[CERT-daily] Tageszusammenfassung - Montag 20-03-2017
Daily end-of-shift report
team at cert.at
Mon Mar 20 18:25:58 CET 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 17-03-2017 18:00 − Montag 20-03-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Malicious Subdirectories Strike Again ***
---------------------------------------------
In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim's database structure, attackers were able to inject ads and promote their products. This time, attackers used a similar technique with a little bit more sophistication to achieve their goals. Essay Spam Campaign This technique is now being used to distribute
---------------------------------------------
https://blog.sucuri.net/2017/03/malicious-subdirectories-strike-again.html
*** Mimikatz: Walkthrough ***
---------------------------------------------
Security researchers have been obsessed with Windows security since the beginning of time. Various tools have been released over the years which try to weaken the security/bypass it in some way or the other. Mimikatz is a tool written in `C` as an attempt to play with Windows security.
---------------------------------------------
http://resources.infosecinstitute.com/mimikatz-walkthrough/
*** Doctor Web: It is possible to decrypt files encrypted with Trojan.Encoder.10465 ***
---------------------------------------------
March 17, 2017 Doctor Web has developed an algorithm that successfully decrypts files encrypted by Trojan.Encoder.10465. Trojan.Encoder.10465 poses a threat to Windows computers. The Trojan is written in Delphi. The encoder appends the extension .crptxxx to the infected files and also saves to the disk a text file named HOW_TO_DECRYPT.txt, which contains the following content: Warning!!! All your files are encrypted with AESalgorithm!
---------------------------------------------
http://news.drweb.com/show/?i=11211&lng=en&c=9
*** Sicherheitsupdate in Sicht: Gravierende Telnet-Lücke bedroht zahlreiche Cisco-Switches ***
---------------------------------------------
Offensichtlich hat Cisco den Vault-7-Leak analysiert und ist auf eine kritische Lücke in über 300 Modellen seiner Switch-Reihe mit IOS-Betriebsystem gestoßen. Bislang gibt es nur einen Workaround - ein Patch soll folgen.
---------------------------------------------
https://heise.de/-3658915
*** RIPS - Finding vulnerabilities in PHP application ***
---------------------------------------------
The biggest fear of any developer has always been that their site may get hacked and occasionally it does end up being hacked. For a very long time, the most popular stack being used for the development of website has been the LAMP Stack (Linux, MySQL, PHP/Perl/Python).
---------------------------------------------
http://resources.infosecinstitute.com/rips-finding-vulnerabilities-php-application/
*** Browser: Update der Ask.com-Toolbar verteilt Malware ***
---------------------------------------------
Die meisten Nutzer dürften sich ohnehin nur fragen, wie sie die Ask.com-Toolbar im Browser am schnellsten wieder loswerden. Doch es gibt ein weiteres Problem: Der Update-Prozess des Programms ist notorisch für Sicherheitslücken anfällig. (Malware, Virus)
---------------------------------------------
https://www.golem.de/news/browser-update-der-ask-com-toolbar-verteilt-malware-1703-126827-rss.html
*** Gefälschte Virenwarnung auf dem Smartphone ***
---------------------------------------------
Während der mobilen Nutzung des Smartphones erscheinen angebliche Virenwarnungen. Sie geben vor, dass das Endgerät mit Schadsoftware infiziert sei. Abhilfe schafft ein Schutzprogramm aus einer unbekannten Quelle. Es kann Schadsoftware installieren oder zu einem Abovertrag führen.
---------------------------------------------
https://www.watchlist-internet.at/handy-abzocke/gefaelschte-virenwarnung-auf-dem-smartphone/
*** Low Orbit Ion Cannon: Star-Trek-Ransomware tarnt sich als DDoS-Tool ***
---------------------------------------------
Wer einen DDoS-Angriff starten will, sollte seine Werkzeuge gut auswählen. Bestimmte Versionen der Low Orbit Ion Cannon starten derzeit keinen Überlastungsangriff, sondern die Verschlüsselung der eigenen Festplatte. Teuer wird es auch, wenn Spock die Festplatte entschlüsseln soll. (Star Trek, Applikationen)
---------------------------------------------
https://www.golem.de/news/low-orbit-ion-cannon-star-trek-ransomware-tarnt-sich-als-ddos-tool-1703-126799-rss.html
*** Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics:
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani
*** Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by bash vulnerabilities ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024962
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, and v1.0.2. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547,CVE-2016-5548, CVE-2016-5549) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000014
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by php5 vulnerabilities (CVE-2016-9933, CVE-2016-9935) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024961
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by an International Components for Unicode (ICU) vulnerability (CVE-2014-9911) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024958
---------------------------------------------
*** IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Query Parameter in SSL Request (CVE-2016-6102) ***
http://www.ibm.com/support/docview.wss?uid=swg22000359
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus ***
http://www.ibm.com/support/docview.wss?uid=swg22000536
---------------------------------------------
More information about the Daily
mailing list