[CERT-daily] Tageszusammenfassung - Montag 28-09-2015

Daily end-of-shift report team at cert.at
Mon Sep 28 18:05:01 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 25-09-2015 18:00 − Montag 28-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Fake online Avast scanner ***
---------------------------------------------
Thanks to a tip from a friend, we came across a fake online scanner that abuses the good name of Avast. The idea to get you to visit this site is by waiting for someone to make a typo and end up at facebooksecuryti(dot)com. The site shows a ..
---------------------------------------------
https://blog.malwarebytes.org/social-engineering/2015/09/fake-online-avast-scanner/




*** Compromised WordPress Campaign - Spyware Edition ***
---------------------------------------------
The Zscaler security research team started investigating multiple WordPress related security events earlier this month and came across a new widespread compromised WordPress campaign leading to the download of unwanted applications. This has been briefly covered by dynamoo and has been reported by some users on official WordPress forums.
---------------------------------------------
http://research.zscaler.com/2015/09/compromised-wordpress-campaign-spyware.html




*** Cisco TelePresence Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
A vulnerability in the web interface of Cisco TelePresence Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41128




*** Banks: Card Breach at Hilton Hotel Properties ***
---------------------------------------------
Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States. Hilton says it is investigating the claims.
---------------------------------------------
http://krebsonsecurity.com/2015/09/banks-card-breach-at-hilton-hotel-properties




*** Splunk Input Validation Flaw in Splunk Web Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1033655




*** McAfee Enterprise Security Manager Filename Processing Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1033654




*** Android Security Symposium - Videos online ***
---------------------------------------------
The Android Security Symposium was a huge success and we are happy that the Videos are available online now. Thank you to Usmile for making this possible!
---------------------------------------------
https://www.sba-research.org/2015/09/26/android-security-symposium-videos-online/




*** Yahoo! Launches Free Web Application Security Scanner ***
---------------------------------------------
Yahoo! has open-sourced Gryffin - a Web Application Security Scanner - in an aim to improve the safety of the Web for everyone. Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a ..
---------------------------------------------
https://thehackernews.com/2015/09/web-application-security-scanner.html




*** Android 6.0: Wie Google den Nutzern die Kontrolle zurückgeben will ***
---------------------------------------------
Das neue Berechtigungsmodell von "Marshmallow" bringt signifikante Verbesserungen
---------------------------------------------
http://derstandard.at/2000022756525




*** Git-1.9.5 ssh-agent.exe Buffer Overflow ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015090161




*** Kim Jong Un: Ein Mobilfunknetz nur für mich ***
---------------------------------------------
Ein eigenes Mobilfunknetz für die nordkoreanische Führung: Was nach einem merkwürdigen Statussymbol klingt, soll die Sicherheit der Regierungskommunikation in dem abgeschotteten Land erhöhen.
---------------------------------------------
http://www.golem.de/news/kimg-jong-un-ein-mobilfunknetz-nur-fuer-mich-1509-116488.html




*** How I hacked my IP camera, and found this backdoor account ***
---------------------------------------------
The time has come. I bought my second IoT device - in the form of a cheap IP camera. As it was the cheapest among all others, my expectations regarding security was low. But this camera was still able to surprise me. Maybe I will disclose the camera model used in my hack in this blog later, but first ..
---------------------------------------------
http://jumpespjump.blogspot.co.at/2015/09/how-i-hacked-my-ip-camera-and-found.html




*** 332M Kick Ass pirates get asses kicked by scareware ass-kickers ***
---------------------------------------------
Welcome to internet technical support. Please give us your computer The worlds most popular pirate torrent site KickAss Torrents is serving scareware advertising, helping dodgy call centre operators con users into handing over remote access to their machines.
---------------------------------------------
www.theregister.co.uk/2015/09/28/332m_kick_ass_pirates_get_asses_kicked_by_scareware_asskickers/




*** HTTP Evasions Explained - Part 3 - Chunked Transfer ***
---------------------------------------------
This is the third article in a series which will explain the evasions done by HTTP Evader. It covers the failure of several firewalls (and some browsers) to support the Transfer-Encoding chunked in the correct way. For example it is possible to bypass ..
---------------------------------------------
http://noxxi.de/research/http-evader-explained-3-chunked.html




*** Mobile Ad Networks as DDoS Vectors: A Case Study ***
---------------------------------------------
CloudFlare servers are constantly being targeted by DDoSes. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets.
---------------------------------------------
https://blog.cloudflare.com/mobile-ad-networks-as-ddos-vectors/




*** Android-Sicherheit: Fehlende Updates als Achillesferse ***
---------------------------------------------
Hersteller nehmen ihre Verantwortung nicht wahr - Zeit für die Politik zu handeln
---------------------------------------------
http://derstandard.at/2000022489460




*** Microsoft: Weniger als 1 Prozent aller Windows-PCs mit Malware infiziert ***
---------------------------------------------
Dem Leiter von Microsofts Antiviren-Abteilung zufolge finden sich lediglich auf 0,6 Prozent aller vom ihm untersuchten ..
---------------------------------------------
http://heise.de/-2824369




*** Saudi Arabia: They liked Hacking Team so much they tried to buy the company ***
---------------------------------------------
Might be nice to avoid new spy tech export laws The Saudi Arabian government came close to buying a majority stake in Italian surveillance software firm Hacking Team last year.
---------------------------------------------
www.theregister.co.uk/2015/09/28/saudi_arabia_hacking_team/




*** Cybercrime-Bekämpfung: "Kooperation ist der Schlüssel" ***
---------------------------------------------
Interpol-Direktor Noboru Nakatani sprach sich am Montag in Wien für eine bessere Zusammenarbeit zwischen Behörden und Wirtschaft bei der Bekämpfung von Cyberkriminalität aus.
---------------------------------------------
http://futurezone.at/digital-life/cybercrime-bekaempfung-kooperation-ist-der-schluessel/155.438.326




*** (Angebliche) Sicherheitslücke: Remote Code Execution durch infizierte Winrar-Archive ***
---------------------------------------------
Selbst entpackende Archive können mit einfachen Mitteln mit Schadcode infiziert werden, der dann auf dem Rechner der Nutzer ausgeführt wird. Die Winrar-Entwickler geben jedoch Entwarnung und kritisieren die Veröffentlichung.
---------------------------------------------
http://www.golem.de/news/angebliche-sicherheitsluecke-remote-code-execution-durch-infizierte-winrar-archive-1509-116545.html






More information about the Daily mailing list