[CERT-daily] Tageszusammenfassung - Montag 4-04-2016

Mon Apr 4 18:10:32 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 01-04-2016 18:00 − Montag 04-04-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl
Co-Handler:  Stephan Richter


*** SideStepper vulnerability in iOS 9 endangers companies that use MDM to distribute apps ***
---------------------------------------------
Researchers are warning companies that the use of MDM technology opens up a loophole in protections added to Apples iOS 9 to help prevent employees from downloading malicious software posing as legit enterprise apps.
---------------------------------------------
http://www.scmagazine.com/sidestepper-vulnerability-in-ios-9-endangers-companies-that-use-mdm-to-distribute-apps/article/487159/


*** Analysis of the Locky infection process ***
---------------------------------------------
In recent months, there has been a significant increase in the number of networks and users affected by ransomware known as Locky, which is used to encrypt a victim's files and then demand a ransom to be paid in bitcoins. But, how does this threat manage to infiltrate computer systems and hijack data? From the ESET Research Lab in Latin America, we can explain the steps and the methods used by cybercriminals to evade various layers of security.
---------------------------------------------
http://www.welivesecurity.com/2016/04/04/analysis-of-the-locky-infection-process/


*** PayPal plugs phishing-enabling vulnerability, stumps up $500 ***
---------------------------------------------
To the bug-splatter who found it. Not to you, dont get excited PayPal has patched a flaw which created a means for miscreants to abuse its platform to lend authenticity to fraudulent or otherwise malicious emails.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/01/paypal_plugs_phishing_vulnerability/


*** Steam hacker says more vulnerabilities will be found, but not by him ***
---------------------------------------------
"It looks like their website hasnt been updated for years."
---------------------------------------------
http://arstechnica.com/gaming/2016/04/steam-hacker-says-more-vulnerabilities-will-be-found-but-not-by-him/


*** New Heap-Spray Exploit Tied To LZH Archive Decompression ***
---------------------------------------------
Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-90s and still in use today.
---------------------------------------------
http://threatpost.com/new-heap-spray-exploit-tied-to-lzh-archive-decompression/117150/


*** Magento e-commerce platform targeted with new ransomware KimcilWare ***
---------------------------------------------
Users of the Magento e-commerce platform are being targeted with a new ransomware called KimcilWare.
---------------------------------------------
http://www.scmagazine.com/magento-e-commerce-platform-targeted-with-new-ransomware-kimcilware/article/487124/


*** Magnitude EK Malvertising Campaign Adds Fingerprinting Gate ***
---------------------------------------------
Threat actors refine a malvertising campaign leading to Magnitude EK.Categories:  Cybercrime ExploitsTags: fingerprintingMagnitudemalvertising(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/cybercrime/2016/04/magnitude-ek-malvertising-campaign-adds-fingerprinting-gate/


*** Continuous Integration: Jenkins sendet versehentlich anonyme Nutzungsdaten ***
---------------------------------------------
Ein Bug in den Jenkins-Versionen 1.645 und 1.642.2 ignoriert die Einstellung zum Senden der Nutzungsstatistik. Ein Update soll das Problem beheben. Alternativ geben die Macher Tipps zur manuellen Abhilfe.
---------------------------------------------
http://heise.de/-3161093


*** "Experience is a good school. But the fees are high." ENISA urges decision makers to take action before a major cyber crisis occurs in Europe ***
---------------------------------------------
ENISA analysed the EU-level crisis management frameworks in five different sectors to make recommendations on more efficient cyber crisis cooperation and management. The report resulting from this study highlights the lessons that can be learnt from other sectors and that could be applicable in the cyber domain. The study concludes with a series of recommendations regarding EU-level priorities to alter the impact of potential cyber crises. More recently ENISA published a video related to this study that summarises the conclusions based on testimonials from experts in other sectors.
---------------------------------------------
https://www.enisa.europa.eu/media/press-releases/201cexperience-is-a-good-school-but-the-fees-are-high201d-enisa-urges-decision-makers-to-take-action-before-a-major-cyber-crisis-occurs-in-europe


*** Multiple vulnerabilities found in Quanta LTE routers (backdoor, backdoor accounts, RCE, weak WPS ...) ***
---------------------------------------------
The Quanta LTE QDH Router device is a LTE router / access point overall badly designed with a lot of vulnerabilities. Its available in a number of countries to provide Internet with a LTE network.
---------------------------------------------
https://pierrekim.github.io/blog/2016-04-04-quanta-lte-routers-vulnerabilities.html


*** Analysis of the Procedure of Penetration on a Hacked Host ***
---------------------------------------------
On the morning of 14th, a colleague of mine reported that the CPU usage of a host reached up to 100%. Then Security Department embarked on investigation and concluded the followings:...
---------------------------------------------
http://en.wooyun.io/2016/03/29/48.html


*** Binärdateien vergleichen: BinDiff ab sofort (fast) gratis nutzen ***
---------------------------------------------
Entwickler und Sicherheitsforscher können das Tool BinDiff zum Vergleichen von Binärdateien kostenlos herunterladen. Für die Nutzung ist aber ein kostenpflichtiger Disassembler nötig.
---------------------------------------------
http://heise.de/-3161798


*** How Reporters Pulled Off the Panama Papers, the Biggest Leak in Whistleblower History ***
---------------------------------------------
The 2.6 terabyte Panama Papers may be the first leak of their scale, but they wont be the last.
---------------------------------------------
http://www.wired.com/2016/04/reporters-pulled-off-panama-papers-biggest-leak-whistleblower-history/


*** DFN-CERT-2016-0539: Squid: Zwei Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0539/


*** DSA-3539 srtp - security update ***
---------------------------------------------
Randell Jesup and the Firefox team discovered that srtp, Ciscosreference implementation of the Secure Real-time Transport Protocol(SRTP), does not properly handle RTP header CSRC count and extensionheader length. A remote attacker can exploit this vulnerability to crashan application linked against libsrtp, resulting in a denial of service.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3539


*** DSA-3540 lhasa - security update ***
---------------------------------------------
Marcin Noga discovered an integer underflow in Lhasa, a lzh archivedecompressor, which might result in the execution of arbitrary code ifa malformed archive is processed.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3540


*** Bugtraq: FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537967


*** Bugtraq: ManageEngine Password Manager Pro Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537969