Tageszusammenfassung - Donnerstag 21-05-2015

End-of-Shift report

Timeframe: Mittwoch 20-05-2015 18:00 − Donnerstag 21-05-2015 18:00 Handler: Stephan Richter Co-Handler: n/a

RIG Exploit Kit Infection Cycle Analysis

Overview Happy belated birthday to RIG exploit kit! First seen around April 2014, RIG has been in the news several times over the past year. In February, the source code was reportedly leaked online, which likely spurred some of the recent changes weve observed in the kit. ThreatLabZ has been keeping an eye on RIG and in this post well cover an example of a full RIG infection cycle. Delivery...

http://feedproxy.google.com/~r/zscaler/research/~3/JM9Mp15Wupg/rig-exploit-kit-infection-cycle-analysis.html

New Router Attack Displays Fake Warning Messages

Just because security researchers report about threats doesn't mean we're exempted from them. I recently experienced an incident at home that involved tampered DNS router settings. I was redirected to warning pages that strongly resemble those used in previous FAKEAV attacks. I noticed that my home internet router DNS settings have been modified from its default settings. (My router...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/dJj2wXBlvgk/

Exploit kits delivering Necurs, (Thu, May 21st)

Introduction In the past few days, weve seenNuclear and Anglerexploit kits (EKs) deliveringmalware identified as Necurs. It certainly isntthe only payload sentfrom Nuclear and otherEKs, but I hadnt really looked into EK traffic sending Necurs lately. Documented as early as 2012, Necurs is a type of malware that opens a back door on the infected computer [1]. It may also disable antivirus products as well as download additional malware [1][2]. I sawNecurs as a malware payload from Nuclear and...

https://isc.sans.edu/diary.html?storyid=19719&rss

Das Erste-Hilfe-Kit gegen Krypto-Trojaner

Mit einer Reihe von Werkzeugen will ein Forscher den Opfern von Erpressungs-Trojanern helfen, ihre Daten zu retten und ihre Systeme zu reinigen. Allerdings ist bei der Anwendung Vorsicht geboten.

http://heise.de/-2661154

Mumblehard Malware

Introduction In this article, we will learn about a malware known as Mumblehard which is known for targeting Linux and BSD OS. This malware opens a backdoor that gives the full control of the infected machine to cybercriminals. Mumblehard malware -Components Perl Backdoor Perl backdoor will request for commands from its Command &Control Server and...

http://resources.infosecinstitute.com/mumblehard-malware/

Logjam: the latest TLS vulnerability explained

21 May 2015 by Filippo Valsorda

https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/

The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange

Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically: The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the...

https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html

Samba Memory Corruption Error in prs_append_some_prs_data() Lets Remote Users Deny Service

http://www.securitytracker.com/id/1032362

Cisco Security Manager Cross-Site Request Forgery Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=34325

Cisco Adaptive Security Appliance Protocol Independent Multicast Registration Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=38937

Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities

http://tools.cisco.com/security/center/viewAlert.x?alertId=38927

DSA-3265 zendframework - security update

Multiple vulnerabilities were discovered in Zend Framework, a PHPframework. Except for CVE-2015-3154, all these issues were already fixedin the version initially shipped with Jessie.

https://www.debian.org/security/2015/dsa-3265