[CERT-daily] Tageszusammenfassung - Montag 11-04-2016

Mon Apr 11 18:12:13 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 08-04-2016 18:00 − Montag 11-04-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner


*** Mumblehard takedown ends army of Linux servers from spamming ***
---------------------------------------------
One year after the release of the technical analysis of the Mumblehard Linux botnet, we are pleased to report that it is no longer active. ESET, in cooperation with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the Mumblehard botnet, stopping all its spamming activities since February 29th, 2016.
---------------------------------------------
http://www.welivesecurity.com/2016/04/07/mumblehard-takedown-ends-army-of-linux-servers-from-spamming/


*** Improvements to Safe Browsing Alerts for Network Administrators ***
---------------------------------------------
[...] Today, to provide Network Admins with even more useful information for protecting their users, we're adding URLs related to Unwanted Software, Malicious Software, and Social Engineering to the set of information we share. Here's the full set of data we share with network administrators:[...]
---------------------------------------------
https://security.googleblog.com/2016/04/improvements-to-safe-browsing-alerts.html


*** Ransomware: Locky, TeslaCrypt, Other Malware Families Use New Tool To Evade Detection ***
---------------------------------------------
Today we identified a new tool actively being used by the Locky ransomware family to evade detection and potentially infect endpoints. Unit 42 identified slight changes in Locky detonations through the AutoFocus threat intelligence service,...
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/04/unit42-ransomware-locky-teslacrypt-other-malware-families-use-new-tool-to-evade-detection/


*** FBI: $2.3 Billion Lost to CEO Email Scams ***
---------------------------------------------
The U.S. Federal Bureau of Investigation (FBI) this week warned about a "dramatic" increase in so-called "CEO fraud," e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.
---------------------------------------------
http://krebsonsecurity.com/2016/04/fbi-2-3-billion-lost-to-ceo-email-scams/


*** If only hackers could stop slurping test and dev databases. Wait, our phone is ringing ... ***
---------------------------------------------
Delphix thinks it has a solution Exposure and loss of sensitive data is happening everywhere these days. One attack surface, as the jargon has it, is sensitive production data used in internal testing and development systems.
---------------------------------------------
http://www.theregister.co.uk/2016/04/08/delphix_data_breach_prevention/


*** Hikvision Digital Video Recorder Cross-Site Request Forgery ***
---------------------------------------------
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5315.php


*** The Open-source vulnerabilities database (OSVDB) shuts down permanently ***
---------------------------------------------
The Open Sourced Vulnerability Database (OSVDB) shut down permanently in response to the lack of assistance from the industry. The Open Sourced Vulnerability Database (OSVDB) shut down permanently, the news was reported in a blog post published by the maintainers of the project. The decision was made in response to the lack of assistance from the industry. 
---------------------------------------------
http://securityaffairs.co/wordpress/46129/security/osvdb-shuts-down.html


*** Windows XP ist nicht totzukriegen: 11 Prozent Marktanteil ***
---------------------------------------------
15 Jahre nach der Veröffentlichung und zwei Jahre nach Support-Ende durch Microsoft ist Windows XP weiterhin das dritthäufigste Betriebssystem im Desktop-Bereich.
---------------------------------------------
http://futurezone.at/produkte/windows-xp-ist-nicht-totzukriegen-11-prozent-marktanteil/191.839.744


*** Hacker-Angriff auf DuMont Mediengruppe: Zeitungsportale betroffen ***
---------------------------------------------
Systeme aus Sicherheitsgründen abgeschaltet
---------------------------------------------
http://derstandard.at/2000034558622


*** Moxa NPort Device Vulnerabilities ***
---------------------------------------------
NCCIC/ICS-CERT is aware of a public report of vulnerabilities affecting Moxa NPort 6110, 5100 series, and 6000 series devices. The Moxa NPort 6110 device is a Modbus/TCP to serial communication gateway. Moxa NPort 5100 series and 6000 series devices are serial-to-Ethernet converters.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-099-01


*** Learning from Bait and Switch Mobile Ransomware ***
---------------------------------------------
Porn and mobile malware; two things that can illicit the response "I didn't know how it got there" when someone finds them. We have recently caught sight of a mobile ransomware distributed by fake adult websites. However, much like a lot of things in the adult industry, this malware doesn't seem very logical.This piece showcases an incident that can help users understand mobile threats and aims to boost user awareness to these threats. We believe that securing knowledge
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/learning-from-bait-switch-mobile-ransomware/


