[CERT-daily] Tageszusammenfassung - Montag 5-09-2016

Daily end-of-shift report team at cert.at
Mon Sep 5 18:04:33 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 02-09-2016 18:00 − Montag 05-09-2016 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl


*** DNS tunneling threat drills into nearly half of networks tested ***
---------------------------------------------
InfoBloxs new report showed nearly half of all networks tested to show signs of DNS tunnelling
---------------------------------------------
http://www.scmagazine.com/dns-tunneling-threat-drills-into-nearly-half-of-networks-tested/article/520394/




*** Android Patch Fixes Nexus 5X Critical Vulnerability ***
---------------------------------------------
Google patched an undocumented vulnerability that allowed attackers to bypass Nexus 5X devices lock screen via a forced memory dump that exposed the device owners password.
---------------------------------------------
http://threatpost.com/android-patch-fixes-nexus-5x-critical-vulnerability/120346/




*** Cisco IOS Software Point-to-Point Tunneling Protocol Server Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) server functionality in Cisco IOS Software could allow an unauthenticated, remote attacker to access data from a packet buffer that was previously ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160902-ios




*** Sundown EK – Stealing Its Way to the Top ***
---------------------------------------------
Sundown is one of the newest Exploit Kits on the market these days, and like many up-and-coming exploit kits before it, this means that it is in under constant development. With ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Sundown-EK-%e2%80%93-Stealing-Its-Way-to-the-Top/




*** Mailman Access Control Flaw in User Options Page Lets Remote Users Conduct Cross-Site Request Forgery Attacks ***
---------------------------------------------
Mailman Access Control Flaw in User Options Page Lets Remote Users Conduct Cross-Site Request Forgery Attacks
---------------------------------------------
http://www.securitytracker.com/id/1036728




*** ‘Flash Hijacks’ Add New Twist to Muggings ***
---------------------------------------------
A frequent crime in Brazil is a scheme in which thieves kidnap people as theyre leaving a bank, and free them only after theyve visited a number of ATMs to withdraw ..
---------------------------------------------
http://krebsonsecurity.com/2016/09/flash-hijacks-add-new-twist-to-muggings/




*** Telnet is not dead – at least not on ‘smart’ devices ***
---------------------------------------------
Depending on your age, you either might or might not have used Telnet to connect to remote computers in the past. But ..
---------------------------------------------
http://en.blog.nic.cz/2016/09/01/telnet-is-not-dead-at-least-not-on-smart-devices/




*** "Wenn Ihre Daten in der Cloud sind, hat sie auch die NSA" ***
---------------------------------------------
Der Kryptologe Bart Preneel im futurezone-Interview über Verschlüsselung in der Nach-Snowden-Ära, Hintertüren und Quantenkryptographie.
---------------------------------------------
https://futurezone.at/science/wenn-ihre-daten-in-der-cloud-sind-hat-sie-auch-die-nsa/219.100.024




*** Microsoft thought of the children and decided to ban some browsers ***
---------------------------------------------
Redmonds Family Settings now block browsers-without-filters by default, but which ones? Microsoft has updated its family filters to block some rival ..
---------------------------------------------
www.theregister.co.uk/2016/09/05/microsoft_thought_of_the_children_and_decided_they_must_only_use_edge/




*** Hintergrund: Analysiert: Ransomware meets Info-Stealer - RAA und das diebische Pony, Teil II ***
---------------------------------------------
Wie diese Analysiert:-Folge enthüllt, weist die scheinbar perfekte Verschlüsselung des RAA-Trojaners doch Lücken auf. Auch der von RAA gestartete Passwort-Dieb kann sich mit seinen Anti-Debugging-Tricks der Analyse nicht entziehen.
---------------------------------------------
http://heise.de/-3303401




*** Fake attacks by insiders to fool companies ***
---------------------------------------------
Famous cybercrime groups and hacktivists “brands” may be a smokescreen to cover sophisticated insider attacks.
---------------------------------------------
https://www.htbridge.com/blog/fake-attacks-by-insiders-to-fool-companies.html




*** Security Advisory - Information Leak Vulnerability in Huawei eSpace IAD ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160905-01-espace-en




*** Security Advisory - Multiple Security Vulnerabilities in Huawei HiSuite ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160905-01-hisuite-en




*** BKA geht mit SOKO Clavis gegen Ransomware vor ***
---------------------------------------------
Nachdem sich in den vergangenen Wochen die Fälle häufen, will das Bundeskriminalamt nun gezielt gegen Ransomware vorgehen. Eine SOKO soll die Täter ausfindig machen.
---------------------------------------------
https://futurezone.at/netzpolitik/bka-geht-mit-soko-clavis-gegen-ransomware-vor/219.597.730




*** Sophos Windows users face black screens after false positive snafu ***
---------------------------------------------
Black is the new BSOD Users of Sophos’s security software were confronted with a black screen on starting up ..
---------------------------------------------
www.theregister.co.uk/2016/09/05/sophos_black_screen_snafu/




*** Vuln: Inspircd SSL Certificate Spoofing Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/92737




*** Totgesagte leben länger: Adobe poliert NPAPI-Flash auf Linux auf ***
---------------------------------------------
Entgegen so manch einem Meinungsartikel ist Flash noch lange nicht am Ende. Das muss wohl auch Adobe einsehen und frischt nun die veraltete NPAPI-Version unter Linux auf.
---------------------------------------------
http://heise.de/-3314084




*** 800.000 Klartext-Passwörter der Pornoseite Brazzers veröffentlicht ***
---------------------------------------------
Wieder ist ein großer Hack mit kopierten Nutzerdaten bekannt geworden und wieder scheint der Einbruch in die Server 2012 stattgefunden zu haben.
---------------------------------------------
http://heise.de/-3314087




*** Malware Delivered via .pub Files ***
---------------------------------------------
While searching for new scenarios to deliver their malwares[1][2], attackers launched a campaignto deliver malicious code embedded in Microsoft Publisher[3] (.pub) files. The ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21443




*** Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems ***
---------------------------------------------
The Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. We are providing a ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/







More information about the Daily mailing list