[CERT-daily] Tageszusammenfassung - Donnerstag 21-04-2016

Thu Apr 21 18:20:13 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 20-04-2016 18:00 − Donnerstag 21-04-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Angebliche Paket-Verständigung von der "Post" kann Ihre Daten durch Verschlüsselung unbrauchbar machen ***
---------------------------------------------
Modus Operandi Kaum ist die Bedrohung durch angebliche E-Mails von DHL im Abklingen, erreicht uns eine neue Welle von E-Mails mit gefährlichem Inhalt. Nunmehr gibt die Mail vor von der "Post" zu stammen und informiert über eine nicht erfolgreich durchgeführte Zustellung. Die weitere Vorgehensweise bleibt dabei gleich; der Empfänger wird aufgefordert den Versandschein über einen Link in der Mail herunter zu laden.
---------------------------------------------
http://www.bmi.gv.at/cms/BK/betrug/files/Cryptolocker_Ransomware_Post.pdf


*** Decoding Pseudo-Darkleech (#1), (Thu, Apr 21st) ***
---------------------------------------------
Im currently going through a phase of WordPress dPression. Either my users are exceptionally adept at finding hacked and subverted WordPress sites, or there are just so many of these sites out there. This weeks particular fun seems to be happening on restaurant web sites. Inevitably, when checking out the origin of some crud, I discover a dPressing installation that shows signs of being owned since months. The subverted sites currently lead to Angler Exploit Kit (Angler EK), and are using...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20969&rss


*** SpyEye botnet kit developer sentenced to long jail term ***
---------------------------------------------
Aleksandr Andreevich Panin, the Russian developer of the SpyEye botnet creation kit, and an associate were on Wednesday sentenced to prison terms by a court in Atlanta, Georgia, for their role in developing and distributing malware that is said to have caused millions of dollars in losses to the financial sector.Panin, who set out to develop SpyEye as a successor to the Zeus malware that affected financial institutions since 2009, was sentenced by the court to nine and half years in prison,...
---------------------------------------------
http://www.cio.com/article/3059554/spyeye-botnet-kit-developer-sentenced-to-long-jail-term.html


*** Looking Into a Cyber-Attack Facilitator in the Netherlands ***
---------------------------------------------
A small webhosting provider with servers in the Netherlands and Romania has been a hotbed of targeted attacks and advanced persistent threats (APT) since early 2015. Starting from May 2015 till today we counted over 100 serious APT incidents that originated from servers of this small provider. Pawn Storm used the servers for at least 80 high profile attacks against various governments in the US, Europe, Asia, and the Middle East. Formally the Virtual Private Server (VPS) hosting company is...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/MKFUpCeHi9s/


*** FBI warns farming industry about equipment hacks, data breaches ***
---------------------------------------------
As Internet-connected equipment is increasingly used in many industry sectors, alerts like the latest one issued by the FBI to US farmers will likely become a regular occurrence. While precision agriculture technology (a.k.a. smart farming) reduces farming costs and increases crop yields, farmers need to be aware of and understand the associated cyber risks to their data and ensure that companies entrusted to manage their data, including digital management tool and application developers...
---------------------------------------------
https://www.helpnetsecurity.com/2016/04/21/farming-cyber-risks/


*** Lab - Cryptographic Algorithms ***
---------------------------------------------
For this lab we'll be using GPG, OpenSSL to demonstrate symmetric and asymmetric encryption/decryption and MD5, SHA1 to demonstrate hash functions. Virtual Machine Needed: Kali Before starting the lab here are some definitions: In all symmetric crypto algorithms (also called Secret Key encryption) a secret key is used for both encrypt plaintext and decrypt the...
---------------------------------------------
http://resources.infosecinstitute.com/lab-cryptographic-algorithms/


*** Fremdenfeindliche Ausdrucke: "Hackerangriff" auf Universitätsdrucker ***
---------------------------------------------
Hackerangriff oder doch nur eine falsche Druckerkonfiguration: In verschiedenen Universitäten in Deutschland sind in den Druckern Dokumente mit fremdenfeindlichem Hintergrund gefunden worden.
---------------------------------------------
http://www.golem.de/news/fremdenfeindliche-ausdrucke-hackerangriff-auf-universitaetsdrucker-1604-120478-rss.html


*** Security update available for the Adobe Analytics AppMeasurement for Flash Library ***
---------------------------------------------
A Security Bulletin (APSB16-13) has been published regarding a security update for the Adobe Analytics AppMeasurement for Flash Library. This update resolves an important vulnerability in the AppMeasurement for Flash library that could be abused to conduct DOM-based cross-site scripting attacks...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1341


*** DFN-CERT-2016-0655: Squid: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0655/


*** [R2] Nessus < 6.6 Fixes Two Vulnerabilities ***
---------------------------------------------
http://www.tenable.com/security/tns-2016-08


*** Moxa NPort Device Vulnerabilities (Update A) ***
---------------------------------------------
This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS-ALERT-16-099-01 Moxa NPort Device Vulnerabilities that was published April 8, 2016, on the ICS-CERT web page. ICS-CERT is aware of a public report of vulnerabilities affecting multiple models of the Moxa NPort device. ICS-CERT has notified Moxa of the report, and Moxa has validated all five of the reported vulnerabilities.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-099-01


*** Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow ***
---------------------------------------------
Topic: Hyper-V - vmswitch.sys VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow Risk: High Text:/* This function is reachable by sending a RNDIS Set request with OID 0x01010209 (OID_802_3_MULTICAST_LIST) from the Guest to...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016040133


*** Avast SandBox Escape via IOCTL Requests ***
---------------------------------------------
Topic: Avast SandBox Escape via IOCTL Requests Risk: Medium Text:* CVE: CVE-2016-4025 * Vendor: Avast * Reported by: Kyriakos Economou * Date of Release: 19/04/2016 * Affected Products: Mu...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016040134


*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc
---------------------------------------------
*** Cisco Wireless LAN Controller Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos
---------------------------------------------
*** Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6
---------------------------------------------
*** Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd
---------------------------------------------
*** Multiple Cisco Products libSRTP Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2016-0800) ***
http://www.ibm.com/support/docview.wss?uid=swg21980721
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in libcURL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3237) ***
http://www.ibm.com/support/docview.wss?uid=swg21980719
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3197, CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21980716
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) ***
http://www.ibm.com/support/docview.wss?uid=swg21980714
---------------------------------------------
*** IBM Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8851 ***
http://www.ibm.com/support/docview.wss?uid=swg21981528
---------------------------------------------
*** IBM Security Bulletin: IBM Spectrum Scale, with the Spectrum Scale GUI installed, is affected by a security vulnerability (CVE-2016-0361) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005742
---------------------------------------------


*** Drupal Security Advisories for Third-Party Modules ***
---------------------------------------------
*** EPSA Crop - Image Cropping - Critical -XSS - SA-CONTRIB-2016-024 - Unsupported ***
https://www.drupal.org/node/2710247
---------------------------------------------
*** Organic groups - Moderately Critical - Access bypass - DRUPAL-SA-CONTRIB-2016-023 ***
https://www.drupal.org/node/2710115
---------------------------------------------
*** Search API - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-022 ***
https://www.drupal.org/node/2710063
---------------------------------------------