[CERT-daily] Tageszusammenfassung - Montag 1-09-2014

Mon Sep 1 18:07:34 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 29-08-2014 18:00 − Montag 01-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** CryptoWall's Haul: $1M in Six Months ***
---------------------------------------------
The CryptoWall ransomware has proven to be a profitable criminal enterprise, netting more than $1.1 million in six months. More than 1,600 victims have surfaced and more than 5 billion files have been encrypted.
---------------------------------------------
http://threatpost.com/cryptowalls-haul-1m-in-six-months/107978


*** Kindle App for Android SSL certificate spoofing ***
---------------------------------------------
Kindle App for Android could allow a remote attacker to conduct spoofing attacks, caused by the improper verification of SSL certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to cause the victim to accept spoofed certificates.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95617


*** Glibc Heap Overflow in __gconv_translit_find() Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
A local user can set a specially crafted CHARSET environment variable value to trigger an off-by-one memory error and resulting heap overflow in __gconv_translit_find() and execute arbitrary code on the target system. The local user may be able to cause a set user id (setuid) root application that uses this environment variable to execute code with root privileges.
---------------------------------------------
http://www.securitytracker.com/id/1030786


*** F5 Unauthenticated rsync access to Remote Root Code Execution ***
---------------------------------------------
When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014080148


*** 1900/UDP (SSDP) Scanning and DDOS, (Sun, Aug 31st) ***
---------------------------------------------
Over the last few weeks we have detected a significant increase in both scanning for 1900/UDP and a huge increase of 1900/UDP being used for amplified reflective DDOS attacks. 1900/UDP is the Simple Service Discovery Protocol (SSDP) which is a part of Universal Plug and Play (UPnP). The limited information available to me indicates that the majority of the devices that are ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18599


*** Rubbish WPS config sees WiFi router keys popped in seconds ***
---------------------------------------------
Another day, another way in to your home router Passwords within routers sold by chipset manufacturer Broadcom and an unnamed vendor can be accessed within seconds thanks to weak or absent key randomisation, security bod Dominique Bongard has claimed.
---------------------------------------------
http://www.theregister.co.uk/2014/09/01/wps_flaw_leaves_home_routers_vulnerable/


*** Lynis 1.6.0 - Security auditing tool for Unix/Linux systems ***
---------------------------------------------
Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is ..
---------------------------------------------
http://hack-tools.blackploit.com/2014/08/lynis-160-security-auditing-tool-for.html


*** Mozilla: An die 100.000 Nutzerdaten unabsichtlich offengelegt ***
---------------------------------------------
Zweite grosse Datenpanne innerhalb eines Monats beim Firefox-Hersteller
---------------------------------------------
http://derstandard.at/2000005015299


*** Dircrypt: Ransomware liefert Schlüssel mit ***
---------------------------------------------
Eine Analyse der Ransomware Dircrypt hat ergeben, dass die verschlüsselten Dateien des Erpressungstrojaners offenbar den Schlüssel mitliefern. Allerdings nur für einen Teil der Daten. 
---------------------------------------------
http://www.golem.de/news/dircrypt-ransomware-liefert-schluessel-mit-1409-108940.html


*** APWG Q2 2014 report, phishing is even more dangerous ***
---------------------------------------------
The APWG has published its new report related to phishing activities in the period April - June 2014, the document titled 'Phishing Activity Trends Report, 2nd Quarter 2014' states that online payment services and crypto-currency sites are ..
---------------------------------------------
http://securityaffairs.co/wordpress/27935/cyber-crime/apwg-q2-2014-report.html