[CERT-daily] Tageszusammenfassung - Mittwoch 27-04-2016

Daily end-of-shift report team at cert.at
Wed Apr 27 18:16:12 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 26-04-2016 18:00 − Mittwoch 27-04-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Nationale Strategie: De Maizière will Wirtschaft besser gegen Cyberspionage schützen ***
---------------------------------------------
Manchmal ist es eine komplexer Hackerangriff, manchmal fängt sich der Chef die Schadsoftware auch direkt von der Speisekarte seines Lieblingsrestaurants ein. Vielen Unternehmen fehlt noch das Bewusstsein der Gefahr. Das soll anders werden.
---------------------------------------------
http://heise.de/-3189372




*** All About Fraud: How Crooks Get the CVV ***
---------------------------------------------
A longtime reader recently asked: "How do online fraudsters get the 3-digit card verification value (CVV or CVV2) code printed on the back of customer cards if merchants are forbidden from storing this information? The answer: Probably by installing a Web-based keylogger at an online merchant so that all data that customers submit to the site is copied and sent to the attackers server.
---------------------------------------------
http://krebsonsecurity.com/2016/04/all-about-fraud-how-crooks-get-the-cvv/




*** A Look Inside Cerber Ransomware ***
---------------------------------------------
The "Cerber" family of ransomware first appeared in open source reporting in March 2016, with victims readily identified by the ".cerber" extension left on encrypted files. Unlike many other ransomware variants, Cerber is designed to encrypt a victim's file system immediately, without receiving "confirmation" or instructions from a command and control (C2) node. After this malicious encryption is complete, HTML and text files are opened on the infected...
---------------------------------------------
https://blog.team-cymru.org/2016/04/a-look-inside-cerber-ransomware/




*** Malvertising On The Pirate Bay Drops Ransomware ***
---------------------------------------------
Magnitude EK strikes again, this time on The Pirate Bay, and drops the Cerber Ransomware. Categories:  ExploitsTags: cerbermagnitude EKransomwareThe Pirate BayTPB(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016/04/malvertising-on-the-pirate-bay-drops-ransomware/




*** Next up. A look at Locky Ransomware ***
---------------------------------------------
Weve been examining some of the newer - or, at least, most currently prevalent - strains of ransomware. This time we look at Locky.
---------------------------------------------
http://www.scmagazine.com/next-up-a-look-at-locky-ransomware/article/492355/




*** 7ev3n ransomware alters name, asks for much lower ransom ***
---------------------------------------------
A variant of 7ev3n ransomware has modified its name and begun asking victims for a considerably lower ransom fee than it was seeking just a few months ago. Security researchers originally detected the 7ev3n ransomware back in January of this year.
---------------------------------------------
https://www.grahamcluley.com/2016/04/7ev3n-ransomware-alters-asks-lower-ransom/




*** BSI-Umfrage: Ein Drittel der Unternehmen ist von Erpressungs-Trojanern betroffen ***
---------------------------------------------
Den Ergebnissen einer Ransomware-Umfrage des BSI zufolge schützen 60 Prozent der befragten Institutionen aus der deutschen Wirtschaft die Lage als verschärft ein. Auch die Security Bilanz Deutschland vermeldet einen erhöhten Bedrohungsgrad.
---------------------------------------------
http://heise.de/-3189776




*** "Ransomware ist mittlerweile die größte Bedrohung" ***
---------------------------------------------
Trojaner, die Systeme verschlüsseln, bieten Kriminellen einen einfachen Weg, Geld zu verdienen. Die Opferzahlen steigen und auch Smartphones sind nicht mehr sicher.
---------------------------------------------
http://futurezone.at/digital-life/ransomware-ist-mittlerweile-die-groesste-bedrohung/195.139.443




*** Digging deep for PLATINUM ***
---------------------------------------------
There is no shortage of headlines about cybercriminals launching large-scale attacks against organizations. For us, the activity groups that pose the most danger are the ones who selectively target organizations and desire to stay undetected, protect their investment, and maximize their ROI. That's what motivated us - the Windows Defender Advanced Threat Hunting team, known...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/04/26/digging-deep-for-platinum/




*** Boffins believe buggy Binder embiggens Android attack surface ***
---------------------------------------------
Punching holes in problematic private APIs Bugs in Androids Binder inter-process communication (IPC) mechanism open up a mass of security bugs, according to University of Michigan boffins Huan Feng and Kang Shin.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/04/27/boffins_believe_buggy_binder_embiggens_android_attack_surface/




*** Memory Forensics ***
---------------------------------------------
Introduction This mini-course started with forensic memory basics, in this mini-course, we have explained how you can and what you can find artifacts from memory. As Memory forensics is very vast topic so we have also explained some memory basic such as how memory works what memory architecture and its unit is. Also, what artifacts...
---------------------------------------------
http://resources.infosecinstitute.com/memory-forensics/




*** An Introduction to Mac memory forensics, (Tue, Apr 26th) ***
---------------------------------------------
Unfortunately when its come to the memory forensics Mac in environment doesnt have the luxury that we have in the Windows environment. The first step of the memory forensics is capturing the memory, while in Windows we have many tools to achieve this, in Mac we have very few options.  OSXPmem is the only available option for memory capturing that support El Capitan, https://github.com/google/rekall/releases/download/v1.3.2/osxpmem_2.0.1.zip Now let"> cd osxpmem.app/     "> chown
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20989&rss




*** How to Suck at Information Security - A Cheat Sheet ***
---------------------------------------------
This cheat sheet presents common information security mistakes, so you can avoid making them. Yeah, the idea is that you should do the opposite of what it says below. To print, use the one-sheet PDF version; you can also edit the Word version for you own needs.
---------------------------------------------
https://zeltser.com/suck-at-security-cheat-sheet/




*** [DSA 3558-1] openjdk-7 security update ***
---------------------------------------------
CVE ID: CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, denial of service or information disclosure.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2016/msg00134.html




*** VTS16-001: NetBackup Remote Access Vulnerabilities ***
---------------------------------------------
Multiple vulnerabilities have been identified in Veritas (formerly Symantec) NetBackup Master/ Media Servers and clients. An attacker, able to successfully access a vulnerable NetBackup host, could potentially execute arbitrary commands or operations resulting in possible unauthorized, privileged access to the targeted system.
---------------------------------------------
https://www.veritas.com/content/support/en_US/security/VTS16-001.html




*** F5 Security Advisory: glibc calloc vulnerability CVE-2015-5229 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23822215.html?ref=rss




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976066
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Editionaffects IBM Algorithmics Algo Risk Application and Algo One Core ( CVE-2015-4872, CVE-2015-4911, CVE-2015-4893, CVE-2015-4803, ***
http://www.ibm.com/support/docview.wss?uid=swg21981349
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Provisioning Manager (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21981826
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2015-2601,CVE-2015-4749.CVE-2015-2625,CVE-2015-1931 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21976560
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in HTTP Response Splitting affects IBM Algorithmics Algo Risk Application & AlgoOne Core- CVE-2015-2017 ***
http://www.ibm.com/support/docview.wss?uid=swg21981532
---------------------------------------------


More information about the Daily mailing list