Tageszusammenfassung - Mittwoch 15-07-2015

End-of-Shift report

Timeframe: Dienstag 14-07-2015 18:00 − Mittwoch 15-07-2015 18:00 Handler: Robert Waldner Co-Handler: Otmar Lendl

July 2015 Security Updates

Today we released security updates for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. As a best practice, we encourage customers to apply security updates as soon as they are released. For more information about this month's security updates and advisories visit the Security TechNet Library. You can also follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse MSRC Team

http://blogs.technet.com/b/msrc/archive/2015/07/14/july-2015-security-updates.aspx https://technet.microsoft.com/en-us/library/security/MS15-JUL

TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities

Original release date: July 14, 2015 Systems Affected Microsoft Windows systems with Adobe Flash Player installed. Overview Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges. Since attackers continue to target and find new vulnerabilities in popular, Internet-facing software, updating is not sufficient, and it is important to use exploit mitigation and other defensive

https://www.us-cert.gov/ncas/alerts/TA15-195A

Microsoft Patch Tuesday July 2015

Julys Patch Tuesday is here and brings with it a rather large 14 bulletins with 4 Critical and 10 Important rated patches. All combined this months release patches 59 vulnerabilities 29 of which are in the old stalwart Internet Explorer....

http://trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Patch-Tuesday-July-2015/

Adobe, MS, Oracle Push Critical Security Fixes

This being the second Tuesday of the month, its officially Patch Tuesday. But its not just Windows users who need to update today: Adobe has released fixes for several products, including a Flash Player bundle that patches two vulnerabilities for which exploit code is available online. Separately, Oracle issued a critical patch update that plugs more than two dozen security holes in Java.

http://feedproxy.google.com/~r/KrebsOnSecurity/~3/GZ70l-ulAqw/

Oracle Critical Patch Update dichtet 193 Lücken ab

Wie üblich bei Oracles quartalsweisen Updates stopft die Firma massenweise Lücken in fast allen ihrer Produkte. Sogar die Ghost-Lücke vom Januar feiert ein Comeback. Besonders die Updates für Java und MySQL sollten baldigst installiert werden.

http://heise.de/-2750641

Microsoft Ends Support for Windows Server 2003, Migration a Must

End-of-life fun times are coming to infosec departments everywhere again. Just a year after the announcement of Windows XP's end-of-life, we see another body in the OS graveyard: Windows Server 2003. After July 14th, servers running this venerable OS will no longer be receiving any more security updates. This would leave you out in the cold

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/sr3phsOSoFM/

Microsoft Security Essentials is no longer available for Windows XP

We strongly recommend that you complete your migration to a supported operating system as soon as possible so that you can receive regular security updates to help protect your computer from malicious attacks.

http://windows.microsoft.com/en-us/windows/security-essentials-download?os=winxp&arch=other

Cisco Packet Data Network Gateway IP Stack Denial of Service Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=39907

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=39872

Unit 42 Technical Analysis: Seaduke

Earlier this week Symantec released a blog post detailing a new Trojan used by the "Duke" family of malware. Within this blog post, a payload containing a function named "forkmeiamfamous" was mentioned. While performing some ...

http://feedproxy.google.com/~r/PaloAltoNetworks/~3/y_CGsjS6Bio/

An In-Depth Look at How Pawn Storm's Java Zero-Day Was Used

Operation Pawn Storm is a campaign known to target military, embassy, and defense contractor personnel from the United States and its allies. The attackers behind Operation Pawn Storm have been active since at least 2007 and they continue to launch new campaigns. Over the past year or so, we have seen numerous techniques and tactics

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/gJtU9nel0NM/

Hideouts for Lease: The Silent Role of Bulletproof Hosting Services in Cybercriminal Operations

What do LeaseWeb, Galkahost, and Spamz have in common? All of them, at one point or another, have functioned as cybercriminal hideouts in the form of bulletproof hosting services (BPHS). Simply put, BPHS is any hosting facility that can store any type of malicious content like phishing sites, pornography, and command-and-control (C&C) infrastructure.

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Ojxl_6lsUjU/

DFN-CERT-2015-1068/ BlackBerry Link: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes

https://portal.cert.dfn.de/adv/DFN-CERT-2015-1068/

Rootkits: User Mode

In this article, we will learn about what rootkits are and how they operate. The focus will be on two types of Rootkits exploits: User Mode & Kernel Mode, what are the various ways in which rootkits exploit in both modes.

http://resources.infosecinstitute.com/rootkits-user-mode-kernel-mode-part-1/

Rootkits: Kernel Mode

We have learned in part one of this series about the Rootkits and how they operate in User Mode, in this part of the series we will up the ante and look at the other part where rootkits operate, i.e. Kernel Mode.

http://resources.infosecinstitute.com/rootkits-user-mode-kernel-mode-part-2/

Rootkits: User Mode & Kernel Mode-Part 2

http://resources.infosecinstitute.com/rootkits-user-mode-kernel-mode-part-2/

FBI paid Hacking Team to identify Tor users

Documents leaked online after the Hacking Team data breach revealed that the company supported the FBI in the investigation on Tor users. While the security experts are continuing to analyze the impressive amount of data stolen from the Hacking Team, new revelation are circulating over the Internet. Among the clients of the Italian security firm, there ...

http://securityaffairs.co/wordpress/38601/cyber-crime/fbi-hacking-team-tor.html

Government Grade Malware: a Look at HackingTeam's RAT

We have our hands on the code repositories of HackingTeam, and inside of them we've found the source code for a cross-platform, highly-featured, government-grade RAT (Remote Access Trojan). It's rare that we get to do analysis of complex malware at the source-code level, so I couldn't wait to write a blog about it!

http://labs.bromium.com/2015/07/10/government-grade-malware-a-look-at-hackingteams-rat/

Epic Games, Epic Fail: Forumers info blown into dust by hack

Company sorry for the inconvenience caused. Great Epic Games, known for its Unreal Engine and the Games of War series, sent a grovelling letter to its forum users this morning explaining that a hack "may have resulted in unauthorised access to your username, email address, password, and the date of birth you provided at registration."

http://go.theregister.com/feed/www.theregister.co.uk/2015/07/15/epic_games_in_epic_fail_hack_leaves_forumtards_info_fragmented/

Details on Internet-wide Scans from SBA

To clarify what we are scanning on the Internet, here are some details on the project and which tools we use. Most importantly: if you want your IP to be excluded from future scans, please send an email to abuse at sba-research.org. For quite some time now we scan Internet-wide for well-known ports that use TLS, most ...

https://www.sba-research.org/2015/07/15/details-on-internet-wide-scans-from-sba/