Tageszusammenfassung - Montag 5-05-2014

End-of-Shift report

Timeframe: Freitag 02-05-2014 18:00 − Montag 05-05-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Lnk files in Email Malware Distribution

Recently I have noticed more use of .lnk files used in malware distribution via email. These files are Windows Shortcut files, typically used for shortcuts on your system, such as on your desktop. The use of .lnk files in emails is not new, but a recent sample caught my eye and I took a closer look. The original email, as it would appear to the recipient, looked like this, purporting to be from an individual at Automatic Data Processing, and containing what looks to be a PDF document and a ZIP

http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/VEYzrNB7xos/lnk-files-in-email-malware-distribution.html

PHP Updated to Fix OpenSSL Flaws, Other Bugs

The maintainers of PHP have released two new versions of the scripting language that fix a number of bugs, including a pair of vulnerabilities related to OpenSSL. Versions 5.4.28 and 5.5.12 both contain that important patch, as well as fixes for more than a dozen other vulnerabilities. The fix for the OpenSSL flaws is in both...

http://threatpost.com/php-updated-to-fix-heartbleed-other-bugs/105867

iOS 7 Update Silently Removes Encryption For Email Attachments

An anonymous reader writes "Apple has removed encrypted email attachments from iOS 7. Apple said back in June 2010 in regards to iOS 4.0: Data protection is available for devices that offer hardware encryption, including iPhone 3GS and later, all iPad models, and iPod touch (3rd generation and later). Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/FyN_d8fBQgo/story01.htm

Attack Prediction: Malicious gTLD Squatting May Be The Next Big Threat

Late last year, ICANN began expanding the generic Top-Level Domains (gTLDs). In addition to the standard .COM, .ORG, and .NET TLDs, over 1,300 new names could become available in the next few years. These new gTLDs and internationalized domain names (IDNs) are awesome ideas if you think about the creativity sparked around the names one can possibly register.

http://labs.opendns.com/2014/04/23/malicious-gtld-squatting/

Spear Phishing Emails: A Psychological Tactic of Threat Actors

By exploiting network security vulnerabilities, today's generation of threat actors are able to install advanced polymorphic malware to steal data and damage reputations. But their manipulation efforts aren't limited to codes and machines - they extend to people, too.

http://www.seculert.com/blog/2014/05/spear-phishing-emails-a-psychological-tactic-of-threat-actors.html

Evolution of Encrypting Ransomware

Recently we've seen a big change in the encrypting ransomware family and we're going to shed light on some of the newest variants and the stages of evolution that have led the high profile malware to where it is today. For those that aren't aware of what encrypting ransomware is, its a cryptovirus that encrypts all your data from local hard drives, network shared drives, removable hard drives and USB. The encryption is done using an RSA -2048 asymmetric public key which makes...

http://feedproxy.google.com/~r/WebrootThreatBlog/~3/hp9iym0nxN0/

Symantec Critical System Protection for Windows Default Policy Bypass

Revisions None Severity Symantec does not believe that this bypass represents Symantec Critical System Protection (SCSP) vulnerability. The policy bypass ...

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140502_00

Bugtraq: [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact

http://www.securityfocus.com/archive/1/532008

Vuln: F5 Networks BIG-IQ Remote Privilege Escalation Vulnerability

http://www.securityfocus.com/bid/67191

F5 BIG-IQ 4.1.0.2013.0 Password Change Exploit

Topic: F5 BIG-IQ 4.1.0.2013.0 Password Change Exploit Risk: High Text:## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-fr...

http://cxsecurity.com/issue/WLB-2014050012

OpenSSL Null Pointer Dereference in do_ssl3_write() Lets Remote Users Deny Service

http://www.securitytracker.com/id/1030188

[webapps] - Seagate BlackArmor NAS - Multiple Vulnerabilities

http://www.exploit-db.com/exploits/33159

Vuln: WordPress NextCellent Gallery Plugin CVE-2014-3123 Multiple Cross Site Scripting Vulnerabilities

http://www.securityfocus.com/bid/67085

IBM Tivoli Netcool/Portal vulnerable to CVE-2014-0160 & CVE-2014-0076

Security vulnerabilities have been discovered in OpenSSL. CVE(s): CVE-2014-0160 and CVE-2014-0076 Affected product(s) and affected version(s): IBM Tivoli Netcool/Portal 2.1.2 Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21671783 X-Force Database: http://xforce.iss.net/xforce/xfdb/92322 X-Force Database: http://xforce.iss.net/xforce/xfdb/91990

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_tivoli_netcool_portal_vulnerable_to_cve_2014_0160_cve_2014_0076?lang=en_us

IBM Security Bulletin: Multiple OpenSSL vulnerabilities in Tivoli Endpoint Manager for Remote Control. (CVE-2013-4353,CVE-2013-6449)

Security vulnerabilities exist in the version of OpenSSL shipped with Tivoli Endpoint Manager for Remote Control. CVE(s): CVE-2013-4353 and CVE-2013-6449 Affected product(s) and affected version(s): Tivoli Endpoint Manager for Remote Control version 8.2.1. Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21669040 X-Force Database: http://xforce.iss.net/xforce/xfdb/90201 X-Force

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_openssl_vulnerabilities_in_tivoli_endpoint_manager_for_remote_control_cve_2013_4353_cve_2013_6449?lang=en_us

Bugtraq: [HP security bulletins]