[CERT-daily] Tageszusammenfassung - Donnerstag 6-08-2015

Daily end-of-shift report team at cert.at
Thu Aug 6 18:13:27 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 05-08-2015 18:00 − Donnerstag 06-08-2015 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner



*** Jetzt Android-Geräte auf Stagefright-Lücken testen! ***
---------------------------------------------
Mit einer kostenlosen App kann man überprüfen, ob die eigenen Android-Geräte über die Stagefright-Lücken angreifbar sind.
---------------------------------------------
http://heise.de/-2773801





*** Stagefright-Sicherheitslücke: Elf Wege, ein Android-System zu übernehmen ***
---------------------------------------------
Auf der Black-Hat-Konferenz hat Joshua Drake die Hintergründe zu den Stagefright-Sicherheitslücken erläutert. Über mindestens elf verschiedene Wege lässt sich ein Android-System seinem Vortrag zufolge angreifen. Fortschritte gibt es bei den Android-Updates. (Android, Firefox)
---------------------------------------------
http://www.golem.de/news/stagefright-sicherheitsluecke-elf-wege-ein-android-system-zu-uebernehmen-1508-115610-rss.html





*** APT Group Gets Selective About Data it Steals ***
---------------------------------------------
Dell SecureWorks researchers today at Black Hat released a new report on Emissary Panda, or TG-3390, a China-sponsored APT gang that has refined the types of data it covets.
---------------------------------------------
http://threatpost.com/apt-group-gets-selective-about-data-it-steals/114103





*** Inside the $100M 'Business Club' Crime Gang ***
---------------------------------------------
New research into a notorious Eastern European organized cybercrime gang accused of stealing than $100 million from banks and businesses worldwide provides an unprecedented, behind-the-scenes look at an exclusive "business club" that dabbled in cyber espionage and worked closely with phantom Chinese firms on Russias far eastern border.
---------------------------------------------
http://www.krebsonsecurity.com/2015/08/inside-the-100m-business-club-crime-gang/





*** Corporate networks can be compromised via Windows Updates ***
---------------------------------------------
Yesterday at Black Hat USA 2015, researchers from UK-based Context Information Security demonstrated how Windows Update can be abused for internal attacks on corporate networks by exploiting insecurely configured enterprise implementations of Windows Server Update Services (WSUS).
---------------------------------------------
http://www.net-security.org/secworld.php?id=18725




*** Exploit-Kit Rig: Verbrechen lohnt sich wieder ***
---------------------------------------------
Vor einigen Monaten wurde der Quellcode des Exploit-Kits RIG 2.0 veröffentlicht; damit war der Shooting-Star der Crimeware-Szene erstmal aus dem Rennen. Jetzt sind die Entwickler mit einer Version 3.0 zurück - und verdienen besser denn je.
---------------------------------------------
http://heise.de/-2772951





*** How Scammers Abuse Our Brains ***
---------------------------------------------
Your brain is awesome. We're not just flattering you, it's true. It's also true of the guy sat next to you, the woman across the street, even your kid cousin who still thinks that flicking boogers is the height of hilarity. Each one of us is blessed with a brain that has unparalleled amounts of storage, and ferocious processing power. That said, our minds are still finite. The amount of information we can attend to at a given moment is limited.
---------------------------------------------
https://blog.team-cymru.org/2015/08/how-scammers-abuse-our-brains/




*** Bugtraq: Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows ***
---------------------------------------------
the just released latest version 5.0.0.5 of LibreOffice.org for Windows
distributes (once again) a completely outdated and vulnerable MSVC++
runtime.
---------------------------------------------
http://www.securityfocus.com/archive/1/536144




*** Nicholas Weaver on iPhone Security ***
---------------------------------------------
Excellent essay: Yes, an iPhone configured with a proper password has enough protection that, turned off, Id be willing to hand mine over to the DGSE, NSA, or Chinese. But many (perhaps most) users dont configure their phones right. Beyond just waiting for the suspect to unlock his phone, most people either use a weak 4-digit passcode ...
---------------------------------------------
https://www.schneier.com/blog/archives/2015/08/nicholas_weaver_1.html




