[CERT-daily] Tageszusammenfassung - Donnerstag 2-06-2016

Thu Jun 2 18:04:56 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 01-06-2016 18:00 − Donnerstag 02-06-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** DSA-3591 imagemagick - security update ***
---------------------------------------------
Bob Friesenhahn from the GraphicsMagick project discovered a commandinjection vulnerability in ImageMagick, a program suite for imagemanipulation. An attacker with control on input image or the inputfilename can execute arbitrary commands with the privileges of the userrunning the application.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3591


*** Lenovo advises users to remove a vulnerable support tool preinstalled on their systems ***
---------------------------------------------
PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems.The vulnerable tool is called ..
---------------------------------------------
http://www.csoonline.com/article/3077935/security/lenovo-advises-users-to-remove-a-vulnerable-support-tool-preinstalled-on-their-systems.html


*** Opening hours - Moderately Critical - XSS - SA-CONTRIB-2016-031 ***
---------------------------------------------
https://www.drupal.org/node/2738707


*** DSA-3592 nginx - security update ***
---------------------------------------------
It was discovered that a NULL pointer dereference in the Nginx coderesponsible for saving client request bodies to a temporary file mightresult in denial of service: Malformed requests could crash workerprocesses.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3592


*** Researchers spot 35-fold increase in newly observed ransomware domains ***
---------------------------------------------
A record 35-fold increase in newly observed ransomware domains compared to the fourth quarter of 2015 have been spotted by Infoblox researchers.
---------------------------------------------
http://www.scmagazine.com/infoblox-researchers-spotted-a-huge-uptick-in-dns-based-malware-domains/


*** Yahoo Publishes National Security Letters After FBI Drops Gag Orders ***
---------------------------------------------
Yahoo just became the first company to disclose that it has received NSLs without having to go to court to do so.
---------------------------------------------
http://www.wired.com/2016/06/yahoo-publishes-national-security-letters-fbi-drops-gag-orders/


*** Docker Containers Logging ***
---------------------------------------------
In a previous diary, Jim talked about forensic operations against Docker containers. To be able to perform investigations after an incident, we must have some ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21121


*** Die meisten Android-Virenscanner sind unsicher ***
---------------------------------------------
Eigentlich sollte AV-Software das Smartphone vor Schadcode schützen. Wie Forscher nun festgestellt haben, weisen viele Virenjäger für Android allerdings selbst eklatante Sicherheitsmängel auf.
---------------------------------------------
http://heise.de/-3225169


*** Trend Micro enterprise products multiple vulnerabilities ***
---------------------------------------------
Multiple enterprise products provided by Trend Micro Incorporated contain multiple vulnerabilities.
---------------------------------------------
http://jvn.jp/en/jp/JVN48847535/


*** Trend Micro Internet Security multiple vulnerabilities ***
---------------------------------------------
Trend Micro Internet Security provided by Trend Micro Incorporated contains multiple vulnerabilities.
---------------------------------------------
http://jvn.jp/en/jp/JVN48789425/


*** Mitnick Attack Reappears at GeekPwn Macau Contest ***
---------------------------------------------
Cao Yue, a Ph.D. student from University of California, Riverside, delivered a stunning show at the GeekPwn 2016 Macau Contest on May 12 attended by top-caliber white hat hackers worldwide. Cao succeeded in remotely hijacking TCP connections at his random choice.
---------------------------------------------
http://www.prnewswire.com/news-releases/mitnick-attack-reappears-at-geekpwn-macau-contest-300270779.html


*** Hacker Lexicon: What Is Fuzzing? ***
---------------------------------------------
Sometimes hacking isnt about taking a program apart: Its about throwing random objects at it to see what breaks.
---------------------------------------------
http://www.wired.com/2016/06/hacker-lexicon-fuzzing/


*** [2016-06-02] Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway ***
---------------------------------------------
The firmware for the cable modem Ubee EVW3226 contains multiple critical vulnerabilities, which can be exploited to gain full system-level access to the device. This allows for inspection, modification and redirection of traffic.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160602_Ubee_EVW3226_Multiple_critical_vulnerabilities_v10.txt


*** IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activityon SCADA Systems ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html


*** TeamViewer users claim accounts hacked ***
---------------------------------------------
TeamViewer is a remote desktop connection software that allows users to share screens and allow remote access from anywhere in the world. In the past 24 hours, many customers ..
---------------------------------------------
http://www.inquisitr.com/3156809/teamviewer-accounts-hacked-users-claim/


*** Erpresser-Mails drohen mit Rufschädigung über Social Media ***
---------------------------------------------
Erpresser machen sich die Berichterstattung über aktuelle Hackerangriffe zunutze, um Droh-Mails zu verschicken, in denen sie den Opfern damit drohen, sensible Informationen auf deren Online-Konten zu veröffentlichen.
---------------------------------------------
http://heise.de/-3225619


*** 93% Of Phishing Emails Are Now Ransomware ***
---------------------------------------------
According to the latest data from security firm PhishMe, 93% of all phishing emails as of the end of March contained encryption ransomware. The numbers ..
---------------------------------------------
https://tech.slashdot.org/story/16/06/02/1356241/93-of-phishing-emails-are-now-ransomware


*** How Russian cybercrime bosses crafted a ransomware empire out of an economic crisis ***
---------------------------------------------
Amid a crashing ruble and shaken markets due to global sanctions over Russian president Vladimir Putins ..
---------------------------------------------
http://www.neowin.net/news/how-russian-cybercrime-bosses-crafted-a-ransomware-empire-out-of-an-economic-crisis


*** XSA-178 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-178.html


*** XSA-175 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-175.html