[CERT-daily] Tageszusammenfassung - Dienstag 2-02-2016

Tue Feb 2 18:09:42 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 01-02-2016 18:00 − Dienstag 02-02-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Cyberangriff auf A1 verursacht Ausfall des mobilen Netzes ***
---------------------------------------------
Attacken seit Samstag - Zeitpunkt der Fehlerbehebung noch nicht in Sicht
---------------------------------------------
http://derstandard.at/2000030190051


*** red|blue: A Soft-ish Introduction to Malware Analysis for Incident Responders ***
---------------------------------------------
One of my resolutions for the New Year is to spend more time conducting behavioral and static analysis of malicious PE files. I recently spent time watching some of the Cybrary Malware Reverse Engineering material and wanted to document my efforts here and share my notes and additional thoughts with you. 
---------------------------------------------
http://www.redblue.team/2016/02/a-soft-introduction-to-malware-analysis.html


*** Malwarebytes Anti-Malware Vulnerability Disclosure ***
---------------------------------------------
In early November, a well-known and respected security researcher by the name of Tavis Ormandy alerted us to several security vulnerabilities in the consumer version of Malwarebytes Anti-Malware. Within days, we were able to fix several of the vulnerabilities server-side and are now internally ..
---------------------------------------------
https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/


*** Massive Admedia/Adverting iFrame Infection ***
---------------------------------------------
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing features of this malware are: 32 hex digit comments at the beginning and end of the malicious ..
---------------------------------------------
https://blog.sucuri.net/2016/02/massive-admedia-iframe-javascript-infection.html


*** Google plugs Android vulns ***
---------------------------------------------
Happy days if you own a Nexus Five "critical," four "high" severity and one merely "moderate" bug make up the menu of Android security patches, which are now available for Nexus devices and ..
---------------------------------------------
www.theregister.co.uk/2016/02/02/google_plugs_android_vulns/


*** Autonics DAQMaster 1.7.3 DQP Parsing Buffer Overflow Code Execution ***
---------------------------------------------
The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .DQP project file with a large array of bytes inserted in the Description element. Successful exploitation could allow execution of arbitrary code on the affected machine.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5302.php


*** Austrian Mobile Phone Signature is vulnerable against phishing and MitM attacks ***
---------------------------------------------
Talking with various people about the Two Factor Authentication (2FA) which is used in Austria to access public services led to my impression that most people think that the system is really secure. While it is more secure than a simple user/password combination its by far not that secure. In this ..
---------------------------------------------
http://robert.penz.name/1224/austrian-mobile-phone-signature-is-vulnerable-against-phishing-and-mitm-attack/


*** Aktuelle Spamwelle (Dridex) ***
---------------------------------------------
In den letzten Tagen gibt es vermehrt Berichte darüber, dass die Malware Dridex nach einer kurzen Winterpause wieder verstärkt aktiv ist. 
---------------------------------------------
http://www.cert.at/services/blog/20160202110607-1661.html


*** Cyberbetrug bei FACC: Aktionäre fordern Konsequenzen ***
---------------------------------------------
Rasinger: "Das schließt auch personelle Konsequenzen mit ein" – Zeitung: Ablöse von Finanzchefin zu erwarten
---------------------------------------------
http://derstandard.at/2000030230502-375


*** Apache verpetzt möglicherweise Tor Hidden Services ***
---------------------------------------------
In seiner Standard-Konfiguration liefert der beliebte Web-Server-Dienst Informationen, die die Anonymitäts-Versprechen eines Tor Hidden Services gefährden. Diese anonymen Tor-Dienste sind der Kern des oft zitierten "Dark Net".
---------------------------------------------
http://heise.de/-3090218


*** Crash Safari Follow-Up ***
---------------------------------------------
It's been a week since short links to crashsafari.com went viral, and Google has finally killed the most prevalent link (goo.gl/78uQHK). More than three-quarters of a million clicks were made before the short link was disabled for violating ..
---------------------------------------------
https://labsblog.f-secure.com/2016/02/02/crash-safari-follow-up/


*** A1 kämpft seit Samstag gegen Hackerangriffe ***
---------------------------------------------
Ausfälle nach DDoS-Attacken zuerst im mobilen Netz, danach im Festnetz-Internet
---------------------------------------------
http://derstandard.at/2000030190051


*** Targeted IPv6 Scans Using pool.ntp.org ***
---------------------------------------------
IPv6 poses a problem for systems like Shodan, who try to enumerate vulnerabilities Internet-wide. Tools like zmap can scan the IPv4 internet in minutes (or maybe hours), but for IPv6, the same approach will still fail. The smallest IPv6 subnet is a /64, or 18.4 Quintillion addresses. A tool like zmap would ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20681


*** Socat Warns Weak Prime Number Could Mean It's Backdoored ***
---------------------------------------------
Socat published a security advisory warning users that a hard-coded 1024 Diffie-Hellman prime number was not prime, and that an attacker could listen and recover secrets from a key exchange.
---------------------------------------------
http://threatpost.com/socat-warns-weak-prime-number-could-mean-its-backdoored/116104/


*** VU#719736: Fisher-Price Smart Toy platform allows some unauthenticated web API commands ***
---------------------------------------------
The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things (IoT) toy. The device utilizes network connectivity to provide more interactivity with children.
---------------------------------------------
http://www.kb.cert.org/vuls/id/719736


*** Top Exploit Kits Round Up January Edition ***
---------------------------------------------
A look at the top exploit kits.Categories:  ExploitKits(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/exploitkits/2016/02/top-exploit-kits-round-up-january-edition/


*** MailPoet Newsletters <= 2.6.19 - Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8373


*** Hacker wollen bei Nasa eingebrochen sein, um Chemtrails zu beweisen ***
---------------------------------------------
Gruppierung "Anonsec" will 250 GB an Daten erbeutet und Kontrolle über eine Drohne übernommen haben
---------------------------------------------
http://derstandard.at/2000030242744