[CERT-daily] Tageszusammenfassung - Dienstag 12-01-2016

Tue Jan 12 18:03:44 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 11-01-2016 18:00 − Dienstag 12-01-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Angler Exploit Kit Continues to Evade Detection: Over 90,000 Websites Compromised ***
---------------------------------------------
Exploit Kits (EK), arguably the most impactful malicious infrastructure on the Internet, constantly evolve to evade detection by security technology. Tremendous effort has been spent on tracking new variations of different EK families. In ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/01/angler-exploit-kit-continues-to-evade-detection-over-90000-websites-compromised/


*** Mac OS X, iOS, and Flash Had the Most Discovered Vulnerabilities in 2015 ***
---------------------------------------------
Interesting analysis: Which software had the most publicly disclosed vulnerabilities this year? The winner is none other than Apples Mac OS X, with 384 vulnerabilities. The runner-up? Apples iOS, with 375 vulnerabilities. Rounding out the top five are Adobes Flash Player, with 314 vulnerabilities; Adobes AIR ..
---------------------------------------------
https://www.schneier.com/blog/archives/2016/01/mac_os_x_ios_an.html


*** DSA-3440 sudo - security update ***
---------------------------------------------
When sudo is configured to allow a user to edit files under a directory that they can already write to without using sudo, they can actuallyedit (read and write) arbitrary files. Daniel Svartman reported that aconfiguration like this might ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3440


*** Ransom32 - look at the malicious package ***
---------------------------------------------
Ransom32 is a new ransomware implemented in a very atypical style. In our post, we will focus on some implementation details of the malicious package.
---------------------------------------------
https://blog.malwarebytes.org/intelligence/2016/01/ransom32-look-at-the-malicious-package/


*** Say 'Cyber' again - Ars cringes through CSI: Cyber ***
---------------------------------------------
CBS endangered cyber-procedural: Plane hacking! Software defined radio! White noise! OMG!
---------------------------------------------
http://arstechnica.com/the-multiverse/2016/01/say-cyber-again-ars-cringes-through-csi-cyber/


*** McAfee Application Control - The dinosaurs want their vuln back ***
---------------------------------------------
The experts of the SEC Consult Vulnerability Lab conducted research in the field of the security of application whitelisting in critical infrastructures. In the course of that research the security of McAfee Application Control was checked.The experts developed several methods to bypass the provided protections ..
---------------------------------------------
http://blog.sec-consult.com/2016/01/mcafee-application-control-dinosaurs.html


*** (ISC)2 SecureAustria ***
---------------------------------------------
How can we know what we are protecting if we struggle to understand and keep up with how we and our organizations are changing? It�s time to get a grip on the far-reaching and fundamental changes that are occurring in business today.
---------------------------------------------
https://www.sba-research.org/events/isc2-secureaustria/


*** Sicherheit: Aus für alte IE-Versionen trifft jeden fünften Webnutzer ***
---------------------------------------------
Über die Jahre hat Microsoft eine Fülle unterschiedlicher Versionen des Internet Explorers veröffentlicht. Nun entledigt man sich der Support-Pflichten für einen großen Teil derselben: Ab sofort liefert Microsoft keinerlei Updates mehr für Internet Explorer 8 bis 10.
---------------------------------------------
http://derstandard.at/2000028882047


*** Cops Say They Can Access Encrypted Emails on So-Called PGP BlackBerrys ***
---------------------------------------------
Dutch investigators have confirmed to Motherboard that they are able to read encrypted messages sent on PGP BlackBerry phones�custom, security-focused BlackBerry devices that come complete with an encrypted email feature, and which reportedly may be used by organized criminal groups.
---------------------------------------------
https://motherboard.vice.com/read/cops-say-they-can-access-encrypted-emails-on-so-called-pgp-blackberrys


*** Ongoing Sophisticated Malware Campaign Compromising ICS (Update C) ***
---------------------------------------------
This alert update is a follow-up to the updated NCCIC/ICS-CERT Alert titled ICS-ALERT-14-281-01B Ongoing Sophisticated Malware Campaign Compromising ICS that was published December 10, 2014, on the ICS-CERT web site. | ICS-CERT has identified a sophisticated malware campaign that has compromised numerous ..
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-281-01B


*** Experts warn Neutrino and RIG exploit kit activity spike ***
---------------------------------------------
Security experts at Heimdal Security are warning a spike in cyber attacks leveraging the popular Neutrino and RIG exploit kit. Cyber criminals always exploit new opportunities and users' bad habits, now crooks behind the recent campaigns relying on Neutrino and RIG exploit kits are ramping up attacks ..
---------------------------------------------
http://securityaffairs.co/wordpress/43482/cyber-crime/neutrino-rig-exploit-kit.html


*** Group using DDoS attacks to extort business gets hit by European law enforcement ***
---------------------------------------------
On 15 and 16 December, law enforcement agencies from Austria, Bosnia and Herzegovina, Germany and the United Kingdom joined forces with Europol in the framework of an operation against the ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19314


*** Schwere Sicherheitslücken im Passwort-Manager von Trend Micro ***
---------------------------------------------
Google-Forscher Tavis Ormandy deckt wieder einmal Schwachstellen in Anti-Viren-Software auf. Bei Trend Micro stellt er konsterniert fest: "Das Lächerlichste, was ich je gesehen habe."
---------------------------------------------
http://heise.de/-3069140


*** UPC: Standard-WLAN-Passwörter kinderleicht zu knacken ***
---------------------------------------------
Neuer Hack erlaubt Berechnung basierend auf der ESSID – UPC prüft Klage gegen Sicherheitsforscher.
---------------------------------------------
http://derstandard.at/2000028921659


*** An Easy Way for Hackers to Remotely Burn Industrial Motors ***
---------------------------------------------
Devices that control the speed of industrial motors operating water plant pumps and other equipment can be remotely hacked and destroyed.
---------------------------------------------
http://www.wired.com/2016/01/an-easy-way-for-hackers-to-remotely-burn-industrial-motors/