[CERT-daily] Tageszusammenfassung - Dienstag 17-05-2016

Tue May 17 18:06:14 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 13-05-2016 18:00 − Dienstag 17-05-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Panama Papers: the result of neglected IT security ***
---------------------------------------------
The financial, legal and political world have been turned upside down by the Panama Papers. But how on earth was it possible to steal 2.6 terabytes of data from Mossack Fonseca?
---------------------------------------------
https://blog.gdatasoftware.com/2016/05/28239-panama-papers-the-result-of-neglected-it-security


*** Yahoo-owned Tumblr announces email credential compromise ***
---------------------------------------------
Tumblr announced Thursday that a third party accessed a set of Tumblr user email addresses with salted and hashed passwords.
---------------------------------------------
http://www.scmagazine.com/tumblr-announces-email-credentials-compromised/article/496286/


*** CVE-2016-4117: Flash Zero-Day Exploited in the Wild ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html


*** "Bösartiges Design": Wie Webseiten Nutzer reinlegen und betrügen ***
---------------------------------------------
Skrupellose Abzock-Praktiken stehen immer mehr unter Kritik, etwa das automatische Anklicken von Abonnements
---------------------------------------------
http://derstandard.at/2000037009828


*** Unethische Forschung: Wissenschaftler veröffentlichen 70.000 OKCupid-Profile ***
---------------------------------------------
Wissenschaftler aus Dänemark haben Profile von rund 70.000 OKCupid-Nutzern analysiert und veröffentlicht. Den beteiligten Herren ist ein Ethik-Seminar dringend zu empfehlen.
---------------------------------------------
http://www.golem.de/news/unethische-forschung-wissenschaftler-veroeffentlichen-70-000-okcupid-profile-1605-120916.html


*** Gatecoin: Mehr als zwei Millionen US-Dollar in Kryptowährungen gestohlen ***
---------------------------------------------
Wer seine Bitcoin oder Ether bei dem Anbieter Gatecoin aufbewahrt, sollte seine Accounts checken - rund 15 Prozent der Einlagen wurden gestohlen. Auszahlungen sollen erst ab dem 28. Mai wieder möglich sein, es wird aber an Entschädigungsregeln gearbeitet.
---------------------------------------------
http://www.golem.de/news/gatecoin-ueber-zwei-millionen-us-dollar-in-kryptowaehrungen-gestohlen-1605-120917.html


*** Swift-Attacke abgewehrt: Millionen-Transaktion im Visier von Cyberdieben ***
---------------------------------------------
Ziel der Hacker bei der Tien Phong Bank war eine Transaktion von umgerechnet mehr als einer Million Euro gewesen
---------------------------------------------
http://derstandard.at/2000037024022-1231152558333


*** Carding Sites Turn to the 'Dark Cloud' ***
---------------------------------------------
Crooks who peddle stolen credit cards on the Internet face a constant challenge: Keeping their shops online and reachable in the face of meddling from law enforcement officials, security firms, researchers and vigilantes. In this ..
---------------------------------------------
http://krebsonsecurity.com/2016/05/carding-sites-turn-to-the-dark-cloud/


*** Chrome könnte Flash noch dieses Jahr standardmässig blockieren ***
---------------------------------------------
Google plant anscheinend, HTML5 noch stringenter als Standard in seinem Webbrowser Chrome einzusetzen. Flash-Inhalte sollen im Zuge dessen entweder gar nicht mehr oder nur in Ausnahmefällen wiedergegeben werden.
---------------------------------------------
http://heise.de/-3208837


*** Android Hacking: Dumping and Analyzing Application's Memory ***
---------------------------------------------
In this article, we will discuss how to dump the memory of a specific application using Android Studio's heap dump feature. We will also explore EclipseMemoryAnalyzer(MAT) to analyze the heap dump we acquire. It is possible to create heap dumps of an application�s heap in Android. We can dump ..
---------------------------------------------
http://resources.infosecinstitute.com/android-hacking-dumping-and-analyzing-applications-memory/


*** Cisco Video Communication Server Session Initiation Protocol Packet Processing Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160516-vcs


*** OS X El Capitan v10.11.5 and Security Update 2016-003 ***
---------------------------------------------
https://support.apple.com/kb/HT206567


*** DSA-3580 imagemagick - security update ***
---------------------------------------------
Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discoveredseveral vulnerabilities in ImageMagick, a program suite for imagemanipulation. These vulnerabilities, collectively known as ImageTragick,are the consequence of lack of sanitization of untrusted input. Anattacker with control ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3580


*** Secure Coding: How to Account for Input Sanitization ***
---------------------------------------------
On average, a website leverages around 18-20 different plugins in its structure. These plugins enhance the website's functionality and in some instances extend the applications core capabilities. It's great for website owners because they can pick and ..
---------------------------------------------
https://blog.sucuri.net/2016/05/secure-coding-account-input-sanitization.html


*** Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160516_00


*** Zombie crypto still rules smart grids: OSGP vendors need to kill RC4 ***
---------------------------------------------
Deprecated almost everywhere, researchers crack open smart grid ancient crypto suite AGAIN The Open Smart Grid Protocols custom RC4 encryption has been cracked - again.
---------------------------------------------
www.theregister.co.uk/2016/05/17/zombie_crypto_still_rules_smart_grids/


*** Malicious Android apps slip into Google Play, top third party charts ***
---------------------------------------------
Enlist phones in ad fraud, premium SMS, loser DDoS Malicious Android applications have bypassed Googles Play store security checks to enslave infected devices into distributed denial of service attack, advertising fraud, and spam botnets.
---------------------------------------------
www.theregister.co.uk/2016/05/17/viking_horde_android_app_malware/


*** VMSA-2016-0005 ***
---------------------------------------------
VMware product updates address critical and important security issues
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2016-0005.html


*** Kritische Lücke gefährdet Antiviren-Produkte von Symantec und Norton ***
---------------------------------------------
Ein gefährlicher Bug in der Scan Engine von Symantect zieht weite Kreise und bedroht alle Symantec- und Norton-Produkte auf allen Plattformen, warnt ein Sicherheitsforscher.
---------------------------------------------
http://heise.de/-3208967


*** Security Principles in iOS Architecture ***
---------------------------------------------
I strongly suggest readers checkout my two prior blogs on Cryptography, Principle of Least Privilege, and Biometrics. All of these will be explored in depth throughout this blog.
---------------------------------------------
https://woumn.wordpress.com/2016/05/02/security-principles-in-ios-architecture/


*** Killing XSS and CSRF on web server layer ***
---------------------------------------------
Existing and new web security technologies based on actively developed RFCs propose new approaches to common web vulnerabilities remediation.
---------------------------------------------
https://www.htbridge.com/blog/killing-xss-and-csrf-on-web-server-layer.html


*** "Cryptohitman": Erpressungstrojaner ersetzt Sperrbildschirm mit Pornos ***
---------------------------------------------
Verschlüsselt Dateien mit Endung ".porno" - kostenloses Tool rettet Userdaten
---------------------------------------------
http://derstandard.at/2000037097552


*** Finanzministerium warnt vor falschen BMF-Mails ***
---------------------------------------------
Phishing-Attacke - Löschen, löschen, löschen!
---------------------------------------------
http://derstandard.at/2000037101098


*** The Sleepy User Agent ***
---------------------------------------------
>From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn't understand why it appeared that some simple GET requests for their homepage were ..
---------------------------------------------
https://blog.cloudflare.com/the-sleepy-user-agent/