[CERT-daily] Tageszusammenfassung - Freitag 7-04-2017

Daily end-of-shift report team at cert.at
Fri Apr 7 18:06:42 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 06-04-2017 18:00 − Freitag 07-04-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Ransomware Gang Made Over $100,000 by Exploiting Apache Struts Zero-Day ***
---------------------------------------------
For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ransomware-gang-made-over-100-000-by-exploiting-apache-struts-zero-day/




*** Upcoming Security Updates for Adobe Acrobat and Reader (APSB17-11) ***
---------------------------------------------
A prenotification Security Advisory (APSB17-11) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, April 11, 2017. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1454




*** Tracking Website Defacers with HTTP Referers, (Fri, Apr 7th) ***
---------------------------------------------
In a previous diary, I explained how pictures may affect your website reputation[1]. Although asuggestedrecommendation was to prevent cross-linking by using the HTTP referer, this is a control that I do not implement on my personal blog, purely for research purposes. And it successfully worked! My website and all its components are constantly monitored but Im also monitoring online services like pastebin.com to track references to...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22268&rss




*** Brickerbot: Hacker zerstören das Internet of Insecure Things ***
---------------------------------------------
Unbekannte versuchen zurzeit, sich in ungesicherte IoT-Geräte zu hacken und diese aktiv zu zerstören. Offenbar ein Versuch, die Geräte unschädlich zu machen, bevor sie Teil von Botnetzen wie Mirai werden.
---------------------------------------------
https://www.golem.de/news/brickerbot-hacker-zerstoeren-das-internet-of-insecure-things-1704-127198-rss.html




*** Global DDoS Threat Landscape: What's new? ***
---------------------------------------------
The Current Global DDoS Threat Landscape In this post, we analyze the current Global DDoS threat landscape focusing on the economic aspect of this kind of criminal activity. The extortion crimes continue to represent a serious threat to businesses and organizations worldwide; ransomware infections and DDoS attacks are becoming daily problems. Security experts at Imperva...
---------------------------------------------
http://resources.infosecinstitute.com/global-ddos-threat-landscape-whats-new/




*** QNAP NAS devices open to remote command execution ***
---------------------------------------------
If you're using one of the many QNAP NAS devices and you haven't yet upgraded the QTS firmware to version 4.2.4, you should do so immediately if you don't want it to fall prey to attackers. Among the vulnerabilities fixed by QNAP in this latest firmware version, released on March 21, are three command injection flaws in the web user interface that can be exploited to gain remote command execution on a vulnerable device as...
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/07/qnap-nas-vulnerability/




*** ClearEnergy - The "In the Wild" SCADA Ransomware Attacks That Never Were ***
---------------------------------------------
A mini-controversy broke out this week in the infosec community after cyber-security firm CRITIFENCE led journalists and other security experts to believe that theyve detected in-the-wild attacks with a new ransomware called ClearEnergy, specialized in targeting ICS/SCADA industrial equipment. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/clearenergy-the-in-the-wild-scada-ransomware-attacks-that-never-were/




*** Sathurbot: Distributed WordPress password attack ***
---------------------------------------------
This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts.
---------------------------------------------
https://www.welivesecurity.com/2017/04/06/sathurbot-distributed-wordpress-password-attack/




*** New IoT/Linux Malware Targets DVRs, Forms Botnet ***
---------------------------------------------
Unit 42 researchers have identified a new variant of the IoT/Linux botnet "Tsunami", which we are calling "Amnesia". The Amnesia botnet targets an unpatched remote code execution vulnerability that was publicly disclosed over a year ago in March 2016 in DVR (digital video recorder) devices made by TVT Digital and branded by over 70 vendors worldwide. Based on our scan data shown below in Figure 1, this [...]
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/




*** [2017-04-07] Server-Side Request Forgery in MyBB forum ***
---------------------------------------------
The "Change Avatar" function in MyBB allows an attacker to perform server-side request forgery (SSRF) attacks if the cURL functions are disabled. It is possible to send requests to internal networks and perform port scans.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170407-0_MyBB_SSRF_vulnerability_v10.txt




*** IBM Security Bulletin: IBM Connections Docs is Vulnerable to a Denial of Service ( CVE-2016-3627 ) ***
---------------------------------------------
DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by an error in the xmlStringGetNodeList() function when parsing xml files while in recover mode. An attacker could exploit this vulnerability to exhaust the stack and cause a segmentation fault.
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22001676


More information about the Daily mailing list