[CERT-daily] Tageszusammenfassung - Freitag 12-06-2015

Fri Jun 12 18:05:01 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 11-06-2015 18:00 − Freitag 12-06-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Gamarue dropping Lethic bot ***
---------------------------------------------
The Gamarue (aka Andromeda) botnet is a highly modular botnet family that allows attackers to take complete control of an infected system and perform a range of malicious activity by downloading additional payloads. In this blog, we will cover a recent Gamarue ..
---------------------------------------------
http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html


*** Popcash Malvertising Leads to CryptoWall ***
---------------------------------------------
End users face the harsh reality of malvertising with CryptoWall ransomware dropped on their systems.
---------------------------------------------
https://blog.malwarebytes.org/malvertising-2/2015/06/popcash-malvertising-leads-to-cryptowall-3-0/


*** RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability ***
---------------------------------------------
This advisory provides publicly disclosed vulnerabilities and mitigation measures for the RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01


*** Microsoft flags Ask toolbar as unwanted and dangerous ***
---------------------------------------------
>From this month on, all versions of Ask.coms infamous browser toolbar except the very last will be detected as unwanted ..
---------------------------------------------
http://www.net-security.org/secworld.php?id=18506


*** The June 2015 issue of our SWITCH Security Report is available! ***
---------------------------------------------
Dear Reader! A new issue of our monthly SWITCH Security Report has just been released. The topics covered in this report are: What do tax authorities and contact sites have in ..
---------------------------------------------
http://securityblog.switch.ch/2015/06/12/the-june-2015-issue-of-our-switch-security-report-is-available/


*** Integrating PaX into Android ***
---------------------------------------------
The PaX project provides many exploit mitigation features to harden the Linux kernel far beyond the baseline security features provided by upstream. Android is close enough to a normal Linux distribution for it to work quite well out-of-the-box ..
---------------------------------------------
https://copperhead.co/2015/06/11/android-pax


*** Phisher setzen auf Geo-Blocking ***
---------------------------------------------
Damit Phishing-Seiten länger überleben, lassen sich manche von ihnen nur aus dem Land abrufen, auf das es die Cyber-Ganoven abgesehen haben. Phishing-Filterdienste bleiben deshalb außen vor und schöpfen keinen Verdacht.
---------------------------------------------
http://www.heise.de/security/meldung/Phisher-setzen-auf-Geo-Blocking-2689481.html


*** Dyre Configuration Dumper ***
---------------------------------------------
It�s been over a year since Dyre first appeared, and with a rise of infections in 2015, it doesn�t look like the attackers are stopping anytime soon. At PhishMe we�ve been ..
---------------------------------------------
http://phishme.com/dyre-configuration-dumper/


*** OpenSSL-Update verursacht ABI-Probleme ***
---------------------------------------------
OpenSSL veröffentlicht Updates für kleinere Sicherheitslücken - dabei ist den Entwicklern ein Fehler unterlaufen: Durch eine veränderte Datenstruktur ändert sich die Binärschnittstelle der Bibliothek, was zu Fehlfunktionen führen kann. 
---------------------------------------------
http://www.golem.de/news/sicherheitsluecken-openssl-update-verursacht-abi-probleme-1506-114638.html


*** How Heartbleed couldve been found ***
---------------------------------------------
tl;dr With a reasonably simple fuzzing setup I was able to rediscover the Heartbleed bug. This uses state-of-the-art fuzzing and memory protection technology (american fuzzy lop and Address Sanitizer), but it doesnt require any prior knowledge about ..
---------------------------------------------
https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html