[CERT-daily] Tageszusammenfassung - Donnerstag 13-08-2015

Thu Aug 13 18:05:06 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 12-08-2015 18:00 − Donnerstag 13-08-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** New SMiShing Campaign Targets T-Mobile Subscribers ***
---------------------------------------------
Criminals after online credentials have homed in on T-Mobile users, luring them with a $20 discount in exchange for ..
---------------------------------------------
https://blog.malwarebytes.org/fraud-scam/2015/08/new-smishing-campaign-targets-t-mobile-subscribers/


*** Android: Und noch eine schwere Sicherheitslücke ***
---------------------------------------------
Forscher von IBM haben in Googles mobilem Betriebssystem eine Lücke entdeckt, die über die Hälfte aller Android-Geräte betrifft. Sie erlaubt das Übernehmen privilegierter Prozesse durch einen Angreifer. Google hat die Lücke bereits geschlossen.
---------------------------------------------
http://heise.de/-2777648


*** Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40440


*** Cisco Warns Customers About Attacks Installing Malicious IOS Bootstrap Images ***
---------------------------------------------
Cisco is warning enterprise customers about a spike in attacks in which hackers use valid credentials on IOS devices to log in as administrators and then upload malicious ROMMON images to take control of the devices. The ROM Monitor is the ..
---------------------------------------------
http://threatpost.com/cisco-warns-customers-about-attacks-installing-malicious-ios-bootstrap-images/114250


*** Cisco TelePresence Video Communication Server Command Injection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40433


*** Volkswagen-Hack nach langer Sperrverfügung veröffentlicht ***
---------------------------------------------
Vor einigen Jahren haben Forscher entdeckt, dass sich Motorolas Megamos-Transponder, der in den Autoschlüsseln unter anderem von Volkswagen verwendet wird, angreifen lässt. VW ließ damals gerichtlich untersagen, Detailinformationen über die Lücke zu veröffentlichen. Jetzt ist dies gelungen. 
---------------------------------------------
http://www.golem.de/news/autoschluessel-volkswagen-hack-nach-langer-sperrverfuegung-veroeffentlicht-1508-115731.html


*** Script injection vulnerability discovered in Salesforce ***
---------------------------------------------
Elastica discovered an injection vulnerability in Salesforce which opened the door for attackers to use a trusted Salesforce application as a platform to conduct phishing attacks to steal end-users l...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18759


*** Spam and phishing in Q2 2015 ***
---------------------------------------------
In Q2 2015, the percentage of spam in email traffic accounted for 53.4%. The USA (14.6%) and Russia (7.8%) remained the biggest sources of spam. China came third with 7.1%. The Anti-Phishing system was triggered 30,807,071 times on computers of Kaspersky Lab users.
---------------------------------------------
http://securelist.com/analysis/quarterly-spam-reports/71759/spam-and-phishing-in-q2-of-2015/


*** Berliner Internet-Provider 1blu Opfer einer Hacker-Attacke ***
---------------------------------------------
Bislang unbekannte Angreifer haben sich Zugriff auf das interne System verschafft und erpressen den Berliner Internet-Provider nun.
---------------------------------------------
http://futurezone.at/digital-life/berliner-internet-provider-1blu-opfer-einer-hacker-attacke/146.768.530


*** VoIP Fraud - Brute Force and Ignorance ***
---------------------------------------------
The topic of VoIP fraud seems to ebb and flow within the IT-industry press, but struggle to break the surface of mainstream media. Specialist publications report flaws in commonly-used home routers and widespread campaigns against corporate VoIP PBXes while these stories are bypass ..
---------------------------------------------
https://blog.team-cymru.org/2015/08/voip-fraud-brute-force-and-ignorance/


*** YARA: Simple and Effective Way of Dissecting Malware ***
---------------------------------------------
In this article, we will learn about the YARA tool, which gives a very simple and highly effective way of identifying and classifying malware. We all know that Reverse Engineering is the highly recommended method for performing a complete post-mortem ..
---------------------------------------------
http://resources.infosecinstitute.com/yara-simple-effective-way-dissecting-malware/


*** Erster Nexus Patch Day: Google schliesst 21 Sicherheitslücken ***
---------------------------------------------
Acht davon "kritisch" - Neben Bugs in Stagefright noch zahlreiche andere Probleme bereinigt
---------------------------------------------
http://derstandard.at/2000020697116


*** TOTOLINK Update - How to NOT handle security issues ***
---------------------------------------------
This post is an an update to: Backdoor and RCE found in 8 TOTOLINK router models Backdoor credentials found in 4 TOTOLINK router models 4 TOTOLINK router models vulnerable to CSRF and XSS attacks 15 TOTOLINK router models vulnerable to multiple RCEs
---------------------------------------------
https://pierrekim.github.io/blog/2015-08-13-TOTOLINK-how-to-NOT-handle-security-issues.html