[CERT-daily] Tageszusammenfassung - Montag 14-09-2015

Mon Sep 14 18:09:29 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 11-09-2015 18:00 − Montag 14-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** FireEye wegen Umgang mit Sicherheitsforschern in der Kritik ***
---------------------------------------------
Ein deutscher Forscher, der Lücken in Sicherheits-Gateways der Firma FireEye entdeckt hat, wurde per einstweiliger Verfügung dazu gezwungen, seinen Vortrag zu zensieren. Sein Firmenchef spricht von unprofessionellem Verhalten seitens FireEye.
---------------------------------------------
http://heise.de/-2811690


*** Tracking a Bluetooth Skimmer Gang in Mexico ***
---------------------------------------------
-Sept. 9, 12:30 p.m. CT, Yucatan Peninsula, Mexico: Halfway down the southbound four-lane highway from Cancun to the ancient ruins in Tulum, traffic inexplicably slowed to a halt. There was some sort of checkpoint ahead by the Mexican Federal Police. I began to wonder whether it was a good idea to have ..
---------------------------------------------
http://krebsonsecurity.com/2015/09/tracking-a-bluetooth-skimmer-gang-in-mexico/


*** Neuer Android-Trojaner erpresst mit Lock-Screen-Sperre ***
---------------------------------------------
Versucht über Trick Device-Admin-Rechte einzuholen – Nur jenseits des Play Stores verbreitet
---------------------------------------------
http://derstandard.at/2000022182737


*** How Command and Control Servers Remain Resilient ***
---------------------------------------------
One of the ways that malware activity on a network is spotted is via the activity of their network activity. However, in many cases this can be difficult to detect: there have been incidents where command-and-control (C&C) servers were able to stay ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/adapting-to-change-how-command-and-control-servers-remain-hidden-and-resilient


*** "Die Gefahr ist real": Auto-Hacks schrecken Branche auf ***
---------------------------------------------
IT-Forscher übernahmen mehrmals Kontrolle über Fahrzeuge 
---------------------------------------------
http://derstandard.at/2000022195679


*** Österreichische Forscher entdecken TLS-Schwachstelle ***
---------------------------------------------
Facebook vergibt Bug Bounty-Award an Rise – "Sicherheits-Desaster" verhindert
---------------------------------------------
http://derstandard.at/2000022197161


*** Bundestag-Hack war ein Phishing-Angriff über un.org ***
---------------------------------------------
Die Angreifer auf den Bundestag haben wohl Mails mit gefälschter Absendeadresse verschickt, die einen Link auf Malware enthielten. Nicht nur der Bundestag, sondern mehrere internationale Organisationen seien gleichzeitig angegriffen worden.
---------------------------------------------
http://heise.de/-2811847


*** The Wordpress Plugins Playground ***
---------------------------------------------
This morning, I had a quick look at my web serverlog file and searched for malicious activity. Attacks like brute-force generate a lot of entries and thuscan be easily detected.Other scanners are working below the radar and search for very specific vulnerabilities. In this case, a single request is often ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20147


*** The Shade Encryptor: a Double Threat ***
---------------------------------------------
A family of ransomware Trojans emerged in late 2014/early 2015, and quickly established itself among the top three most widespread encryptors. This threat has been assigned the verdict Trojan-Ransom.Win32.Shade according to Kaspersky Labs classification. The original name given to the encryptor by its creator is not known.
---------------------------------------------
http://securelist.com/analysis/publications/72087/the-shade-encryptor-a-double-threat/


*** HTTP Evasions Explained - Part 1 - Evading Using HTTP 0.9 ***
---------------------------------------------
This is the first article in a series which will explain the evasions done by HTTP evader. It covers the case that most firewalls only block what they detected as explicitly bad and simply pass what they dont understand. The main technique used in this part is the old but still working HTTP 0.9 protocol.
---------------------------------------------
http://noxxi.de/research/http-evader-explained-1-http09.html


*** Exploiting CSRF against search with Lucene ***
---------------------------------------------
Cross domain timing attacks can be used against Lucene to reliably extract information contained within its index. By repeatedly timing HTTP requests using JavaScript Lucene search boxes can be exploited in a similar way to time based blind-sql injection.
---------------------------------------------
https://www.idontplaydarts.com/2015/09/cross-domain-timing-attacks-against-lucene/


*** Brief analysis of a SQL injection in Cacti 0.8.8b ***
---------------------------------------------
Back in September 2013 I wanted to practice some code auditing and picked the latest version of Cacti (v0.8.8b at the time). I spent a few hours looking into the code and also assessing a running instance of Cacti and this exercise resulted in a few vulnerabilities. I was motivated to finally put together this ..
---------------------------------------------
http://blog.whatever.io/2015/09/12/brief-analysis-of-a-sql-injection-in-cacti-0-8-8b/


*** Addressing the Delayed Message Attack in Wireless IoT Environments ***
---------------------------------------------
While many years have passed while we're waiting for IoT to take over the world, there are some recent signs that it might indeed eventually happen. With this in mind, issues related to IoT security tend to become more and more important. In this article, we won't be talking about current IoT security ..
---------------------------------------------
http://ithare.com/addressing-the-delayed-message-attack-in-wireless-iot-environments/