[CERT-daily] Tageszusammenfassung - Freitag 30-09-2016

Fri Sep 30 18:19:50 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 29-09-2016 18:00 − Freitag 30-09-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** The Equation Groups Firewall Exploit Chain ***
---------------------------------------------
There has been plenty of research on pieces of this exploit kit, but very little on the full exploit chain. We were interested in studying some of the command and control traffic used by this exploit kit for emulation in BreakingPoint. On the way, we figured out how a lot of the puzzle pieces fit together. What follows are our findings on how this kit gains persistent control of a Cisco firewall. We also identify some of the missing pieces that were not previously available.
---------------------------------------------
https://www.ixiacom.com/company/blog/equation-groups-firewall-exploit-chain


*** European Cyber Security Month: get in the driving seat of your own online security ***
---------------------------------------------
October 2016 is European Cyber Security Month and this year October will bring plenty of opportunities for people to discover how to stay safe online and play an active role in their own security. Throughout European Cyber Security Month – which kicks-off today in Brussels -   over 300 activities, including events, training sessions, tips and an online quiz, will take place across 27 countries. This year's Cyber Security Month will focus on security in banking, cyber safety, cyber training and mobile malware.
---------------------------------------------
https://www.enisa.europa.eu/news/ecsm


*** Lesser known tricks of spoofing extensions ***
---------------------------------------------
It is a well-known fact that malware using social engineering tricks is designed to hide itself from being an obvious executable. In this short article, we will present two other less common tricks used to deceive users.
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2016/09/lesser-known-tricks-of-spoofing-extensions/


*** Backdoored D-Link Router Should be Trashed, Researcher Says ***
---------------------------------------------
A researcher who found a slew of vulnerabilities in a popular router says it's so hopelessly broken that consumers who own them should throw them away.
---------------------------------------------
http://threatpost.com/backdoored-d-link-router-should-be-trashed-researcher-says/120979/


*** Sentinel 7.4 SP3 (Sentinel 7.4.3.0) Build 2805 ***
---------------------------------------------
This service pack resolves the following security vulnerabilities:
        Sentinel 7.4 SP3 resolves a Java deserialization (CVE-2016-1000031) vulnerability.
---------------------------------------------
https://download.novell.com/Download?buildid=HXXzqDiAPd0~


*** [SANS ISC Diary] Another Day, Another Malicious Behaviour ***
---------------------------------------------
I published the following diary on isc.sans.org: "Another Day, Another Malicious Behaviour". Every day, we are spammed with thousands of malicious emails and attackers always try to find new ways to bypass the security controls. Yesterday, I detected a suspicious HTTP GET request...
---------------------------------------------
https://blog.rootshell.be/2016/09/30/sans-isc-diary-another-day-another-malicious-behaviour/


*** Patch für Street Fighter V: Anti-Cheat-Tool als Rootkit missbrauchar ***
---------------------------------------------
Ein aktueller Patch für die Windows-Version von Street Fighter V bringt Maßnahmen gegen Cheater mit, deaktiviert dafür aber einen essentiellen Sicherheits-Mechanismus von Computern. Mittlerweile soll ein Fix des Sicherheits-Problem aus der Welt schaffen.
---------------------------------------------
https://heise.de/-3338614


*** Bugtraq ***
---------------------------------------------
*** Bugtraq: Multiple exposures in Sophos UTM ***
http://www.securityfocus.com/archive/1/539518
---------------------------------------------
*** Bugtraq: [SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345) ***
http://www.securityfocus.com/archive/1/539517
---------------------------------------------
*** Bugtraq: Persistent XSS in Abus Security Center - CVSS 8.0 ***
http://www.securityfocus.com/archive/1/539514
---------------------------------------------