[CERT-daily] Tageszusammenfassung - Mittwoch 18-05-2016

Wed May 18 18:05:17 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 17-05-2016 18:00 − Mittwoch 18-05-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** That Insane, $81M Bangladesh Bank Heist? Here's What We Know ***
---------------------------------------------
Someone stole $81 million from Bangladesh Bank in a matter of hours, and appears to have targeted other banks that use ..
---------------------------------------------
http://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/


*** Academics Make Theoretical Breakthrough in Random Number Generation ***
---------------------------------------------
Two University of Texas academics have made what some experts believe is a breakthrough in random number generation that could have longstanding implications for cryptography and computer security.
---------------------------------------------
http://threatpost.com/academics-make-theoretical-breakthrough-in-random-number-generation/118150/


*** XSA-176 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-176.html


*** First ATM malware is back and badder than ever ***
---------------------------------------------
Original gangster Skimer goes global Cybercriminals have retrofitted a strain of ATM malware first discovered in 2009 to create an even more potent threat.
---------------------------------------------
www.theregister.co.uk/2016/05/17/skimer_atm_malware/


*** Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml


*** Cisco Adaptive Security Appliance VPN Memory Block Exhaustion Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-vpn


*** Cisco Unified Computing System Central Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs


*** Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise


*** Malicious macro using a sneaky new trick ***
---------------------------------------------
We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/


*** Hacker weiden Untergrund-Forum Nulled.IO aus ***
---------------------------------------------
Im Hacker-Forum Nulled.IO treffen sich Gleichgesinnte und handeln etwa mit erbeuteten Nutzer-Konten. Ironischerweise wurde Nulled.IO nun selbst Opfer einer verheerenden Hacker-Attacke.
---------------------------------------------
http://heise.de/-3209682


*** Windows 10 Device Guard and Credential Guard Demystified ***
---------------------------------------------
While helping Windows Enterprise customers deploy and realize the benefits of Windows 10, I've observed there's still a lot of confusion regarding the security features of the operating system. This is a shame since some ..
---------------------------------------------
https://blogs.technet.microsoft.com/ash/2016/03/02/windows-10-device-guard-and-credential-guard-demystified/


*** Scammers target cybersecurity brands ***
---------------------------------------------
Cybersquatting, typosquatting and phishing now target the largest cybersecurity brands.
---------------------------------------------
https://www.htbridge.com/blog/scammers-target-cybersecurity-companies-brands.html


*** Google to shutter SSLv3, RC4 from SMTP servers, Gmail ***
---------------------------------------------
Mark your calendars: Google will disable support for the RC4 stream cipher and the SSLv3 protocol on its SMTP servers and Gmail servers on June 16.After the deadline, Googles SMTP servers will no longer exchange mail with servers ..
---------------------------------------------
http://www.cio.com/article/3071866/security/google-to-shutter-sslv3-rc4-from-smtp-servers-gmail.html#tk.rss_security


*** Magento 2.0.6 Security Update ***
---------------------------------------------
Magento Enterprise Edition and Community Edition 2.0.6 contain multiple security and functional enhancements. You can find more details about the vulnerabilities addressed below.
---------------------------------------------
https://magento.com/security/patches/magento-206-security-update


*** Magento - Unauthenticated Remote Code Execution ***
---------------------------------------------
The vulnerability (CVE-2016-4010) allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities, as described further in the blog post.
---------------------------------------------
http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/


*** Sicherheitsrichtlinie: EU-Rat billigt Meldepflicht bei Cyberangriffen ***
---------------------------------------------
Die EU-Mitgliedsstaaten haben den Kompromiss zur geplanten Richtlinie über Netz- und Informationssicherheit angenommen, den Verhandlungsführer zuvor mit dem EU-Parlament ausgehandelt hatten. Es geht um Sicherheitsauflagen für Online-Anbieter.
---------------------------------------------
http://heise.de/-3210189


*** Ransomware Activity Spikes in March, Steadily increasing throughout 2016 ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2016/05/ransomware_activity.html


*** The Ultimate Guide to Angler Exploit Kit for Non-Technical People ***
---------------------------------------------
There's been a lot of talk about the Angler exploit kit lately, but, for most people, the warnings don't strike a chord. And they're definitely not to blame. Not everyone ..
---------------------------------------------
https://heimdalsecurity.com/blog/ultimate-guide-angler-exploit-kit-non-technical-people/


*** Die Crypto Wars und die Folgen: Wie uns alte Hintertüren weiter verfolgen ***
---------------------------------------------
Erneut fordern Politiker, Geheimdienste und Strafverfolger, Krypto-Software absichtlich zu schwächen. Das war schon einmal vorgeschrieben und die Konsequenzen verfolgen uns noch heute: Verheerende Sicherheitslücken haben genau darin ihren Ursprung.
---------------------------------------------
http://heise.de/-3210209


*** Bitly partners with Let's Encrypt for HTTPS links ***
---------------------------------------------
Bitly processes data associated with more than 12 billion clicks per month, leading to massive troves of intelligence. Now, they're partnering with Let's Encrypt to generate SSL certificates for more than 40,000 Bitly ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/05/18/bitly-https-links/


*** IRZ RUH2 3G Firmware Overwrite Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a firmware overwrite vulnerability in iRZ's RUH2 device.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-138-01


*** Moxa EDR-G903 Secure Router Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on February 11, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for Moxa's ECR G903 secure routers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01


*** Fixing `marked` XSS vulnerability ***
---------------------------------------------
A few weeks ago we added to our DB a Cross-Site Scripting (XSS) vulnerability in the popular marked package. This post explains the vulnerability, shows how to exploit it on a sample app, and explains how to fix the issue in your application.
---------------------------------------------
https://snyk.io/blog/marked-xss-vulnerability/