[CERT-daily] Tageszusammenfassung - Freitag 21-10-2016

Fri Oct 21 18:06:52 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 20-10-2016 18:00 − Freitag 21-10-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** iCloud Phishing Campaign Zycode Back From the Dead ***
---------------------------------------------
http://threatpost.com/icloud-phishing-campaign-zycode-back-from-the-dead/121424/


*** EMC Avamar Data Store and Virtual Edition Unspecified Flaw Lets Remote Authenticated Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1037066


*** Hack.lu 2016 Wrap-Up Day #3 ***
---------------------------------------------
The third day is already over! I’m just back at home so it’s time for a last quick wrap-up before recovering before BruCON which is organized next week! Damien ..
---------------------------------------------
https://blog.rootshell.be/2016/10/20/hack-lu-2016-wrap-day-3/


*** Oracle Critical Patch Update Advisory - October 2016 ***
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html


*** Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a privilege escalation vulnerability in Moxa’s EDR-810 Industrial Secure Router.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01


*** “Most serious” Linux privilege-escalation bug ever is under active exploit (updated) ***
---------------------------------------------
While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation ..
http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/


*** CVE-2016-2848: A packet with malformed options can trigger an assertion failure in ISC BIND versions released prior to May 2013 ***
---------------------------------------------
A packet with a malformed options section can be used to deliberately trigger an assertion ..
---------------------------------------------
https://kb.isc.org/article/AA-01433/74/CVE-2016-2848


*** Nagios XI 5.2.9 Cross Site Scripting / Open Redirect ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016100203


*** Doctor Web examines new backdoor for Linux ***
---------------------------------------------
October 20, 2016 Most backdoor Trojans are created for Microsoft Windows; however, a few of them can infect Linux devices. This rare type of Trojan ..
---------------------------------------------
http://news.drweb.com/show/?i=10265&lng=en&c=9


*** Vuln: Multiple Synology DiskStation Products CVE-2016-6554 Insecure Default Password Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93805


*** Warnung vor gefälschter BAWAG PSK-Phishingmail ***
---------------------------------------------
In einer gefälschten BAWAG PSK-Nachricht behaupten Kriminelle, dass es „einer dringenden ..
---------------------------------------------
https://www.watchlist-internet.at/phishing/warnung-vor-gefaelschter-bawag-psk-phishingmail/


*** Dridex - an old dog is learning new tricks ***
---------------------------------------------
A lot of things have been said and written about Dridex in the past few months. It has risen and fallen in prevalence and it was rumored that its makers collaborate ..
---------------------------------------------
https://blog.gdatasoftware.com/2016/10/29261-dridex-an-old-dog-is-learning-new-tricks


*** New ESET research paper puts Sednit under the microscope ***
---------------------------------------------
Security researchers at ESET have released their latest research into the notorious Sednit ..
---------------------------------------------
http://www.welivesecurity.com/2016/10/20/new-eset-research-paper-puts-sednit-under-the-microscope/


*** SSA-296574 (Last Update 2016-10-21): Denial of Service in SICAM RTU Devices ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-296574.pdf


*** Hax0rs sow Discord by using VoIP service to sling malware at gamers ***
---------------------------------------------
Not even playtimes safe these days Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware.
---------------------------------------------
www.theregister.co.uk/2016/10/21/gaming_voip_service_malware_abuse/


*** DDoS on Dyn Impacts Twitter, Spotify, Reddit ***
---------------------------------------------
Criminals this morning massively attacked Dyn, a company that provides core Internet services ..
---------------------------------------------
https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/