[CERT-daily] Tageszusammenfassung - Dienstag 7-07-2015

Tue Jul 7 18:07:16 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 06-07-2015 18:00 − Dienstag 07-07-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Security Advisory: BIG-IQ remote authentication vulnerability CVE-2015-4637 ***
---------------------------------------------
When remote authentication is configured on the BIG-IQ system for a LDAP server that allows anonymous BIND operations, a unauthenticated user may obtain an authentication token from the REST API for any known (or guessed) LDAP user account and will receive all the access and privileges of that user account for REST API calls. (CVE-2015-4637)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/800/sol16861.html?


*** Fraudulent BatteryBot Pro App Yanked from Google Play ***
---------------------------------------------
A malicious Android app spoofing the popular BatteryBot Pro app has been pulled from Google Play. Researchers at Zscaler reported the app, which had a package name of com.polaris.BatteryIndicatorPro. The app requested excessive permissions from the user in an attempt to get full control of an ..
---------------------------------------------
http://threatpost.com/fraudulent-batterybot-pro-app-yanked-from-google-play/113630


*** Malvertisement - A Nuclear EK Tale ***
---------------------------------------------
Over the past couple of years delivering malware via advertisements, or "malvertisement," has become one of the most popular methods of distribution for exploit kits. Like most trends in the world of Internet security, the longer it endures - the ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Malvertisement-%e2%80%93-A-Nuclear-EK-Tale/


*** Social Engineering - A Case Study ***
---------------------------------------------
In this article, I am going to illustrate a real life social engineering hack that I did it for my friend. My friend saw some property ads on internet. He filled the query form for that ad, and after a day he got a call fraudulent call ..
---------------------------------------------
http://resources.infosecinstitute.com/social-engineering-a-case-study/


*** Two major IT-Security Myths debunked ***
---------------------------------------------
There are two statements G DATA’s security experts hear and read time and again: “I do not surf on porn websites, my computer can’t get infected” as well as “my computer does not hold anything valuable and I have nothing to hide – why should I be a target?” It would be a pleasure to confirm this, but, unfortunately, we do not live in an ideal world. The company’s latest Malware Report underlines why such sentences should be regarded as myths and IT-Security is important for everyone.
---------------------------------------------
https://blog.gdatasoftware.com/blog/article/two-major-it-security-myths-debunked.html


*** NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8081


*** NewStatPress <= 1.0.4 - SQL Injection ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8080


*** Safer Internet ***
---------------------------------------------
Anna is the director of a small kindergarten in Zurich. To give the kindergarten a home on the Internet, she registered a domain name and put up a website where parents can get up-to-date information about the kindergarten. A friend ..
---------------------------------------------
http://securityblog.switch.ch/2015/07/07/safer-internet/


*** Kritischer OpenSSL-Patch voraus ***
---------------------------------------------
Mit einer kurzen Notiz verkündet Mark J. Cox, dass man Donnerstag, den 9. Juli, ein Sicherheits-Update für OpenSSL veröffentlichen wolle. Dies sei der höchsten Sicherheitsstufe zuzurechnen (high). Das bedeutet, dass gängige Konfigurationen betroffen sind und die Lücke sich wahrscheinlich ausnutzen lässt, um Denial-of-Service-Angriffe durchzuführen, Daten zu klauen oder sogar betroffene System zu kapern.
---------------------------------------------
http://heise.de/-2739804


*** Landeskriminalamt Salzburg warnt vor gefälschten Paketdienst-E-Mails ***
---------------------------------------------
In Salzburg sind derzeit verstärkt Internet-Betrüger aktiv. Die Polizei warnt akut vor gefälschten E-Mails im Namen bekannter Paketdienste, die vorgeben, dass eine Postsendung unterwegs sei. Über einen Link könne man den aktuellen Paketstatus abrufen. Ein Klick darauf installiert in Wirklichkeit aber die Schadsoftware "CryptoLocker", welche die auf der Festplatte gespeicherten Daten verschlüsselt.
---------------------------------------------
http://derstandard.at/2000018700461


*** Fuzzing: Auf Fehlersuche mit American Fuzzy Lop ***
---------------------------------------------
Programme testweise mit massenhaft fehlerhaften Daten zu füttern, ist eine effektive Methode, um Fehler zu finden. Das sogenannte Fuzzing ist schon seit Jahrzehnten bekannt, doch bessere Tools und einige spektakuläre Funde von Sicherheitslücken haben zuletzt das Interesse daran erneut geweckt. 
---------------------------------------------
http://www.golem.de/news/fuzzing-auf-fehlersuche-mit-american-fuzzy-lop-1507-114932.html


*** New Android Malware Family Evades Antivirus Detection by Using Popular Ad Libraries ***
---------------------------------------------
Unit 42 discovered a new family of Android malware that successfully evaded all antivirus products on the VirusTotal web service. We named this malware family 'Gunpoder' based on the main malicious component name, ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/07/new-android-malware-family-evades-antivirus-detection-by-using-popular-ad-libraries/


*** Hacked Hacking Team ***
---------------------------------------------
Wie ja seit gestern gross durch die diversen Medien getrommelt wird (siehe etwa heise.de, derstandard.at), wurde das Unternehmen "Hacking Team" anscheinend selbst Opfer eines Angriffs. In den dabei geleakten Daten sind auch etliche Hinweise auf bislang unbekannte Exploits ("0-days") zu finden. Leider fehlt uns die Kapazität, die gesamten geleakten Daten (gut 160.000 Dateien mit insg. rund 400GB!) in endlicher Zeit selbst zu analysieren, daher müssen wir uns dabei auf die Community verlassen.
---------------------------------------------
http://www.cert.at/services/blog/20150707141314-1556.html


*** Attack of the Zombie Orkut Phishing Pages ***
---------------------------------------------
Sometimes long dead websites are targeted by phishing pages. When those sites made use of single sign-on, the danger will never quite go away. Orkut may be gone, but the fake login pages persist ..
---------------------------------------------
https://blog.malwarebytes.org/fraud-scam/2015/07/attack-of-the-zombie-orkut-phishing-pages/