[CERT-daily] Tageszusammenfassung - Montag 27-06-2016

Daily end-of-shift report team at cert.at
Mon Jun 27 18:06:29 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 24-06-2016 18:00 − Montag 27-06-2016 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl



*** Economical With The Truth: Making DNSSEC Answers Cheap ***
---------------------------------------------
We launched DNSSEC late last year and are already signing 56.9 billion DNS record sets per day. At this scale, we care a great deal about compute cost. One of the ways we ..
---------------------------------------------
https://blog.cloudflare.com/black-lies/




*** Security Advisory: Multiple Wireshark (tshark) vulnerabilities ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/87/sol87669052.html




*** Security Advisory: Multiple Wireshark (tshark) vulnerabilities ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/01/sol01837042.html




*** Option CloudGate Insecure Direct Object References Authorization Bypass ***
---------------------------------------------
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass ..
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5333.php




*** Bart - a new Ransomware ***
---------------------------------------------
Phishme is reporting the discovery of a new ransomwarewhich its creators have named Bart. Bart shares several commonalities with the Locky ransomware. Bart is delivered by thesame downloader, RockLoader. The payment ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21195




*** Zwei populäre Exploit-Kits schlagartig verschwunden ***
---------------------------------------------
Sicherheitsforscher haben seit mehreren Wochen keine Aktivitäten mehr durch die vormals bei Cyber-Ganoven beliebten Exploit-Kits Angler und Nuclear festgestellt.
---------------------------------------------
http://heise.de/-3248999




*** How executives really feel about infosec reports ***
---------------------------------------------
More than half of IT and security executives will lose their jobs as a result of failing to provide useful, actionable information. While the majority of board members say they understand everything they�re being told by IT and security ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/27/executives-infosec-reports/




*** Hackers peer into Uber passenger privates, find and plot trips on maps ***
---------------------------------------------
Brute force efforts reveal 1000 discount codes Three hackers have found eight holes in Uber that could allow fake drivers to be created and user email addresses reveal, ..
---------------------------------------------
www.theregister.co.uk/2016/06/27/hackers_peer_into_uber_passenger_privates_find_and_plot_trips_on_maps/




*** Annual FiRST Conference Wrap-up ***
---------------------------------------------
The 28th FiRST security event was held in - the land of morning calms' capital, Seoul this past June 12-17, 2016. This is the yearly conference for all CERT ..
---------------------------------------------
https://blog.fortinet.com/2016/06/23/annual-first-conference-wrap-up




*** The Threatening Evolution of Exploit Kits ***
---------------------------------------------
Exploit Kits, even more sophisticated and profitable Exploit kits are rapidly evolving, threat actors improve them on a daily basis by adding the code for the exploitation of the most recent vulnerabilities. In October 2015, ..
---------------------------------------------
http://resources.infosecinstitute.com/the-threatening-evolution-of-exploit-kits/




*** Unechte PayLife-Mail: Verdacht auf Ihre letzte Transaktion ***
---------------------------------------------
Mit einer unechten Benachrichtigung von PayLife versuchen Kriminelle, an Kontoinformationen von Opfern zu gelangen. Um das Ziel zu erreichen, behaupten sie, dass es bei der letzten PayLife-Transaktion zu Unstimmigkeiten gekommen sei. Aus ..
---------------------------------------------
https://www.watchlist-internet.at/phishing/unechte-paylife-mail-verdacht-auf-ihre-letzte-transaktion/




*** EU finanziert Code-Review: Open-Source-Projekte gesucht ***
---------------------------------------------
Mit einem Pilotprojekt will die EU die IT-Sicherheit verbessern. Nun sind die Nutzer gefragt: Welches Open Souce-Projekt sollte einen Sicherheits-Check bekommen?
---------------------------------------------
http://heise.de/-3249615




*** How to Backdoor Diffie-Hellman ***
---------------------------------------------
Abstract: Lately, several backdoors in cryptographic constructions, protocols and implementations have been surfacing in the wild: Dual-EC in RSAs B-Safe product, a modified Dual-EC in Junipers operating system ScreenOS and a ..
---------------------------------------------
https://eprint.iacr.org/2016/644




*** The Curious Case of an Unknown Trojan Targeting German-Speaking Users ***
---------------------------------------------
Last week, an unidentified malware was discovered and circulated on Twitter by researcher @JAMES_MHT. Many researchers - including us - were unable to identify the malware so we decided to dig a bit further. In this post, ..
---------------------------------------------
https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users






More information about the Daily mailing list