[CERT-daily] Tageszusammenfassung - Donnerstag 30-06-2016

Thu Jun 30 18:04:26 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 29-06-2016 18:00 − Donnerstag 30-06-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Multiple vulnerabilities in Foxit Reader ***
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/dKs5CcUo7Us
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/XgoemmeT0GY
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/XNek5RDVxp0
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/5xiMJFpDb9o
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/BO1ORv21ejs
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Yvk8m_ilMEE
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/BEv0AHg6Das
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/wgd366hnP7k
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/XfbdbhhiNGQ
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/mGq36S5AkiI
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/-_uz9VtYDFE
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/2K_wjeRUsls


*** DSA-3608 libreoffice - security update ***
---------------------------------------------
Aleksandar Nikolic discovered that missing input sanitising in the RTFparser in Libreoffice may result in the execution of arbitrary code ifa malformed documented is opened.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3608


*** Ransomware auf Smartphones hat sich vervierfacht ***
---------------------------------------------
Erpresserische Schadsoftware auf Android-Smartphones ist laut einer Untersuchung von Kaspersky innerhalb eines Jahres um das Vierfache gestiegen.
---------------------------------------------
http://futurezone.at/digital-life/ransomware-auf-smartphones-hat-sich-vervierfacht/207.144.693


*** Malware Authors Adopt CEO Fraud Techniques ***
---------------------------------------------
CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers recently. These scams use the power of the CEOs name to try and elicit a ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Malware-Authors-Adopt-CEO-Fraud-Techniques/


*** CEO Fraud Scams and How to Deal With Them at the Email Gateway ***
---------------------------------------------
Email scams known as "CEO Fraud" are very common right now. They are a type of "Business Email Compromise" (BEC). There have ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/CEO-Fraud-Scams-and-How-to-Deal-With-Them-at-the-Email-Gateway/


*** Datenleck bei Terrordatenbank ***
http://futurezone.at/digital-life/datenleck-bei-terrordatenbank/207.148.569


*** Phishing Campaign with Blurred Images, (Wed, Jun 29th) ***
---------------------------------------------
For a few days, Im seeing a lot of phishing emails that try to steal credentials from victims. Well, nothing brand new but,this time, the scenario is quite different : The ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21207


*** DSA-3609 tomcat8 - security update ***
---------------------------------------------
Multiple security vulnerabilities have been discovered in the Tomcatservlet and JSP engine, which may result in information disclosure, thebypass of CSRF protections, bypass of the SecurityManager or denial ofservice.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3609


*** Rooting Hummer malware brings $500,000 per day to its creator ***
---------------------------------------------
Android malware with device rooting capabilities has been hitting Google Play for a while now, but for users third-party app stores the situation is even more dangerous. The Hummer malware family Hummer, an Android Trojan ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/30/rooting-hummer-malware/


*** StartEncrypt considered harmful today ***
---------------------------------------------
Recently, one of our hackers (Thijs Alkemade) found a critical vulnerability in StartCom's new StartEncrypt tool, that allows an attacker to gain valid SSL certificates ..
---------------------------------------------
https://www.computest.nl/blog/startencrypt-considered-harmful-today/


*** Wasserwaagen-App: Android-Trojaner im Play Store installiert ungewollt Apps ***
---------------------------------------------
http://www.golem.de/news/wasserwagen-app-android-trojaner-im-play-store-installiert-ungewollt-apps-1606-121851.html


*** SBA Research got COMET ***
---------------------------------------------
We are proud to announce that SBA Research got COMET funding for the next four years! Read the press release here.
---------------------------------------------
https://www.sba-research.org/2016/06/30/sba-research-got-comet/


*** Fileless Malware - A Behavioural Analysis Of Kovter Persistence ***
---------------------------------------------
During a recent talk by a representative of MalwareBytes, it was discussed that several modern malware families, notable Poweliks, Phase Bot and Kovter are moving away ..
---------------------------------------------
http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE-%E2%80%93-A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE


*** What media companies don't want you to know about ad blockers ***
---------------------------------------------
[...] Thompson did not say one word in his keynote address about the significant security benefits of ad blockers, which is ironic, because his paper was one of ..
---------------------------------------------
http://www.cjr.org/opinion/ad_blockers_malware_new_york_times.php


*** Passwort-Cracker hashcat versucht sich an Android und VeraCrypt ***
---------------------------------------------
Version 3.00 des Passwort-Knackers hashcat knackt weitere Dateiformate ..
---------------------------------------------
http://heise.de/-3251874