[CERT-daily] Tageszusammenfassung - Montag 2-05-2016

Daily end-of-shift report team at cert.at
Mon May 2 18:07:04 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 29-04-2016 18:00 − Montag 02-05-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** DSA-3561 subversion - security update ***
---------------------------------------------
Several vulnerabilities were discovered in Subversion, a version controlsystem. The Common Vulnerabilities and Exposures project identifies thefollowing problems:
---------------------------------------------
https://www.debian.org/security/2016/dsa-3561




*** Google Patches 9 Security Flaws in New Chrome Browser Build ***
---------------------------------------------
Five Chrome bug bounty hunters split $14,000 in rewards as Google patches nine security flaws in its browser, four are labeled 'high'.
---------------------------------------------
http://threatpost.com/google-patches-9-security-flaws-in-new-chrome-browser-build/117747/




*** Cloned Websites Stealing Google Rankings ***
---------------------------------------------
We often speak of black hat SEO tactics and content scraping sites are just one example of such tactics. Scraping is the act of copying all content from a website using automated scripts, usually with the intention of stealing ..
---------------------------------------------
https://blog.sucuri.net/2016/04/cloned-website-stealing-google-rankings-seo-serp.html




*** Lizard Squad Ransom Threats: New Name, Same Faux Armada Collective M.O. ***
---------------------------------------------
[...] Beginning late Thursday evening (Pacific Standard Time) several CloudFlare customers began to receive threatening emails from a "new" group calling itself the 'Lizard Squad'. These emails have a similar modus operandi to the previous ransom emails. This group was threatenin ..
---------------------------------------------
https://blog.cloudflare.com/lizard-squad-ransom-threats-new-name-same-faux-armada-collective-m-o-2/




*** Cyber Security Challenge: Wettbewerb für "Nachwuchs-Hacker" startet am 2. Mai ***
---------------------------------------------
Ab sofort sind Schüler und Studenten wieder aufgerufen, sich den Online-Prüfungen der Cyber Security Challenge zu stellen. Die Qualifikationsphase läuft bis zum 1. August, das deutsche Finale findet Ende September in Berlin statt.
---------------------------------------------
http://heise.de/-3194493




*** Crypto-ransomware Gains Footing in Corporate Grounds, Gets Nastier for End Users ***
---------------------------------------------
In the first four months of 2016, we have discovered new families and variants of ransomware, seen their vicious new routines, and witnessed threat actors behind these operations upping the ransomware game to new heights. All these developments further establish crypto-ransomware as a ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/crypto-ransomware-gains-footing-in-corporate-grounds-gets-nastier-for-end-users/




*** Schwarzmarkt: Preis für mobile Malware zieht an ***
---------------------------------------------
Sicherheitsforschern zufolge floriert der Handel mit mobiler Malware. Der Anbieter des Android-Trojaners GM Bot zieht indes die Preise auf Malware-Marktplätzen spürbar an.
---------------------------------------------
http://heise.de/-3195382




*** Practical Reverse Engineering Part 2 - Scouting the Firmware ***
---------------------------------------------
In part 1 we found a debug UART port that gave us access to a linux shell. At this point we've got the same access to the router that a developer would use to debug issues, control the system, etc.
---------------------------------------------
http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/




*** Ernste Sicherheitslücke in Ubuntus neuem Paketformat Snap geschlossen ***
---------------------------------------------
Ubuntus neues Paketformat Snap sorgt erneut für Aufsehen: Nun haben die Entwickler einen Schreibfehler im Code entfernt, der Angreifern das Ausführen von beliebigem Schadcode ermöglicht hatte.
---------------------------------------------
http://heise.de/-3195532






More information about the Daily mailing list