[CERT-daily] Tageszusammenfassung - Donnerstag 21-01-2016

Thu Jan 21 18:11:58 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 20-01-2016 18:00 − Donnerstag 21-01-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Asacub Android Trojan: Financial fraud and information stealing ***
---------------------------------------------
Asacub is a new malware that targets Android users for financial gain. When first identified, Asacub displayed all the signs of an information stealing malware; however, some versions of the Trojan ar...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=3190


*** TeslaCrypt Decrypted: Flaw in TeslaCrypt allows Victims to Recover their Files ***
---------------------------------------------
For a little over a month, researchers and previous victims have been quietly helping TeslaCrypt victims get their files back using a flaw in the TeslaCrypts encryption key storage algorithm. The information that the ransomware could be decrypted was being kept quiet so that that the malware developer would not learn about it and fix the flaw. Since the recently released TeslaCrypt 3.0 has fixed this flaw, we have decided to publish the information on how a victim could...
---------------------------------------------
http://www.bleepingcomputer.com/news/security/teslacrypt-decrypted-flaw-in-teslacrypt-allows-victims-to-recover-their-files/


*** El Chapos Opsec ***
---------------------------------------------
Ive already written about Sean Penns opsec while communicating with El Chapo. Heres the technique of mirroring, explained: El chapo then switched to a complex system of using BBM (Blackberrys Instant Messaging) and Proxies. The way it worked was if you needed to contact The Boss, you would send a BBM text to an intermediary (who would spend his days...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/01/el_chapos_opsec.html


*** Cyber fraudsters steal over $50 million from airplane systems manufacturer ***
---------------------------------------------
Austrian company FACC, which develops and produces components and systems made of composite materials for aircraft and aircraft engine manufacturers such as Boeing and Airbus, has been hit by hackers who managed to steal approximately 50 million euros (around $54,5 million).
---------------------------------------------
http://www.net-security.org/secworld.php?id=19356
http://www.net-security.org/secworld.php?id=18808 (An emerging global threat: BEC scams hitting more and more businesses)


*** Linux-Root-Exploit: Android-Bedrohung überschaubar ***
---------------------------------------------
Ein Mitglied des Android-Sicherheitsteams geht davon aus, dass nur wenige Android-Versionen durch die lokale Rechtausweitungslücke im Linux-Kernel verwundbar sind. Ein Patch ist in Arbeit.
---------------------------------------------
http://heise.de/-3080760


*** Captive-Portals: Das iPhone verrät Cookies ***
---------------------------------------------
Die Nutzung von WLANs mit Captive-Portals kann für iPhone-Nutzer zur Sicherheitsgefahr werden. Einen entsprechenden Bug haben israelische Sicherheitsforscher gefunden. Apple hat die Sicherheitslücke mittlerweile behoben.
---------------------------------------------
http://www.golem.de/news/captive-portals-das-iphone-verraet-cookies-1601-118672-rss.html


*** Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices ***
---------------------------------------------
Your conference room, a watchful protector."AMX (www.amx.com) is part of the HARMAN Professional Division, and the leading brand for the business, education, and government markets for the company. As such, AMX is dedicated to integrating AV solutions for an IT World. AMX solves the complexity of managing technology with reliable, consistent and scalable systems comprising control and automation, system-wide switching and AV signal distribution, digital signage and technology management.
---------------------------------------------
http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html


*** "Ermittlungen" ***
---------------------------------------------
"Ermittlungen" | 21. Jänner 2016 | Wir (mit Hut GovCERT) sind mal wieder vor Ort im Einsatz und helfen einer Organisation bei der Ursachenforschung und bei der Wiederherstellung der Services nach einem Sicherheitsvorfall. So weit so gut, dafür sind wir da, das ist unsere Aufgabe. Die Strafverfolgung ist aber definitiv nicht unsere Aufgabe. Das ist ganz klar und da behauptet auch keiner was anderes. Problematisch wird es dann, wenn Begriffe verwendet werden, die im normalen...
---------------------------------------------
http://www.cert.at/services/blog/20160121173915-1656.html


*** OpenVAS Greenbone Security Assistant Cross Site Scripting ***
---------------------------------------------
Topic: OpenVAS Greenbone Security Assistant Cross Site Scripting Risk: Low Text:Vulnerability information Date: 13th January 2016 Product: Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 Vendor:...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016010133


*** Security Advisory: BIG-IP file validation vulnerability CVE-2015-8021 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49580002.html?ref=rss


*** Security Advisory: SNTP vulnerability CVE-2015-5219 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/60/sol60352002.html?ref=rss


*** LiteSpeed Web Server Input Validation Flaw Lets Remote Users Inject HTTP Headers ***
---------------------------------------------
http://www.securitytracker.com/id/1034746


*** DFN-CERT-2016-0118: Moodle: Zwei Schwachstellen ermöglichen u.a. einen Cross-Site-Scripting-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0118/