[CERT-daily] Tageszusammenfassung - Donnerstag 25-02-2016

Daily end-of-shift report team at cert.at
Thu Feb 25 18:22:12 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 24-02-2016 18:00 − Donnerstag 25-02-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a



*** Neue Virenwelle: Krypto-Trojaner Locky tarnt sich als Fax ***
---------------------------------------------
Der gefährliche Erpressungs-Trojaner wird seit kurzem über Mails verbreitet, die vorgeben, dass der Empfänger ein Fax erhalten hat. Die Virenscanner können mit der aktuellen Locky-Fassung noch nicht viel anfangen.
---------------------------------------------
http://heise.de/-3117249




*** Eavesdropping by the Foscam Security Camera ***
---------------------------------------------
Brian Krebs has a really weird story about the build-in eavesdropping by the Chinese-made Foscam security camera: Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware.
---------------------------------------------
https://www.schneier.com/blog/archives/2016/02/eavesdropping_b_1.html




*** Behind the Malware - Botnet Analysis ***
---------------------------------------------
While analyzing our website firewall logs we discovered an old vulnerability in the RevSlider plugin being retargeted. RevSlider, the plugin whose vulnerability led to massive website compromises in 2015, was being leveraged again in an attempt to infect websites over a year since its initial disclosure. The original hack required sending an AJAX request containing the action revslider_ajax_action to ...
---------------------------------------------
https://blog.sucuri.net/2016/02/behind-the-malware-botnet-analysis.html




*** Cisco FirePOWER Management Center Unauthenticated Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the Cisco FirePOWER Management Center software version from the device login page.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-fmc




*** Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001 ***
---------------------------------------------
Advisory ID: SA-CORE-2016-001
Project: Drupal core
Version: 6.x, 7.x, 8.x
Date: 2016-February-24
Security risk: 15/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All
Vulnerability: Multiple vulnerabilities
---------------------------------------------
https://www.drupal.org/SA-CORE-2016-001




*** OpenSSL kündigt Patches für Sicherheitslücken an ***
---------------------------------------------
Administratoren, auf dessen Servern die beliebte Kryptobibliothek für SSL/TLS-Verbindungen zum Einsatz kommt, müssen am Dienstag wieder mal patchen.
---------------------------------------------
http://heise.de/-3117855




*** Critical Vulnerabilities in Palo Alto Networks PAN-OS , (Thu, Feb 25th) ***
---------------------------------------------
Yesterday, Palo Alto Networks released an update to PAN-OS, which addresses five different vulnerabilities [1]. The security researcher who identified the vulnerabilities will publish details about these issues at a conference on March 16th. You MUST patch affected systems before that date. Two of the vulnerabilities appear to be in particular dangerous, and affected devices should be patched immediately. 
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20767&rss




*** Malicious websites exploit Silverlight bug that can pwn Macs and Windows ***
---------------------------------------------
Malicious websites are exploiting a recently fixed vulnerability in Microsoft's Silverlight application framework to perform drive-by malware attacks on vulnerable visitor devices, a security researcher has determined.
The critical code-execution vulnerability, which Microsoft patched last month, was actively exploited for two years in attack code owned by Italy-based exploit broker Hacking Team.
---------------------------------------------
http://arstechnica.com/security/2016/02/malicious-websites-exploit-silverlight-bug-that-can-pwn-macs-and-windows/






More information about the Daily mailing list