[CERT-daily] Tageszusammenfassung - Donnerstag 21-05-2015

Daily end-of-shift report team at cert.at
Thu May 21 18:11:32 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 20-05-2015 18:00 − Donnerstag 21-05-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** RIG Exploit Kit Infection Cycle Analysis ***
---------------------------------------------
Overview Happy belated birthday to RIG exploit kit! First seen around April 2014, RIG has been in the news several times over the past year. In February, the source code was reportedly leaked online, which likely spurred some of the recent changes weve observed in the kit. ThreatLabZ has been keeping an eye on RIG and in this post well cover an example of a full RIG infection cycle. Delivery...
---------------------------------------------
http://feedproxy.google.com/~r/zscaler/research/~3/JM9Mp15Wupg/rig-exploit-kit-infection-cycle-analysis.html




*** New Router Attack Displays Fake Warning Messages ***
---------------------------------------------
Just because security researchers report about threats doesn't mean we're exempted from them. I recently experienced an incident at home that involved tampered DNS router settings. I was redirected to warning pages that strongly resemble those used in previous FAKEAV attacks. I noticed that my home internet router DNS settings have been modified from its default settings. (My router...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/dJj2wXBlvgk/




*** Exploit kits delivering Necurs, (Thu, May 21st) ***
---------------------------------------------
Introduction In the past few days, weve seenNuclear and Anglerexploit kits (EKs) deliveringmalware identified as Necurs. It certainly isntthe only payload sentfrom Nuclear and otherEKs, but I hadnt really looked into EK traffic sending Necurs lately. Documented as early as 2012, Necurs is a type of malware that opens a back door on the infected computer [1]. It may also disable antivirus products as well as download additional malware [1][2]. I sawNecurs as a malware payload from Nuclear and...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19719&rss




*** Das Erste-Hilfe-Kit gegen Krypto-Trojaner ***
---------------------------------------------
Mit einer Reihe von Werkzeugen will ein Forscher den Opfern von Erpressungs-Trojanern helfen, ihre Daten zu retten und ihre Systeme zu reinigen. Allerdings ist bei der Anwendung Vorsicht geboten.
---------------------------------------------
http://heise.de/-2661154




*** Mumblehard Malware ***
---------------------------------------------
Introduction In this article, we will learn about a malware known as Mumblehard which is known for targeting Linux and BSD OS. This malware opens a backdoor that gives the full control of the infected machine to cybercriminals. Mumblehard malware -Components Perl Backdoor Perl backdoor will request for commands from its Command &Control Server and...
---------------------------------------------
http://resources.infosecinstitute.com/mumblehard-malware/




*** Logjam: the latest TLS vulnerability explained ***
---------------------------------------------
21 May 2015 by Filippo Valsorda
---------------------------------------------
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/




*** The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange ***
---------------------------------------------
Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically: The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the...
---------------------------------------------
https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html




*** CVE-2015-4000 alias "Logjam" .. ***
---------------------------------------------
http://www.cert.at/services/blog/20150521111403-1485.html




*** Vuln: OpenSSL CVE-2015-0288 Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/73237




*** Vuln: OpenSSL /evp/encode.c Remote Memory Corruption Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/73228




*** Samba Memory Corruption Error in prs_append_some_prs_data() Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1032362




*** Cisco Security Manager Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=34325




*** Cisco Adaptive Security Appliance Protocol Independent Multicast Registration Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38937




*** Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38927




*** DSA-3265 zendframework - security update ***
---------------------------------------------
Multiple vulnerabilities were discovered in Zend Framework, a PHPframework. Except for CVE-2015-3154, all these issues were already fixedin the version initially shipped with Jessie.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3265


More information about the Daily mailing list