[CERT-daily] Tageszusammenfassung - Montag 24-10-2016

Daily end-of-shift report team at cert.at
Mon Oct 24 18:05:15 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 21-10-2016 18:00 − Montag 24-10-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** In a BIND: Third parties distributed outdated, vulnerable ISC Domain Name System software ***
---------------------------------------------
The Internet Systems Consortium issued an advisory on Wednesday, warning that some third parties are distributing versions of ISCs BIND software that contain a high-severity vulnerability, which if exploited can trigger an assertion failure.
---------------------------------------------
http://www.scmagazine.com/in-a-bind-third-parties-distributed-outdated-vulnerable-isc-domain-name-system-software




*** Credentials Stealer on Prestashop ***
---------------------------------------------
In a matter of hours, a big e-commerce website can have hundreds of credit card numbers stolen and used by attackers on other websites around the world. We commonly see ecommerce websites infected with credit card (CC) ..
---------------------------------------------
https://blog.sucuri.net/2016/10/credentials-stealer-prestashop.html




*** Hacked Cameras, DVRs Powered Today’s Massive Internet Outage ***
---------------------------------------------
A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked "Internet of Things" (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests.
---------------------------------------------
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/




*** Beware of Hicurdismos: It’s a fake Microsoft Security Essentials installer that can lead to a support call scam ***
---------------------------------------------
Wouldn’t it be a shame if, in trying to secure your PC, you inadvertently install malware and run the risk of being scammed? We recently discovered a threat ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/10/21/beware-of-hicurdismos-its-a-fake-microsoft-security-essentials-installer-that-can-lead-to-a-support-call-scam/




*** DSA-3697 kdepimlibs - security update ***
---------------------------------------------
Roland Tapken discovered that insufficient input sanitising in KMailsplain text viewer allowed the injection of HTML code.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3697




*** Policy Analyzer v3.1 PRE-RELEASE ***
---------------------------------------------
Lots of updates to Policy Analyzer in this unsigned, pre-release preview build — please post comments here to let me know how well it addresses your needs and what ..
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2016/10/22/policy-analyzer-v3-1-pre-release/




*** Sicherere Pornos: "https" soll Nutzer schützen ***
---------------------------------------------
Sicherheitsprotokoll schützt Privatsphäre – soll außerdem vor potenzielle Leaks verhindern
---------------------------------------------
http://derstandard.at/2000046090383




*** "Dirty Cow": Warnung vor "ekliger" Linux-Lücke ***
---------------------------------------------
Fehler erlaubt es Nutzern im Linux-Kernel Dateien zu überschreiben, für die sie Leserechte haben
---------------------------------------------
http://derstandard.at/2000046330107




*** FBI: Russe soll LinkedIn und Dropbox gehackt haben ***
---------------------------------------------
Der russische Staatsbürger wurde in Tschechien festgenommen
---------------------------------------------
http://derstandard.at/2000046330952




*** Request for Packets TCP 4786 - CVE-2016-6385, (Sat, Oct 22nd) ***
---------------------------------------------
We have received information about potential active reconnaissance for TCP 4786 which might be related to CVE-2016-6385 (Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability) an advisory released 28 Sep 2016. This ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21625




*** Mirai-Botnetz: Dyn bestätigt Angriff von zig-Millionen IP-Adressen ***
---------------------------------------------
Der Internet-Dienstleister Dyn hat erste Details zur schweren DDoS-Attacke vom vergangenen Freitag genannt. Demnach gab es drei Angriffswellen von unterschiedlichem Ausmaß.
---------------------------------------------
http://www.golem.de/news/mirai-botnetz-dyndns-bestaetigt-angriff-von-zig-millionen-ip-adressen-1610-123981.html




*** Hohe Phishing-Quote: So einfach ließen sich US-Politiker hacken ***
---------------------------------------------
Die Veröffentlichungen von Wikileaks bringen die US-Politik in Schwierigkeiten. Die Hacks machen deutlich, welche Gefahren durch die Nutzung populärer E-Mail-Dienste wie Gmail entstehen.
---------------------------------------------
http://www.golem.de/news/hohe-phishing-quote-so-einfach-liessen-sich-us-politiker-hacken-1610-123984.html




*** Mozilla plots TLS 1.3 future for Firefox ***
---------------------------------------------
Quicker handshake starts encrypting data sooner Mozilla has decided it needs to lift its HTTPS game, and will default to TLS 1.3 in next years Firefox 52.…
---------------------------------------------
www.theregister.co.uk/2016/10/23/mozilla_plots_tls_13_future_for_firefox/




*** DDoS für 7.500 US-Dollar: Hacker verkaufen Zugang zu IoT-Botnetz im Darknet ***
---------------------------------------------
Der Zugang zum IoT-Botnetz Mirai setzt neuerdings keine technischen Kenntnisse mehr voraus, sondern nur genügend Finanzmittel - 7.500 US-Dollar. Außerdem bestätigte ein chinesischer Hersteller, dass seine Geräte Teil des ..
---------------------------------------------
http://www.golem.de/news/ddos-fuer-7-500-us-dollar-hacker-verkaufen-zugang-zu-iot-botnetz-im-darknet-1610-123989.html




*** Gefälschte Verbund-Rechnung verschlüsselt Dateien ***
---------------------------------------------
Kriminelle versenden gefälschte Verbund-Rechnungen per E-Mail. Darin fordern sie Empfänger/innen auf, dass diese eine Website öffnen. Sie imitiert den Internetauftritt der ..
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-verbund-rechnung-verschluesselt-dateien/




*** Drammer: Rowhammer bringt zuverlässig Root-Zugriff auf Android ***
---------------------------------------------
Mit forcierten Bitflips im Arbeitsspeicher lassen sich leicht Root-Rechte auf Systemen erlangen. Forscher zeigen, dass dies auch zuverlässig auf Android-Telefonen ..
---------------------------------------------
http://www.golem.de/news/drammer-rowhammer-bringt-zuverlaessig-root-zugriff-auf-android-1610-123995.html




*** Trick Bot – Dyreza’s successor ***
---------------------------------------------
Recently, our analyst Jérôme Segura captured an interesting payload in the wild. It turned out to be a new bot, that, at the moment of the analysis, hadnt been described ..
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/




*** From There to Here (But Not Back Again) ***
---------------------------------------------
Red Hat Product Security recently celebrated our 15th anniversary this summer and while I cannot claim to have been with Red Hat for that long (although I’m coming up ..
---------------------------------------------
https://access.redhat.com/blogs/766093/posts/2712261




*** Analyzing Rig ***
---------------------------------------------
I recently Googled for a sleeping accommodation in "The Ardennes", a region of extensive forests in Southern Belgium. It wasnt surprised that by clicking on the fourth ..
---------------------------------------------
https://www.uperesia.com/analyzing-rig-exploit-kit


More information about the Daily mailing list