[CERT-daily] Tageszusammenfassung - Dienstag 6-10-2015

Tue Oct 6 18:02:08 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 05-10-2015 18:00 − Dienstag 06-10-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** ZDI-15-456: Mozilla Firefox MPEG4 saio Chunk Integer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-456/


*** Trump Hotel Collection Confirms Card Breach ***
---------------------------------------------
The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, said last week that a year-long breach of its credit card system may have resulted in the theft of cards used at the hotels. The acknowledgement comes roughly three months after this author first reported that multiple financial institutions suspected the hotels were compromised.
---------------------------------------------
http://krebsonsecurity.com/2015/10/trump-hotel-collection-confirms-card-breach/


*** Google Pushes Stagefright 2.0 Patches to Nexus Devices ***
---------------------------------------------
Googles latest monthly over-the-air update for its Nexus Android devices include patches for the most recent vulnerabilities in Stagefright.
---------------------------------------------
http://threatpost.com/google-pushes-stagefright-2-0-patches-to-nexus-devices/114923/


*** Nuclear Plants Cybersecurity Is Bad, & Hard To Fix ***
---------------------------------------------
Very few nuclear plants patch software, and operations engineers dislike security pros.
---------------------------------------------
http://www.darkreading.com/risk/nuclear-plants-cybersecurity-is-bad-and-hard-to-fix-/d/d-id/1322489


*** I am HDRoot! Part 1 ***
---------------------------------------------
Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called 'HDRoot' after the original tool's name 'HDD Rootkit', is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool.
---------------------------------------------
http://securelist.com/analysis/publications/72275/i-am-hdroot-part-1/


*** Malware in comments ***
---------------------------------------------
There are many tricks to hide malicious code. One of them is placing it to the part of legitimate files where people dont normally expect to see executable code so they dont skip such places during manual reviews.
---------------------------------------------
http://labs.sucuri.net/?note=2015-10-05


*** Hintergrund: Analysiert: Google-Interna im Second-Hand-Shop ***
---------------------------------------------
Ein in Deutschland gekaufter Gebraucht-Router hatte offenbar einen prominenten Vorbesitzer. Es lieferte den neuen Besitzern interessante und brisante Einblicke in die Infrastruktur von Google - einschliesslich Zugangsdaten.
---------------------------------------------
http://heise.de/-2837379


*** OpenSMTPD Audit Report ***
---------------------------------------------
Topic: OpenSMTPD Audit Report Risk: High Text:(Sorry for the "CVE-2015-ABCD" place-holders in the report, but OpenSMTPDs developers were ready with the patches before MITR...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015100046


*** 2015 Internet Organised Crime Threat Assessment (IOCTA) ***
---------------------------------------------
The 2015 Internet Organised Crime Threat Assessment (IOCTA) is a law enforcement-centric threat assessment intended to inform priority setting for the EMPACT Operational Action Plan for 2016 in the three sub-priority areas of cybercrime (cyber attacks, child sexual exploitation online and payment fraud). The ..
---------------------------------------------
https://www.europol.europa.eu/content/internet-organised-crime-threat-assessment-iocta-2015


*** Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomware Alone ***
---------------------------------------------
Today, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit. Angler is one of the largest exploit kit found on the market and has been making news as it has been linked to several high profile malvertising/ransomware campaigns. This is the most advanced and concerning exploit kit on the market - designed to bypass security devices and ultimately attack the largest number of devices possible.
---------------------------------------------
http://talosintel.com/angler-exposed/


*** The MySpace Worm that Changed the Internet Forever ***
---------------------------------------------
Samy didn't want to be everyone's hero. He didn't even want new friends. But thanks to a few clever lines of code, in less than a day, he became the 'hero', and a 'friend', to more than a million people on what was, at the time, the most popular online social network, MySpace.
---------------------------------------------
http://motherboard.vice.com/read/the-myspace-worm-that-changed-the-internet-forever


*** Vigilante Malware, Dark Knight or Dangerous Joke? ***
---------------------------------------------
It's hard not to like the Batman story. Bruce Wayne, billionaire, playboy, philanthropist, bypasses the ineffectual and corrupt establishment to take the fight to the baddies. There's something romantic about the notion of taking matters into your own hands and getting stuff done where others can't. Now, according to research by Symantec, it seems we have our very ..
---------------------------------------------
https://blog.team-cymru.org/2015/10/vigilante-malware-dark-knight-or-dangerous-joke/