[CERT-daily] Tageszusammenfassung - Dienstag 25-08-2015

Tue Aug 25 18:06:58 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 24-08-2015 18:00 − Dienstag 25-08-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Signed Dridex Campaign ***
---------------------------------------------
Malware authors use various means to make their malware look similar to legitimate software. One such approach involves signing a malware sample with a digital certificate. Recently we saw Dridex malware authors using this technique while ..
---------------------------------------------
http://research.zscaler.com/2015/08/signed-dridex-campaign.htm


*** AlienSpy RAT Resurfaces as JSocket ***
---------------------------------------------
The dismantled AlientSpy remote access Trojan, the same malware found on the phone of dead Argentine prosecutor Alberto Nisman, has resurfaced with new crypto and a new name.
---------------------------------------------
http://threatpost.com/alienspy-rat-resurfaces-as-jsocket/114385


*** Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40652


*** RTF Exploit Installs Italian RAT: uWarrior ***
---------------------------------------------
Unit 42 researchers have observed a new Remote Access Tool (RAT) constructed by an unknown actor of Italian origin. This RAT, referred to as uWarrior because of embedded PDB strings, has been previously described ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-rat-uwarrior/


*** Multiple vulnerabilities in Hewlett-Packard KeyView IDOL ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-405
http://www.zerodayinitiative.com/advisories/ZDI-15-404
http://www.zerodayinitiative.com/advisories/ZDI-15-403
http://www.zerodayinitiative.com/advisories/ZDI-15-402
http://www.zerodayinitiative.com/advisories/ZDI-15-401
http://www.zerodayinitiative.com/advisories/ZDI-15-400
http://www.zerodayinitiative.com/advisories/ZDI-15-399
http://www.zerodayinitiative.com/advisories/ZDI-15-398
http://www.zerodayinitiative.com/advisories/ZDI-15-397


*** Ask Sucuri: How Did My WordPress Website Get Hacked? ***
---------------------------------------------
With the proliferation of Infrastructure and Platform as a Service providers, it is no surprise that a majority of today's websites are hosting in the proverbial cloud. This is great because it allows organizations and individuals alike to quickly deploy their websites, with relatively little overhead ..
---------------------------------------------
https://blog.sucuri.net/2015/08/ask-sucuri-how-did-my-wordpress-website-get-hacked-a-tutorial.html


*** What I learned from cracking 4000 Ashley Madison passwords ***
---------------------------------------------
When the Ashley Madison database first got dumped, there was an interesting contingent of researchers talking about how pointless it would be to crack the passwords, ..
---------------------------------------------
http://www.pxdojo.net/2015/08/what-i-learned-from-cracking-4000.html


*** Browsefox variant High Stairs ***
---------------------------------------------
https://blog.malwarebytes.org/security-threat/2015/08/browsefox-variant-high-stairs/


*** Datenschutz: Ashley Madison wusste von gravierenden Sicherheitsmängeln ***
---------------------------------------------
Einige Wochen vor dem Angriff des Impact Teams warnten interne Sicherheitsexperten vor gravierenden Mängeln in der Infrastruktur der Webseite.
---------------------------------------------
http://www.golem.de/news/datenschutz-ashley-madison-wusste-von-gravierenden-sicherheitsmaengeln-1508-115931.html


*** Ashley Madison: Gehackte Seitensprung-Site hackte eigene Konkurrenz ***
---------------------------------------------
Die Dating-Webseite, die vor kurzem Opfer eines Hacker-Angriffs und Datenleck wurde, hat vor einigen Jahren selbst eine Konkurrenzplattform angegriffen. Dabei soll der Technikchef von Ashley Madison die Datenbank der Konkurrenz kopiert haben.
---------------------------------------------
http://heise.de/-2790189


*** Are Data Breaches Getting Larger? ***
---------------------------------------------
This research says that data breaches are not getting larger over time. "Hype and Heavy Tails: A Closer Look at Data Breaches," by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest: Abstract: Recent widely publicized data breaches have ..
---------------------------------------------
https://www.schneier.com/blog/archives/2015/08/are_data_breach.html


*** You are the weakest link - goodbye! ***
---------------------------------------------
On my first visit to Team Cymru's HQ in Lake Mary, Florida, I found myself reading the wall hangings and looking at the pictures depicting specific times in history. Many of them depicting the inspiring words of leaders such as Churchill. It lead me to think about the many lessons that can we learn from ..
---------------------------------------------
https://blog.team-cymru.org/2015/08/you-are-the-weakest-link-goodbye/


*** Github Mitigates DDoS Attack ***
---------------------------------------------
Github said it turned back a distributed denial of service attack; it's unknown whether this attack is related to a similar attack this March.
---------------------------------------------
http://threatpost.com/github-mitigates-ddos-attack/114403


*** Gehackter Samsung-Kühlschrank verrät Gmail-Anmeldedaten ***
---------------------------------------------
Auf der Hackerkonferenz DEFCON wurde eine Methode präsentiert, mit der ein Kühlschrank-Modell von Samsung dazu gebracht werden kann, Gmail-Log-ins zu verraten.
---------------------------------------------
http://futurezone.at/digital-life/gehackter-samsung-kuehlschrank-verraet-gmail-anmeldedaten/148.990.168


*** Certifi-Gate: Missbräuchliche App im Google Play Store entdeckt ***
---------------------------------------------
Sicherheitsforscher präsentierten vor wenigen Wochen eine Schwachstelle, die Fernverwaltungs-Software wie Teamviewer betrifft. Im Nachgang fanden die Forscher eine App in Googles Play Store, die genau diese Schwäche ausnutzt.
---------------------------------------------
http://heise.de/-2790706