[CERT-daily] Tageszusammenfassung - Dienstag 19-04-2016

Tue Apr 19 18:05:24 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 18-04-2016 18:00 − Dienstag 19-04-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Touch ID: 90 Prozent der iPhone-Nutzer setzen jetzt auf Code-Sperre ***
---------------------------------------------
Seit der Einführung des Fingerabdruckscanners hat sich laut Apple der Anteil der Nutzer verdoppelt, die ihr iPhone mit einem Gerätecode schützen und damit die Daten verschlüsseln.
---------------------------------------------
http://heise.de/-3177095


*** JavaScript-toting spam emails: What should you know and how to avoid them? ***
---------------------------------------------
We have recently observed that spam campaigns are now using JavaScript attachments aside from Office files. The purpose of the code is straightforward. It downloads and runs other malware. Some of the JavaScript downloaders ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/04/18/javascript-toting-spam-emails-what-should-you-know-and-how-to-avoid-them/


*** Google Alerts, Direct Webmaster Communication Get Bugs Fixed Quickly ***
---------------------------------------------
Google determined that Safe Browsing warnings correlate with quicker remediation times, though not as quick as direct contact with webmasters who have registered with Google Search Console.
---------------------------------------------
http://threatpost.com/google-alerts-direct-webmaster-communication-get-bugs-fixed-quickly/117491/


*** Magnitude EK Activity At Its Highest Via AdsTerra Malvertising ***
---------------------------------------------
The Magnitude exploit kit is maximizing its leads via a large and uninterrupted malvertising campaign.Categories:  ExploitsTags: adsterramagnitude EKmalvertisingterraclicks(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016/04/magnitude-ek-activity-at-its-highest-via-adsterra-malvertising/


*** iPrint Appliance 2.0 Patch 1 ***
---------------------------------------------
Abstract: Patch 1 for the iPrint Appliance 2.0 includes bug fixes.Document ID: 5240661Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:iPrint-2.0.0.530.HP.zip (594.99 MB)Products:iPrint Appliance 2Superceded Patches:iPrint Appliance 2.0 FTF
---------------------------------------------
https://download.novell.com/Download?buildid=W46YTfqEGiQ~


*** Symantec Messaging Gateway Multiple Security Issues ***
---------------------------------------------
Revisions None Severity Severity (CVSS version 2 and CVSS Version 3) CVSS2 Base Score ..
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160418_00


*** Python-Based PWOBot Targets European Organizations ***
---------------------------------------------
We have discovered a malware family named 'PWOBot' that is fairly unique because it is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations


*** Zahlen, bitte! Täglich 390.000 neue Schadprogramme ***
---------------------------------------------
Momentan hat man das Gefühl, in jedem Mail-Anhang und hinter jedem Link versteckt sich irgendeine Malware. Antiviren-Hersteller und Test-Labore verstärken diesen Eindruck noch durch irrwitzig hohe Zahlen neuer Schadprogramme. 
---------------------------------------------
http://heise.de/-3177141


*** 2015 über 550 Millionen Datensätze von Sicherheitslecks betroffen ***
---------------------------------------------
Anzahl bekannt gewordener Zero-Day-Lücken mehr als verdoppelt – Entwickler werden schneller beim Ausmerzen
---------------------------------------------
http://derstandard.at/2000035195204


*** How-To Disable Windows Script Host ***
---------------------------------------------
Numerous spam campaigns are pushing various crypto-ransomware families (and backdoors) via .zip file attachments. And such .zip files typically contain a JScript (.js/.jse) file that, if clicked, will be run via Windows Script Host. Do yourself a favor and edit your Windows Registry ..
---------------------------------------------
https://labsblog.f-secure.com/2016/04/19/how-to-disable-windows-script-host/


*** Exploit kit writers turn away from Java, go all-in on Adobe Flash ***
---------------------------------------------
312% increase in Flash vulns over 2014, says study Exploit kit writers are no longer fussed about Java vulnerabilities, focusing their attention almost entirely on Adobe Flash.
---------------------------------------------
www.theregister.co.uk/2016/04/19/exploit_kit_writers_love_flash/


*** Homeland Security: Open Source dient der inneren Sicherheit ***
---------------------------------------------
Die Offenlegung von Code habe Vorteile bei der "Cybersicherheit" und werde helfen, die Nation vor Gefahren zu schützen, meint der Technikchef der zuständigen US-Behörde. Außerdem könnten Bürger die Behörde dank Open Source besser überwachen, glauben Entwickler. 
---------------------------------------------
http://www.golem.de/news/homeland-security-open-source-dient-der-inneren-sicherheit-1604-120418.html


*** Tools ***
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer. The following vulnerabilities have been addressed: ...
---------------------------------------------
http://support.citrix.com/article/CTX209443


*** Perfides PayPal-Phishing mit angeblicher Eventim-Rechnung ***
---------------------------------------------
Eine überdurchschnittlich gut gemachte Phishing-Mail soll PayPal-Kunden in die Datenfalle locken. Die Absender haben sogar beim Header getrickst.
---------------------------------------------
http://heise.de/-3177745