*** Mindless Flash masses saved as exploit kit devs go astray with 0day ***
---------------------------------------------
Since-patched flaw was imperfectly targeted by incompetent crimeware Malwarebytes hacker Jerome Segura says black hats have made a mess of efforts to unleash an Adobe Flash zero day vulnerability as part of their popular exploit kit, reducing the pool of potential victims.
---------------------------------------------
http://www.theregister.co.uk/2016/04/11/mindless_flash_masses_saved_as_magnitude_mongrels_bork_0day/


*** Vista: Das letzte Jahr für die viel gehasste Windows-Version ***
---------------------------------------------
Am 11. April 2017 wird der Support eingestellt - Baldiges Update empfohlen
---------------------------------------------
http://derstandard.at/2000034590249


*** New Threat Report ***
---------------------------------------------
Our latest threat report (PDF) is now available. The report discusses trends from the most prevalent cybersecurity threats we've seen during the year 2015. The Chain of Compromise (CoC) model is also introduced along with exploit kits, ransomware and more. Get it and more from:f-secure.com/labs
---------------------------------------------
https://labsblog.f-secure.com/2016/04/11/new-threat-report/


*** Erpressungs-Trojaner Petya geknackt, Passwort-Generator veröffentlicht ***
---------------------------------------------
Ein kostenloses Tool soll das zum Entschlüsseln nötige Passwort innerhalb weniger Sekunden generieren können, verspricht der Macher des Werkzeugs. Erste Erfolgsberichte von Petya-Opfern liegen bereits vor.
---------------------------------------------
http://heise.de/-3167064


*** Nuclear Drops Tor Runs and Hides ***
---------------------------------------------
Yesterday we observed a new technique in the Nuclear kit and found a new payload and technique we've not seen before.
---------------------------------------------
http://blog.talosintel.com/2016/04/nuclear-tor.html


*** iMessage-Schwachstelle ermöglicht Zugriff auf alle Nachrichten im Klartext ***
---------------------------------------------
Eine Sicherheitslücke in der Nachrichten-App erlaubt einem Angreifer, die Datenbank mit sämtlicher Kommunikation des Opfers auszulesen, sobald dieses einen zugesendeten Link anklickt. Apple hat die Schwachstelle in OS X 10.11.4 beseitigt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/iMessage-Schwachstelle-ermoeglicht-Zugriff-auf-alle-Nachrichten-im-Klartext-3167921.html?wt_mc=rss.ho.beitrag.rdf


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza Host Management (CVE-2016-2842) ***
http://www.ibm.com/support/docview.wss?uid=swg21980927
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-2097, CVE-2016-2098) ***
http://www.ibm.com/support/docview.wss?uid=swg21979720
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2015-7560) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005727
---------------------------------------------
*** IBM Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server if FIPS 140-2 is enabled (CVE-2016-0306) ***
http://www.ibm.com/support/docview.wss?uid=swg21979231
---------------------------------------------
*** Multiple vulnerabilities in OpenSSL affect AIX CVE-2016-0800 CVE-2016-0799 CVE-2016-0798 CVE-2016-0797 CVE-2016-0705 CVE-2016-0702 ***
http://www.ibm.com/support/
---------------------------------------------
*** IBM Security Bulletin: Cross-site scripting vulnerability in Liberty for Java for IBM Bluemix (CVE-2016-0283) ***
http://www.ibm.com/support/docview.wss?uid=swg21980429
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Information Governance Catalog is vulnerable to XXE Injection Attack (CVE-2016-0250) ***
http://www.ibm.com/support/docview.wss?uid=swg21977152
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2016-0701, CVE-2015-3197) ***
http://www.ibm.com/support/docview.wss?uid=swg21979209
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753) ***
http://www.ibm.com/support/docview.wss?uid=swg21979514
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Algorithmics Algo Risk Application and Counterparty Credit Risk (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21979757
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM BigFix Compliance Analytics. (CVE-2015-7575, CVE-2016-0466) ***
http://www.ibm.com/support/docview.wss?uid=swg21979412
---------------------------------------------
*** IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services Access Control: Information Disclosure - Dojo Readmes (CVE-2016-0232) ***
http://www.ibm.com/support/docview.wss?uid=swg21977163
---------------------------------------------
*** IBM Security Bulletin: IBM DB2 LUW contains a denial of service vulnerability in which a malformated DRDA message may cause the DB2 server to terminate abnormally (CVE-2016-0211) ***
http://www.ibm.com/support/docview.wss?uid=swg21979984
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2015-8317) ***
http://www.ibm.com/support/docview.wss?uid=swg21979515
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500) ***
http://www.ibm.com/support/docview.wss?uid=swg21979513
---------------------------------------------