End-of-Shift report
Timeframe: Mittwoch 20-05-2015 18:00 − Donnerstag 21-05-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
RIG Exploit Kit Infection Cycle Analysis
Overview Happy belated birthday to RIG exploit kit! First seen around April 2014, RIG has been in the news several times over the past year. In February, the source code was reportedly leaked online, which likely spurred some of the recent changes weve observed in the kit. ThreatLabZ has been keeping an eye on RIG and in this post well cover an example of a full RIG infection cycle. Delivery...
http://feedproxy.google.com/~r/zscaler/research/~3/JM9Mp15Wupg/rig-exploit-kit-infection-cycle-analysis.html
New Router Attack Displays Fake Warning Messages
Just because security researchers report about threats doesn't mean we're exempted from them. I recently experienced an incident at home that involved tampered DNS router settings. I was redirected to warning pages that strongly resemble those used in previous FAKEAV attacks. I noticed that my home internet router DNS settings have been modified from its default settings. (My router...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/dJj2wXBlvgk/
Exploit kits delivering Necurs, (Thu, May 21st)
Introduction In the past few days, weve seenNuclear and Anglerexploit kits (EKs) deliveringmalware identified as Necurs. It certainly isntthe only payload sentfrom Nuclear and otherEKs, but I hadnt really looked into EK traffic sending Necurs lately. Documented as early as 2012, Necurs is a type of malware that opens a back door on the infected computer [1]. It may also disable antivirus products as well as download additional malware [1][2]. I sawNecurs as a malware payload from Nuclear and...
https://isc.sans.edu/diary.html?storyid=19719&rss
Das Erste-Hilfe-Kit gegen Krypto-Trojaner
Mit einer Reihe von Werkzeugen will ein Forscher den Opfern von Erpressungs-Trojanern helfen, ihre Daten zu retten und ihre Systeme zu reinigen. Allerdings ist bei der Anwendung Vorsicht geboten.
http://heise.de/-2661154
Mumblehard Malware
Introduction In this article, we will learn about a malware known as Mumblehard which is known for targeting Linux and BSD OS. This malware opens a backdoor that gives the full control of the infected machine to cybercriminals. Mumblehard malware -Components Perl Backdoor Perl backdoor will request for commands from its Command &Control Server and...
http://resources.infosecinstitute.com/mumblehard-malware/
Logjam: the latest TLS vulnerability explained
21 May 2015 by Filippo Valsorda
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange
Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically: The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the...
https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html
CVE-2015-4000 alias "Logjam" ..
http://www.cert.at/services/blog/20150521111403-1485.html
Vuln: OpenSSL CVE-2015-0288 Denial of Service Vulnerability
http://www.securityfocus.com/bid/73237
Vuln: OpenSSL /evp/encode.c Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/73228
Samba Memory Corruption Error in prs_append_some_prs_data() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1032362
Cisco Security Manager Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=34325
Cisco Adaptive Security Appliance Protocol Independent Multicast Registration Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38937
Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities
http://tools.cisco.com/security/center/viewAlert.x?alertId=38927
DSA-3265 zendframework - security update
Multiple vulnerabilities were discovered in Zend Framework, a PHPframework. Except for CVE-2015-3154, all these issues were already fixedin the version initially shipped with Jessie.
https://www.debian.org/security/2015/dsa-3265