[CERT-daily] Tageszusammenfassung - Montag 9-02-2015

Mon Feb 9 18:03:57 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 06-02-2015 18:00 − Montag 09-02-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Analyzing Angler: The World's Most Sophisticated Exploit Kit ***
---------------------------------------------
Anglers unique obfuscation, ability to detect antivirus and virtual machines, encrypted payload and fileless infection have some calling it the most sophisticated exploit kit.
---------------------------------------------
http://threatpost.com/analyzing-angler-the-worlds-most-sophisticated-exploit-kit/110904


*** Bindead - a static analysis tool for binaries. ***
---------------------------------------------
Bindead is an analyzer for executable machine code. It features a disassembler that translates machine code bits into an assembler like language (RREIL) that in turn is then analyzed by the static analysis component using abstract interpretation. As Bindead operates on the machine code level, it can be used without having the source code of the program to be analyzed. In fact, the purpose of Bindead is to help with the reverse engineering of executable code or binaries.
---------------------------------------------
https://bitbucket.org/mihaila/bindead/wiki/Home


*** ENISA: Threat Landscape for Smart Home and Media Convergence ***
---------------------------------------------
The study identifies threats to all asset classes, across the several alternative design pathways to smart homes. As it develops, the smart home will exhibit a high cyber security risk profile for the individual context, with additional systematic effects on broader information security.
---------------------------------------------
https://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-thematic-landscapes/threat-landscape-for-smart-home-and-media-convergence/


*** Online Windows Binary Analyzer ***
---------------------------------------------
http://labs.nccgroup.com/NCCGroupWindowsBinaryAnalyzer/


*** Firmware Forensics: Diffs, Timelines, ELFs and Backdoors ***
---------------------------------------------
This post covers some common techniques that I use to analyze and reverse firmware images. These techniques are particularly useful to dissect malicious firmwares, spot backdoors and detect unwanted modifications.
---------------------------------------------
http://w00tsec.blogspot.co.at/2015/02/firmware-forensics-diffs-timelines-elfs.html


*** Moodle Directory Traversal Flaw Lets Remote Users View Arbitrary Files ***
---------------------------------------------
A vulnerability was reported in Moodle. A remote user can view files on the target system.
The software does not properly validate user-supplied input to some scripts that serve JavaScript. A remote user can supply a specially crafted request containing the '../' string to view files on target system that are located outside of the document directory.
---------------------------------------------
http://www.securitytracker.com/id/1031712


*** Cisco Security Advisories ***
---------------------------------------------
Cisco AsyncOS Software Uuencode Email Filtering Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605
---------------------------------------------
Cisco Adaptive Security Appliance WebVPN Content Rewriter Denial of Service Vunerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5557
---------------------------------------------
Cisco AsyncOS Software Uuencoded Email Filtering Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605
---------------------------------------------
Cisco Adaptive Security Appliance WebVPN Content Rewriter Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5557