[CERT-daily] Tageszusammenfassung - Dienstag 26-04-2016

Daily end-of-shift report team at cert.at
Tue Apr 26 18:11:24 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 25-04-2016 18:00 − Dienstag 26-04-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** "Fourth Sample of ICS Tailored Malware Uncovered and the Potential Impact" ***
---------------------------------------------
I looked at the S4 Europe agenda which was sent out this morning by Dale Peterson and saw an interesting bullet: "Rob Caldwell of Mandiant will unveil some ICS malware in the wild that is doing some new and smarter things to attack ICS. We are working with Mandiant to provide a bit more info … Continue reading Fourth Sample of ICS Tailored Malware Uncovered and the Potential Impact...
---------------------------------------------
http://ics.sans.org/blog/2016/04/25/fourth-sample-of-ics-tailored-malware-uncovered-and-the-potential-impact




*** Juniper patches Logjam, Bar Mitzvah, and various Java vulns ***
---------------------------------------------
In Junos Space, nobody can hear you patch | Juniper Networks sysadmins can add Junos Space network management patches to their to-do list.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/26/juniper_plugs_network_management_against_logjam_bar_mitzvah_and_various_java_vulns/




*** Shopware update fixes RCE bug that affects both shop and target system ***
---------------------------------------------
Shopware, an open-source shopping cart system chosen by a number of big European companies to power their online shops, has recently pushed out a critical security update. The update fixes a remote code execution bug that could allow attackers to read files on the target system, create new ones with malicious content, and run arbitrary code on the target system. This is a critical security vulnerability that not only affect the functions of the shop,...
---------------------------------------------
https://www.helpnetsecurity.com/2016/04/26/shopware-update-fixes-rce-bug/




*** Sicherheits-Report: Unternehmen setzen selbst simple Schutzmechanismen nicht um ***
---------------------------------------------
Forensische Analysen von mehr als 3000 nachweislichen Datenlecks zeigen, dass sich Angreifer wenig Neues einfallen lassen - weil Unternehmensnetze immer noch nicht gegen die ewig gleichen Angriffsmuster geschützt sind.
---------------------------------------------
http://heise.de/-3184485




*** Breaking Steam Client Cryptography ***
---------------------------------------------
So as to not bury the lede: Older versions of Steam allow an attacker who observes a client connecting to Steam to read sensitive information sent over the network. This allows the attacker to take over the account, bypass SteamGuard, and sometimes view plain-text passwords. But how?
---------------------------------------------
https://steamdb.info/blog/breaking-steam-client-cryptography/




*** Malware and non-malware ways for ATM jackpotting. Extended cut ***
---------------------------------------------
Millions of people around the world now use ATMs every day to withdraw cash, pay in to their account or make a variety of payments. Unfortunately, ATM manufacturers and their primary customers - banks - don't pay much attention to the security of cash machines.
---------------------------------------------
http://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/




*** Two Tips to Keep Your Phone's Encrypted Messages Encrypted ***
---------------------------------------------
WhatsApp and Viber may have turned on "default" end-to-end encryption, but truly securing your messages requires a couple steps of your own.
---------------------------------------------
http://www.wired.com/2016/04/tips-for-encrypted-messages/




*** Yeabests[.]cc: A fileless infection using WMI to hijack your Browser ***
---------------------------------------------
Windows comes with a tool called the Windows Management Instrumentation, or WMI, that can be used by system administrators to receive information and notifications from Windows. ... Unfortunately, this [..] can also be used by malware developers for more nefarious reasons such as creating fileless infectors.
---------------------------------------------
http://www.bleepingcomputer.com/news/security/yeabests-cc-a-fileless-infection-using-wmi-to-hijack-your-browser/




*** ENISA's Executive Director addresses EP ITRE Committee on key points for cybersecurity for the EU ***
---------------------------------------------
Following the Commission announcement on the path to digitise the EU industry, ENISA participated at the ITRE meeting on 21st April in an exchange of views on cybersecurity in the EU, and ENISA's role in the implementation of the Digital Single Market.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa2019s-executive-director-addresses-ep-itre-committee-on-key-points-for-cybersecurity-for-the-eu




*** SWIFT banking network warns customers of cyberfraud cases ***
---------------------------------------------
SWIFT, the international banking transactions network, has warned customers of "a number" of recent incidents in which criminals sent fraudulent messages through its system.The warning from SWIFT (Society for Worldwide Interbank Financial Telecommunication) suggests that a February attack on the Bangladesh Bank, in which thieves got away with US $81 million, was not an isolated incident.SWIFT is aware of malware that "aims to reduce financial institutions' abilities"...
---------------------------------------------
http://www.cio.com/article/3061685/swift-banking-network-warns-customers-of-cyberfraud-cases.html#tk.rss_security




*** New Decryptor Unlocks CryptXXX Ransomware ***
---------------------------------------------
Researchers at Kaspersky Lab today published a decryptor that recovers files encrypted by the CryptXXX ransomware.
---------------------------------------------
http://threatpost.com/new-decryptor-unlocks-cryptxxx-ransomware/117668/




*** AKW Gundremmingen: Infektion mit Uralt-Schadsoftware ***
---------------------------------------------
Im Atomkraftwerk Gundremmingen wurde mindestens ein Rechner mit Schadsoftware infiziert. Bei genauerer Betrachtung scheint die Situation allerdings weniger dramatisch, als zuerst angenommen.
---------------------------------------------
http://heise.de/-3188599




*** Rough Auditing Tool for Security (RATS) 2.3 - Crash PoC ***
---------------------------------------------
Topic: Rough Auditing Tool for Security (RATS) 2.3 - Crash PoC Risk: Medium Text:# Exploit Title: RATS 2.3 Crash POC # Date: 25th April 2016 # Exploit Author: David Silveiro # Author Contact: twitter.com/d...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016040155




*** Bugtraq: Trend Micro (Account) - Email Spoofing Web Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538197




*** Bugtraq: VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538198




*** Bugtraq: Sophos XG Firewall (SF01V) - Persistent Web Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538199




*** TYPO3 CMS 6.2.22 and 7.6.6 released ***
---------------------------------------------
The TYPO3 Community announces the versions 6.2.22 LTS and 7.6.6 LTS of the TYPO3 Enterprise Content Management System. We are announcing the release of the following TYPO3 CMS updates: TYPO3 CMS 6.2.22 LTS TYPO3 CMS 7.6.6 LTS All versions are maintenance releases and contain bug fixes only.
---------------------------------------------
https://typo3.org/news/article/typo3-cms-6222-and-766-released/




*** Bugtraq: [security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538194




*** IBM Security Bulletin: IBM Vulnerability in BIND affects AIX (CVE-2015-8704) ***
---------------------------------------------
http://www.ibm.com/support/




*** IBM Security Bulletin: IBM Vulnerability in OpenSSL affects AIX (CVE-2016-2842) ***
---------------------------------------------
http://www.ibm.com/support/


More information about the Daily mailing list