[CERT-daily] Tageszusammenfassung - Donnerstag 23-06-2016

Thu Jun 23 18:04:33 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 22-06-2016 18:00 − Donnerstag 23-06-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** After Angler: Shift in Exploit Kit Landscape and New Crytpo-Ransomware Activity ***
---------------------------------------------
Early this year, we reported that in 2015, Angler came out as the top exploit kit, having contributed 59.5% in the total exploit kit activity for the year. Now, there's barely any pulse left.After the arrest of 50 people accused of using malware to steal US$25 million, it is interesting to ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/angler-shift-ek-landscape-new-crytpo-ransomware-activity


*** ZDI-16-373: Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery. Authentication is required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-373/


*** Fraudsters are Buying IPv4 Addresses ***
---------------------------------------------
IPv4 addresses are valuable, so criminals are figuring out how to buy or steal them.Hence criminals interest in ways to land themselves IP addresses, some of which were detailed this week by ARINs senior director of global registry knowledge, Leslie Nobile, at the North American Network Operators ..
---------------------------------------------
https://www.schneier.com/blog/archives/2016/06/fraudsters_are_.html


*** WordPress 4.5.3 release mends eight security flaws, 17 bugs ***
---------------------------------------------
WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs.
---------------------------------------------
http://www.scmagazine.com/wordpress-453-release-mends-eight-security-flaws-17-bugs/article/504905/


*** Cisco Unified Contact Center Enterprise Web-Based Management Interface Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-ucce


*** Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-esa


*** TLS Certificate Validation Vulnerability in Citrix iOS Receiver ***
---------------------------------------------
http://support.citrix.com/article/CTX213998


*** Rise of Darknet Stokes Fear of The Insider ***
---------------------------------------------
With the proliferation of shadowy black markets on the so-called "darknet" -- hidden crime bazaars that can only be accessed through special software that obscures ones true location online -- it has never been easier for disgruntled employees to harm their current or former employer. At least, this is the fear driving a growing stable of companies seeking technical solutions to detect would-be insiders.
---------------------------------------------
http://krebsonsecurity.com/2016/06/rise-of-darknet-stokes-fear-of-the-insider/


*** Linux Kernel ROP - Ropping your way to # (Part 2) ***
---------------------------------------------
Introduction In Part 1 of this tutorial, we have demonstrated how to find useful ROP gadgets and build a privilege escalation ROP chain for our test system (3.13.0-32 kernel - Ubuntu 12.04.5 LTS). We have also developed a vulnerable kernel ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP---Ropping-your-way-to---(Part-2)/


*** Kritische Sicherheitslücken in libarchive gefährden FreeBSD & Co. ***
---------------------------------------------
Sicherheitsforscher entdecken drei schwerwiegende Sicherheitslücken in der Open-Source-Biblitohek libarchive. Patches stehen noch nicht nicht für alle Tools bereit, die auf libarchive setzen.
---------------------------------------------
http://heise.de/-3246535


*** Krypto-Trojaner Cerber: Angebliche Mediamarkt-Bestellung kommt Empfänger teuer zu stehen ***
---------------------------------------------
Online-Erpresser verschicken derzeit Mails, die vorgeben, dass ein bei Mediamarkt.de besteller Artikel in Kürze geliefert wird. Wer die Bestellung einsehen oder stornieren will, handelt sich einen Krypto-Trojaner ein.
---------------------------------------------
http://heise.de/-3246780


*** RFC 7905: ChaCha20-Verschlüsselung für TLS standardisiert ***
---------------------------------------------
Mit RFC 7905 gibt es nun eine Spezifikation, um den Verschlüsselungsalgorithmus ChaCha20 im Poly1305-Modus in TLS zu nutzen. Der von Dan Bernstein entwickelte Algorithmus ist insbesondere auf ..
---------------------------------------------
http://www.golem.de/news/rfc-7905-chacha20-verschluesselung-fuer-tls-standardisiert-1606-121706.html


*** Apple gibt erstmals Einblick in Kern von iPhone-Betriebssystem iOS10 ***
---------------------------------------------
In der Beta-Variante der nächsten Version iOS 10 ist der Kernel nicht verschlüsselt
---------------------------------------------
http://derstandard.at/2000039668786


*** Unpatched Remote Code Execution Flaw Exists in Swagger ***
---------------------------------------------
Researchers at Rapid7 found a vulnerability in the Swagger Code Generator that could execute arbitrary code embedded in a Swagger document.
---------------------------------------------
http://threatpost.com/unpatched-remote-code-execution-flaw-exists-in-swagger/118867/


*** Redefining how we share our security data. ***
---------------------------------------------
Red Hat Product Security has long provided various bits of machine-consumable information to customers and users via our Security Data page. Today we are pleased to announce that we have made it even easier to access and ..
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2387601


*** Defending Our Brand ***
---------------------------------------------
Some months ago, it came to our attention that Comodo Group, Inc., is attempting to register at least three trademarks for the term "Let's Encrypt" for a variety of CA-related services. These trademark applications were ..
---------------------------------------------
https://letsencrypt.org//2016/06/23/defending-our-brand.html


*** Fünf Millionen Zertifikate: Lets Encrypt wächst rasant ***
---------------------------------------------
Innerhalb von drei Monaten hat Let's Encrypt die Gesamtanzahl von kostenlos ausgestellten SSL-/TLS-Zertifikaten verfünffacht.
---------------------------------------------
http://heise.de/-3247077