[CERT-daily] Tageszusammenfassung - 03.08.2017

Thu Aug 3 18:11:32 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 02-08-2017 18:00 − Donnerstag 03-08-2017 18:00
Handler:     Petr Sikuta
Co-Handler:  Stephan Richter

=====================
=        News       =
=====================

∗∗∗ Windows Defender ATP machine learning: Detecting new and unusual breach activity ∗∗∗
---------------------------------------------
Microsoft has been investing heavily in next-generation security technologies. These technologies use our ability to consolidate large sets of data and build intelligent systems that learn from that data. These machine learning (ML) systems flag and surface threats that would otherwise remain unnoticed amidst the continuous hum of billions of normal events and the inability...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/08/03/windows-defender-atp-machine-learning-detecting-new-and-unusual-breach-activity/


∗∗∗ Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain ∗∗∗
---------------------------------------------
Over the last few months, we have been keeping an eye on the Magnitude exploit kit which is mainly used to deliver the Cerber ransomware to specific countries in Asia. Our telemetry shows that South Korea is most impacted via ongoing malvertising campaigns. When a visitor goes to a website that monetizes its traffic via adverts he may be exposed to malicious advertising. Tailored ads shown in the browser are initiated on-the-fly via a process known as Real-time Bidding (RTB).
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2017/08/enemy-at-the-gates-reviewing-the-magnitude-exploit-kit-redirection-chain/


∗∗∗ The Retefe Saga ∗∗∗
---------------------------------------------
Surprisingly, there is a lot of media attention going on at the moment on a macOS malware called OSX/Dok. In the recent weeks, various anti-virus vendors and security researchers published blog posts on this threat, presenting their analysis and findings. While some findings where very interesting, others were misleading or simply wrong.
---------------------------------------------
https://www.govcert.admin.ch/blog/33/the-retefe-saga


∗∗∗ Warnung vor Fake-Mail "Ihr Konto wurde limitiert" ∗∗∗
---------------------------------------------
[...] Diese E-Mail gibt sich als PayPal (service@ ppal.com) aus, PayPal hat mit der Betrugsmasche jedoch nichts zu tun. PayPal selbst wurde hier Opfer, indem sein Name missbräuchlich verwendet wird, um Nutzer in die Falle zu locken!
---------------------------------------------
http://www.mimikama.at/allgemein/ihr-konto/


∗∗∗ Sicherheitspatches: Varnish anfällig für DoS-Attacke ∗∗∗
---------------------------------------------
In verschiedenen Versionen von Varnish klafft eine Schwachstelle, über die Angreifer Server attackieren könnten.
---------------------------------------------
https://heise.de/-3791311


∗∗∗ Pwned Passwords: Neuer Dienst macht geknackte Passwörter auffindbar ∗∗∗
---------------------------------------------
Wurde mein Lieblings-Passwort schon einmal in einem Datenleck veröffentlicht und kann deswegen einfach für Bruteforce-Angriffe verwendet werden? Diese Frage beantwortet ein neuer Webdienst des Sicherheitsforschers Troy Hunt.
---------------------------------------------
https://heise.de/-3792707


∗∗∗ Malicious content delivered over SSL/TLS has more than doubled in six months ∗∗∗
---------------------------------------------
Threats using SSL encryption are on the rise. An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS. Researchers also found that the Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year. “Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration and hide botnet command and control communications.
---------------------------------------------
https://www.helpnetsecurity.com/2017/08/03/malicious-content-ssl-tls/


∗∗∗ Gefälschte Bank Austria-Nachricht: Änderungen im OnlineBanking ∗∗∗
---------------------------------------------
In einer gefälschten Bank Austria-Nachricht schreiben Kriminelle, dass es zu einer Änderung im OnlineBanking-System gekommen sei. Das führt zu Fehlern, weshalb Kund/innen ihre Zugangsdaten auf einer Website nennen sollen. Empfänger/innen der Nachricht, die dem nachkommen, übermitteln ihre Passwörter an Verbrecher/innen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-bank-austria-nachricht-aenderungen-im-onlinebanking/


=====================
=    Advisories     =
=====================

∗∗∗ Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance.The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds


∗∗∗ Cisco Identity Services Engine Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication.The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy ...
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise


∗∗∗ IBM Security Bulletin: IBM Content Navigator Cross Site Scripting Vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22003928


∗∗∗ IBM Security Bulletin: Apache Commons Collection Java Deserialization Vulnerability in Multiple N series Products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009711


∗∗∗ IBM Security Bulletin: CVE-2015-4000 Diffie-Hellman Export Cipher Suite Vulnerabilities in Multiple N series Products ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009681

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily