[CERT-daily] Tageszusammenfassung - Freitag 11-09-2015

Fri Sep 11 18:05:12 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 10-09-2015 18:00 − Freitag 11-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Bundeslagebild Cybercrime: Crime-as-a-Service wächst weiter ***
---------------------------------------------
Das Bundeskriminalamt hat auf seiner Cybercrime-Konferenz C³ das Lagebild Cybercrime veröffentlicht. Demnach steigt die Bedrohung auf allen Gebieten der computerunterstützen Kriminalität.
---------------------------------------------
http://heise.de/-2810254


*** VMSA-2015-0003.11 ***
---------------------------------------------
Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE.
VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, ..
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0003.html


*** OpenLDAP Bug in ber_get_next() Lets Remote Users Cause the Target Service to Crash ***
---------------------------------------------
A vulnerability was reported in OpenLDAP. A remote user can cause the target service to crash. A remote user can send a specially crafted packet to cause the target slapd service to crash.
---------------------------------------------
http://www.securitytracker.com/id/1033534


*** Yokogawa Multiple Products Buffer Overflow Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for stack-based buffer overflow vulnerabilities in multiple Yokogawa products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01


*** Von T-Systems: Der Bundestag bekommt eine neue IT-Infrastruktur ***
---------------------------------------------
Als Reaktion auf den Hackerangriff werden im Bundestag nun mehr als 10.000 Webseiten dauerhaft gesperrt. Außerdem soll T-Systems ein neues Netzwerk aufbauen. Bundestags-Mitarbeiter müssen ihre USB-Sticks bald zu Hause lassen. 
---------------------------------------------
http://www.golem.de/news/von-t-systems-der-bundestag-bekommt-eine-neue-it-infrastruktur-1509-116255.html


*** Google veröffentlicht erstes monatliches Sicherheitsupdate ***
---------------------------------------------
Nach der Entdeckung der Stagefright-Sicherheitslücke hatte Google angekündigt, einen monatlichen Patchday mit Sicherheitsupdates einzuführen. Jetzt sind die ersten Builds veröffentlicht worden. 
---------------------------------------------
http://www.golem.de/news/android-google-veroeffentlicht-erstes-monatliches-sicherheitsupdate-1509-116259.html


*** Simulation zeigte Millionen Hacker-Angriffe auf Zug-Steuersysteme ***
---------------------------------------------
Falle "HoneyTrain": Wer würde tatsächlich versuchen, in die originalgetreue Nachbildung eines Zug-Steuerungssystems einzudringen?
---------------------------------------------
http://derstandard.at/2000022056115


*** Cyber criminal crew DD4BC extorts businesses via DDoS ***
---------------------------------------------
According to a report recently issued by Akamai, the DD4BC criminal group has been responsible for at least 114 DDoS attacks on its customers. According the Akamai firm, the criminal crews known as DD4BC has carried out at least 114 ..
---------------------------------------------
http://securityaffairs.co/wordpress/40034/cyber-crime/dd4bc-group-extortion-ddos.html


*** Analysing a new eBanking Trojan called Fobber ***
---------------------------------------------
Some weeks ago we read an interesting blog by Malwarebytes about Fobber, a new e-banking focussed malware in the arena that seems to be a Tinba spinoff. We decided to have a closer look at it to find out whether Swiss critical infrastructures are targeted by it. Wed like to share our findings with you, because it contains some interesting advanced techniques ..
---------------------------------------------
http://www.govcert.admin.ch/blog/12/analysing-a-new-ebanking-trojan-called-fobber


*** SUCEFUL: Next Generation ATM Malware ***
---------------------------------------------
You dip your debit card in an automated teller machine (ATM) and suddenly realize it is stuck inside, what happened?
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/09/suceful_next_genera.html


*** A Retrospective on Ashely Madison and the Value of Threat Modeling ***
---------------------------------------------
One of my favourite authors in the field of computer security is Gary McGraw. If you are not familiar with him, I'd suggest you start by reading his book Software Security: Building Security In. One of the key points he makes is a distinction ..
---------------------------------------------
https://littlemaninmyhead.wordpress.com/2015/09/08/a-retrospective-on-ashely-madison-and-the-value-of-threat-modeling/


*** A Peek Inside an Affiliate's Malspam Operation: Kovter and Miuref/Boaxxe Infections ***
---------------------------------------------
In March of this year, reports of malspam campaigns utilizing an email attached '.doc.js' files, which tied back to the Kovter and Boaxxe clickfraud trojans. The analysis of these malware families have already been well documented ..
---------------------------------------------
http://phishme.com/a-peek-inside-an-affiliates-malspam-operation-kovter-and-miurefboaxxe-infections/