[CERT-daily] Tageszusammenfassung - Montag 13-04-2015

Daily end-of-shift report team at cert.at
Mon Apr 13 18:09:05 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 10-04-2015 18:00 − Montag 13-04-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Cisco Web Security Appliance Pickle Python Module Arbitrary Code Execution Vulnerability ***
---------------------------------------------
A vulnerability in the status checking process of support remote access tunnels in the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to execute arbitrary Python code on a targeted system.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38305




*** Hacking the D-Link DIR-890L ***
---------------------------------------------
The past 6 months have been incredibly busy, and I haven't been keeping up with D-Link's latest shenanigans. In need of some entertainment, I went to their web page today and was greeted by this atrocity: I think the most ..
---------------------------------------------
http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/




*** Reversing Belkin's WPS Pin Algorithm ***
---------------------------------------------
After finding D-Link's WPS algorithm, I was curious to see which vendors might have similar algorithms, so I grabbed some Belkin firmware and started dissecting it. This particular firmware uses the SuperTask! RTOS, and in fact uses the ..
---------------------------------------------
http://www.devttys0.com/2015/04/reversing-belkins-wps-pin-algorithm/




*** Digital Certificates: Who Can You Trust? ***
---------------------------------------------
Digital certificates are the backbone of the Public Key Infrastructure (PKI), which is the basis of trust online. Digital certificates are often compared to signatures; we can trust a document because it has a signature, or certificate authority (CA) by someone we trust. Simply put, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/digital-certificates-who-can-you-trust




*** APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation ***
---------------------------------------------
Having some of the world's most active economies, Asia Pacific countries are more likely to be a target of targeted attacks than the rest of the world. In Operation Quantum Entanglement, Pacific Ring of Fire: PlugX / Kaba and other FireEye reports, we have highlighted how Northeast Asian countries have been ..
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/04/apt_30_and_the_mecha.html




*** Polizeiorganisation Interpol verstärkt Kampf gegen Cyberkriminalität ***
---------------------------------------------
Zum Kampf gegen die Internetkriminalität und andere neue Bedrohungen hat die internationale Polizeiorganisation Interpol ein Forschungszentrum in Singapur eröffnet. Der Interpol-Weltkomplex für Innovation (IGCI) soll ..
---------------------------------------------
http://heise.de/-2599811




*** Windows XP noch auf zehntausenden Berliner Behörden-PCs ***
---------------------------------------------
Seit einem Jahr gibt es keine offiziellen Patches mehr für Windows XP. Dennoch ist das fast 14 Jahre alte Betriebssystem noch weiter verbreitet, als Sicherheitsexperten lieb ist. In der Berliner Verwaltung sollen es sogar noch zehntausende PCs sein. Der Datenschutzbeauftragte Alexander Dix fordert nun die Abschaltung aller Behördenrechner.
---------------------------------------------
http://derstandard.at/2000014223975




*** Zero Access Malware ***
---------------------------------------------
The Zero Access trojan (Maxx++, Sierief, Crimeware) has affected millions of computers worldwide, and it is the number one cause of cyber click fraud and Bitcoin mining on the Internet. Once the trojan has been delivered into the system, it ..
---------------------------------------------
http://resources.infosecinstitute.com/zero-access-malware/




*** Microsoft partners with Interpol, industry to disrupt global malware attack affecting more than 770,000 PCs in past six months ***
---------------------------------------------
Today Interpol and the Dutch National High Tech Crime Unit (DNHTCU) announced the disruption of Simda.AT, a significant malware threat affecting more than 770,000 computers in over 190 countries. The Simda.AT variant first appeared in ..
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/04/12/microsoft-partners-with-interpol-industry-to-disrupt-global-malware-attack-affecting-more-than-770-000-pcs-in-past-six-months-39-simda-at-39-designed-to-divert-internet-traffic-to-disseminate-other-types-of-malware.aspx




*** How to bypass Google's Santa LOCKDOWN mode ***
---------------------------------------------
Santa is a binary whitelisting/blacklisting system made by Google's Macintosh Operations Team. While I refer to it as Google's Santa it is not an official Google product. It is based on a kernel extension and userland components to ..
---------------------------------------------
https://reverse.put.as/2015/04/13/how-to-bypass-googles-santa-lockdown-mode/




*** Huthos VPS Provider: Totally legit, 1000% not a criminal organization - Andrew Morris ***
---------------------------------------------
I observed a hacker trying to compromise one of my internet-facing Linux servers and repurpose it to sell to unknowing legitimate customers.
---------------------------------------------
http://morris.guru/huthos-the-totally-100-legit-vps-provider/




*** OS X 10.10.3 soll gegen Adware helfen ***
---------------------------------------------
Apple hat weitere Massnahmen gegen Adware ergriffen, die verstärkt kostenlosen Mac-Programmen beim Download beigelegt wird und unter anderem Browser-Einstellungen ändert.
---------------------------------------------
http://heise.de/-2601940




*** VU#672268: Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL ***
---------------------------------------------
Software running on Microsoft Windows that utilizes HTTP requests can be forwarded to a file:// protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The ..
---------------------------------------------
http://www.kb.cert.org/vuls/id/672268






More information about the Daily mailing list