Tageszusammenfassung - Freitag 12-06-2015

End-of-Shift report

Timeframe: Donnerstag 11-06-2015 18:00 − Freitag 12-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a

Gamarue dropping Lethic bot

The Gamarue (aka Andromeda) botnet is a highly modular botnet family that allows attackers to take complete control of an infected system and perform a range of malicious activity by downloading additional payloads. In this blog, we will cover a recent Gamarue ..

http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html

---

Popcash Malvertising Leads to CryptoWall

End users face the harsh reality of malvertising with CryptoWall ransomware dropped on their systems.

https://blog.malwarebytes.org/malvertising-2/2015/06/popcash-malvertising-leads-to-cryptowall-3-0/

---

RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability

This advisory provides publicly disclosed vulnerabilities and mitigation measures for the RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability.

https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01

---

Microsoft flags Ask toolbar as unwanted and dangerous

>From this month on, all versions of Ask.coms infamous browser toolbar except the very last will be detected as unwanted ..

http://www.net-security.org/secworld.php?id=18506

---

The June 2015 issue of our SWITCH Security Report is available!

Dear Reader! A new issue of our monthly SWITCH Security Report has just been released. The topics covered in this report are: What do tax authorities and contact sites have in ..

http://securityblog.switch.ch/2015/06/12/the-june-2015-issue-of-our-switch-security-report-is-available/

---

Integrating PaX into Android

The PaX project provides many exploit mitigation features to harden the Linux kernel far beyond the baseline security features provided by upstream. Android is close enough to a normal Linux distribution for it to work quite well out-of-the-box ..

https://copperhead.co/2015/06/11/android-pax

---

Phisher setzen auf Geo-Blocking

Damit Phishing-Seiten länger überleben, lassen sich manche von ihnen nur aus dem Land abrufen, auf das es die Cyber-Ganoven abgesehen haben. Phishing-Filterdienste bleiben deshalb außen vor und schöpfen keinen Verdacht.

http://www.heise.de/security/meldung/Phisher-setzen-auf-Geo-Blocking-2689481.html

---

Dyre Configuration Dumper

It�s been over a year since Dyre first appeared, and with a rise of infections in 2015, it doesn�t look like the attackers are stopping anytime soon. At PhishMe we�ve been ..

http://phishme.com/dyre-configuration-dumper/

---

OpenSSL-Update verursacht ABI-Probleme

OpenSSL veröffentlicht Updates für kleinere Sicherheitslücken - dabei ist den Entwicklern ein Fehler unterlaufen: Durch eine veränderte Datenstruktur ändert sich die Binärschnittstelle der Bibliothek, was zu Fehlfunktionen führen kann.

http://www.golem.de/news/sicherheitsluecken-openssl-update-verursacht-abi-probleme-1506-114638.html

---

How Heartbleed couldve been found

tl;dr With a reasonably simple fuzzing setup I was able to rediscover the Heartbleed bug. This uses state-of-the-art fuzzing and memory protection technology (american fuzzy lop and Address Sanitizer), but it doesnt require any prior knowledge about ..

https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html