*** Sigcheck and virustotal-search, (Thu, Aug 6th) ***
---------------------------------------------
In my last diary entry I mentioned offline use of Sysinternal tools with my tool virustotal-search. So you want to use sigcheck but you cant connect the machine to the Internet. Then you can use sigchecks option -h to calculate cryptographic hashes of the files it checks, and option -c to produce a CSV output (-ct for CSV with a tab separator). If you want, you can limit sigcheck" /> To extract a unique list of MD5 hashes, you can use this pipe of awk, tail, sed and sort ...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20009&rss




*** How Social Engineering Security Awareness Stops 3 Common Scams ***
---------------------------------------------
Social engineering, in the context of information security, refers to the use of psychological manipulation to trick people into divulging sensitive information (information gathering) or performing actions (fraud/unauthorized system access). It is a non-technical confidence scam that resembles a very elaborate plan that consists of several stages (See the Typical Phases part).
---------------------------------------------
http://resources.infosecinstitute.com/how-social-engineering-security-awareness-stops-3-common-scams/




*** Sick of Flash security holes? HTML5 has its own ***
---------------------------------------------
HTML5 has been billed as the natural, standards-based successor to proprietary plug-ins such as Adobes Flash Player for providing rich multimedia services on the Web. But when it comes to security, one of Flashs major weaknesses, HTML5 is no panacea.In fact, HTML5 has security issues of its own. Julien Bellanger, CEO of application security monitoring firm Prevoty, says HTML5 makes security more complex, not simpler. HTML5 security has been a question mark for years, and it has not improved
---------------------------------------------
http://www.csoonline.com/article/2960695/application-security/sick-of-flash-security-holes-html5-has-its-own.html#tk.rss_applicationsecurity




*** 'Funtenna' software hack turns a laser printer into a covert radio ***
---------------------------------------------
Researcher demonstrates how attacker could exfiltrate data over airwaves.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/RCktE3iPj7M/




*** Black Hat: Sicherheitsforscher klonen verschlüsselte SIM-Karten ***
---------------------------------------------
Die Verschlüsselung via AES 256 gilt auch langfristig als sicher. Im Zuge eines Angriffes über Bande wurden nun derartig verschlüsselte SIM-Karten in wenigen Minuten geknackt.
---------------------------------------------
http://heise.de/-2773751




*** Bugtraq: [security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information ***
---------------------------------------------
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running
OpenSSL with SSL/TLS enabled.
This is the TLS vulnerability using US export-grade 512-bit keys in
Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.
---------------------------------------------
http://www.securityfocus.com/archive/1/536142




*** FreeBSD patch(1) Lets Remote Users Execute Arbitrary Commands on the Target System ***
---------------------------------------------
A vulnerability was reported in FreeBSD patch(1). A remote user can cause arbitrary commands to be executed on the target system.
The patch(1) utility does not properly sanitize the input patch stream. A remote user can create a specially crafted patch file that, when processed by the target user via patch(1), will run ed(1) commands (in addition to running valid version control system commands) with the privileges of the target user.
---------------------------------------------
http://www.securitytracker.com/id/1033188




*** FreeBSD routed(8) RIP Query Processing Flaw Lets Remote Users Cause the Target Service to Crash ***
---------------------------------------------
A remote user on a network that is not directly connected to the target system's network can send a specially crafted routing information protocol (RIP) query to trigger a flaw in the target routed(8) daemon and cause the daemon to crash. As a result, the target system's routing table will no longer be updated.
Systems with the routed(8) daemon enabled are affected.
---------------------------------------------
http://www.securitytracker.com/id/1033185




*** Security Notice - Statement on the UAP2015 Vulnerability Mentioned at the BlackHat USA Conference ***
---------------------------------------------
The investigation is still ongoing. Huawei PSIRT will keep updating the SN and will give the related views as soon as possible. Please stay tuned.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-446728.htm


More information about the Daily mailing list