[CERT-daily] Tageszusammenfassung - Mittwoch 15-02-2017

Wed Feb 15 18:08:22 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 14-02-2017 18:00 − Mittwoch 15-02-2017 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Amnesty International uncovers phishing campaign against human rights activists ***
---------------------------------------------
Attacker targeted groups in Qatar, Nepal using extensive fake social media profile.
---------------------------------------------
https://arstechnica.com/security/2017/02/amnesty-international-uncovers-phishing-campaign-against-human-rights-activists/


*** Siemens SIMATIC Authentication Bypass ***
---------------------------------------------
This advisory contains mitigation details for an authentication bypass in Siemens SIMATIC.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-045-03


*** Attacking the Windows NVIDIA Driver ***
---------------------------------------------
Modern graphic drivers are complicated and provide a large promising attack surface for EoPs and sandbox escapes from processes that have access to the GPU (e.g. the Chrome GPU process). In this blog post we’ll take a look at attacking the ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driver.html


*** Ransomware: a declining nuisance or an evolving menace? ***
---------------------------------------------
The volume of ransomware encounters is on a downward trend. Are we seeing the beginning of the end of this vicious threat? Unfortunately, a look at the attack vectors, the number of ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/02/14/ransomware-2016-threat-landscape-review/


*** New ASLR-busting JavaScript is about to make drive-by exploits much nastier ***
---------------------------------------------
A property found in virtually all modern CPUs neuters decade-old security protection.
---------------------------------------------
https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/


*** Adobe-Patchday: Flash Player wie üblich in kritischem Zustand ***
---------------------------------------------
Im Flash Player und Adobe Digital Editions klaffen kritische Lücken. Aktuell sind vor allem Windows-Nutzer von den Flash-Lücken bedroht. Adobe Campaign erhält ebenfalls Sicherheitsupdates.
---------------------------------------------
https://heise.de/-3626386


*** Researchers Discover Self-Healing Malware That Targets Magento Stores ***
---------------------------------------------
Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/researchers-discover-self-healing-malware-that-targets-magento-stores/


*** Cisco: Zwei VPN-Lücken und eine Schwachstelle, die offiziell keine ist ***
---------------------------------------------
Cisco hat Sicherheitslücken im AnyConnect-VPN und auf seinen ASA-Firewalls gestopft. Ein Sicherheitsproblem mit dem SMI-Protokoll, welches es aus der Ferne erlaubt, neue Betriebssystem-Images auf Switches zu laden, sieht die Firma allerdings nicht.
---------------------------------------------
https://heise.de/-3627330


*** Are Windows Registry Fixers Safe? ***
---------------------------------------------
Before I got into cybersecurity, I spent years as a technical support agent for Windows end users of Windstream, an American ISP. Although Windstream is an ISP, they also offered a general Windows client OS remote support service for their predominantly ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/should-windows-users-beware-of-registry-fixers


*** Xagent: Russische Hackergruppe setzt auch auf Mac-Spionage-Software ***
---------------------------------------------
Eine auf macOS abzielende Version der Malware Xagent stammt offenbar von der Hackergruppe APT28, die mit dem Angriff auf die Demokratische Partei im US-Wahlkampf in Verbindung gebracht wird. Xagent soll unter anderem iPhone-Backups entwenden.
---------------------------------------------
https://heise.de/-3627630


*** Researchers trick CEO email scammer into giving up identity ***
---------------------------------------------
Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a ..
---------------------------------------------
http://www.cio.com/article/3170117/security/researchers-trick-ceo-email-scammer-into-giving-up-identity.html