[CERT-daily] Tageszusammenfassung - Dienstag 24-02-2015

Tue Feb 24 18:06:44 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 23-02-2015 18:00 − Dienstag 24-02-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Open Source Threat Intelligence - Developing a Threat intelligence program using open source tools and public sources ***
---------------------------------------------
Overview of building a threat intelligence program outlining the processes, tasks and activities associated with the development of a functional intelligence program. Developing an Open Source Threat Intelligence Program from Open Source Tools and Public Sources is aimed at bringing business value and technical mitigation efforts, while dispelling common myths like "We're too small", "Who would attack us, we make widgets?" and "We have nothing anyone would...
---------------------------------------------
http://blog.malwareresearch.institute/video/2015/02/23/open-source-threat-intelligence-developing-a-threat-intelligence-program-using-open-source-tools-and-public-sources


*** RIG Exploit Kit - Diving Deeper into the Infrastructure ***
---------------------------------------------
Following our previous blog post about the leaking of the RIG exploit kits source code, we dug deeper into the architecture that facilitates the massive infections using RIG. The screen shot below diagrams RIGs infrastructure. RIG Exploit Kit Infrastructure Most...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/RIG-Exploit-Kit-%e2%80%93-Diving-Deeper-into-the-Infrastructure/


*** Insider threats continue to dominate ***
---------------------------------------------
Ordinary employees, privileged users and the supply chain - such as contractors and third party service providers - are all conduits for a traditional insider threat, according to Vormetric. But the s...
---------------------------------------------
http://www.net-security.org/secworld.php?id=17993


*** Overview of handheld malware for 2014 ***
---------------------------------------------
February 24, 2015 Russian anti-virus company Doctor Web presents its 2014 overview of malware for handheld devices. The last year proved to be rather turbulent and rich in terms of information security events. We witnessed the emergence of a variety of new malicious applications for Android. In particular, the number of banking Trojans whose numerous modifications attacked devices in many countries increased significantly.  Furthermore, 2014 saw the discovery of the first ransomware programs as...
---------------------------------------------
http://news.drweb.com/show/?i=9222&lng=en&c=9


*** Bypassing Windows Lock Screen via Flash Screensaver ***
---------------------------------------------
bypass windows lock screen We have recently discovered an easy method to bypass the Windows Lock screen when a flash screensaver is running. The method allows an attacker to gain unauthorized access to a user’s Windows session if he has physical access to a locked machine.
---------------------------------------------
http://securitycafe.ro/2015/02/23/bypassing-windows-lock-screen-via-flash-screensaver/


*** Windows Exploit Mitigation Technology - Part 2 ***
---------------------------------------------
In Part 1, we explained GS cookies and Safe SEH. If you haven't read that part, it is highly recommended to read it first. The Enhanced Mitigation Experience Toolkit, or EMET, is rudimentally a shield or a shell that runs over Windows applications and protects them, regardless of how those applications have authentically been coded...
---------------------------------------------
http://resources.infosecinstitute.com/windows-exploit-mitigation-technology-part-2/


*** Announcing TYPO3 CMS 7.1 ***
---------------------------------------------
The TYPO3 Community has just released TYPO3 CMS 7.1, the second version within the CMS 7 development cycle.
---------------------------------------------
http://typo3.org/news/article/typo3-cms-71-released-home-improvement/


*** DSA-3171 samba - security update ***
---------------------------------------------
Richard van Eeden of Microsoft Vulnerability Research discovered thatSamba, a SMB/CIFS file, print, and login server for Unix, contains aflaw in the netlogon server code which allows remote code execution withroot privileges from an unauthenticated connection.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3171


*** DSA-3170 linux - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a denial of service, information leaks or privilegeescalation.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3170