[CERT-daily] Tageszusammenfassung - Freitag 18-03-2016

Fri Mar 18 18:06:59 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 17-03-2016 18:00 − Freitag 18-03-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Online Banking Threats in 2015: The Curious Case of DRIDEX's Prevalence ***
---------------------------------------------
The thing about takedowns is that these do not necessarily wipe out the cybercriminal operations. In 2014, the ZeroAccess takedown has affected the botnet's click fraud operation, but its infections continued to soar. DRIDEX's ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/curious-case-dridexs-prevalence/


*** Mitre Takes On Critics, Set To Revamp CVE Vulnerability Reporting ***
---------------------------------------------
Mitre Corporation will introduce a pilot program for classifying CVEs in response to critics who contend the agency is failing to keep pace with a massive influx CVE number requests.
---------------------------------------------
http://threatpost.com/mitre-takes-on-critics-set-to-revamp-cve-vulnerability-reporting/116858/


*** Server Security: Indicators of Compromised Behavior with OSSEC ***
---------------------------------------------
We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, rootkit detection, ..
---------------------------------------------
https://blog.sucuri.net/2016/03/server-security-anomaly-behaviour-with-ossec.html


*** No mas, Samas: What's in this ransomware's modus operandi? ***
---------------------------------------------
We've seen how ransomware managed to become a threat category that sends consumers and enterprise reeling when it hits them. It has become a high-commodity malware that is used as payload to spam email, macro malware, and exploit kit campaigns. It also digs onto victims' pockets in exchange for ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/03/17/no-mas-samas-whats-in-this-ransomwares-modus-operandi/


*** ABB Panel Builder 800 DLL Hijacking Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a DLL Hijacking vulnerability in the ABB Panel Builder 800 Version 5.1 application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-077-01


*** Apache ActiveMQ Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1035328


*** Apache ActiveMQ Lets Remote Users Conduct Clickjacking Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1035327


*** Android adware infiltrates devices' firmware, Trend Micro apps ***
---------------------------------------------
Dubbed Gmobi by Dr. Web researchers, the malware comes in the form of a software development kit (SDK), and has been found in several legitimate applications by well-known companies, as well as in firmware for nearly 40 mobile ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/03/18/android-adware-infiltrates-devices-firmware/


*** SSA-151221 (Last Update 2016-03-18): Incorrect File Permissions in APOGEE Insight ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-151221.pdf


*** [HTB23293]: Remote Code Execution via CSRF in iTop ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered a Remote Code Execution vulnerability in iTop that is exploitable via Cross-Site Request Forgery flaw that is also present ..
---------------------------------------------
https://www.htbridge.com/advisory/HTB23293


*** Lets Encrypt tritt CA/Browser Forum bei ***
---------------------------------------------
Der nächste Schritt hin zu einer anerkannten Zertifizierungsstelle ist getan: Als Mitglied im CA/Browser Forum bewegt sich Let's Encrypt nun auf Augenhöhe mit Comodo, Symantec & Co.
---------------------------------------------
http://heise.de/-3144202


*** Auch DDR4-Speicher für Bitflips anfällig ***
---------------------------------------------
Offenbar sind mehr Arbeitsspeicher-Varianten für den Rowhammer-Angriff verwundbar, als bislang gedacht. Forscher haben jetzt einen Angriff auf DDR4-Speicher vorgestellt, auch professionelle Serverspeicher sollen betroffen sein. 
---------------------------------------------
http://www.golem.de/news/rowhammer-auch-ddr4-speicher-fuer-bitflips-anfaellig-1603-119869.html


*** Sicherheits-Updates für Symantecs Endpoint Protection ***
---------------------------------------------
Drei Lücken schließt das aktuelle Update für Symantecs Endpoint Protection (SEP), darunter eine SQL Injection.
---------------------------------------------
http://heise.de/-3144528


*** Biometrics not a magic infosec bullet for web banking, warns GCHQ bloke ***
---------------------------------------------
You can change a password. You cant change fingerprints Around the world, banks are implementing biometric authentication systems for their customers as fraud cases increase - but experts warn biometrics should not be treated like a silver bullet for ID ..
---------------------------------------------
www.theregister.co.uk/2016/03/18/biometrics_not_answer_online_banking_security_gchq_cesg_allgrove/


*** Security: Neuer Stagefright-Exploit betrifft Millionen Android-Geräte ***
---------------------------------------------
Stagefright bedroht viele nach wie vor ungepatchte Android-Geräte weltweit, gilt aber als schwierig auszunutzen. Eine neue Technik erfordert etwas Infrastruktur, dürfte aber größere praktische Relevanz haben. 
---------------------------------------------
http://www.golem.de/news/security-neuer-stagefright-exploit-betrifft-millionen-android-geraete-1603-119875.html


*** DDoS-Attacken auf Schweizer Websites ***
---------------------------------------------
In der Schweiz gab es in der vergangenen Woche eine Reihe von DDoS-Angriffen auf Online-Shops, die Schweizerischen Bundesbahnen und Finanzinstitute. In einem Fall wurden ..
---------------------------------------------
http://heise.de/-3144854