransomware has been spotted in the wild lately, branded as CoinVault. This one involves some interesting details worth mentioning, including the peculiar characteristic of offering the free decryption of one of the hostage files a..
---------------------------------------------
http://securelist.com/blog/virus-watch/67699/a-nightmare-on-malware-street/


*** ClamA libclamav/pe.c buffer overflow ***
---------------------------------------------
ClamAV is vulnerable to a Heap Based buffer overflow, caused by improper bounds checking by the libclamav/pe.c file. A local attacker could overflow a buffer and execute arbitrary code on the system.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98882


*** Crypto protocols held back by legacy, says ENISA ***
---------------------------------------------
EU takes the microscope to security The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto ..
---------------------------------------------
http://www.theregister.co.uk/2014/11/24/crypto_protocols_held_back_by_legacy_says_enisa/


*** Symantec reseachers find Regin malware, label it the new Stuxnet ***
---------------------------------------------
Government probably penned peerless p0wn cannon aimed at Russian and Saudi targets An advanced malware instance said to be as sophisticated as Stuxnet and Duqu has has been detected attacking the top end of town and has ..
---------------------------------------------
http://www.theregister.co.uk/2014/11/24/regin/


*** Triggering MS14-066 ***
---------------------------------------------
Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed. This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security ..
---------------------------------------------
http://blog.beyondtrust.com/triggering-ms14-066


*** Hacking RFID Payment Cards Made Possible with Android App ***
---------------------------------------------
We recently encountered a high-risk Android app detected as ANDROIDOS_STIP.A in Chile. This app, found distributed through forums and blogs, can be used to hack into the user's RFID bus transit card to recharge the credits. What is the mechanism ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-rfid-payment-cards-made-possible-with-android-app/


*** Protecting Against Unknown Software Vulnerabilities ***
---------------------------------------------
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have a security implications, these are known as vulnerabilities. These vulnerabilities can be used to exploit and compromise your server, your siteRead More
---------------------------------------------
http://blog.sucuri.net/2014/11/protecting-against-unknown-software-vulnerabilities.html


*** Linux-Distribution: Less ist ein mögliches Einfallstor ***
---------------------------------------------
Das Tool Less wird unter Linux oft benutzt, um in Verbindung mit anderen Tools etwa Dateien zu öffnen. Damit würden viele Fehler und Sicherheitslücken provoziert, meint ein profilierter Hacker.
---------------------------------------------
http://www.golem.de/news/linux-distribution-less-als-moegliches-einfallstor-1411-110756.html


*** Drupal-Update schiebt Session-Klau den Riegel vor ***
---------------------------------------------
Die Entwickler des Open-Source CMS haben zwei Sicherheitslücken in Drupal 6 und 7 geschlossen. Die Schwachstellen können missbraucht werden, um Sessions angemeldeter Benutzer zu stehlen und um den Server lahmzulegen.
---------------------------------------------
http://www.heise.de/security/meldung/Drupal-Update-schiebt-Session-Klau-den-Riegel-vor-2462551.html