Tageszusammenfassung - Freitag 31-07-2015

End-of-Shift report

Timeframe: Donnerstag 30-07-2015 18:00 − Freitag 31-07-2015 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter

Derelict TrueCrypt Russia portal is command hub for Ukraine spying op

Backdoored code slung at officials, journos etc Malware used to attack Ukrainian government, military, and major news agencies in the country, was distributed from the Russian portal of encryption utility TrueCrypt, new research has revealed.

http://go.theregister.com/feed/www.theregister.co.uk/2015/07/30/truecrypt_ru_hub/

Username Enumeration against OpenSSH-SELinux with CVE-2015-3238

I recently disclosed a low-risk vulnerability in Linux-PAM < 1.2.1 , which allows attackers to conduct username enumeration and denial of service attacks. Below I will provide more technical details about this vulnerability. The Past Time-based username enumeration is an...

https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/

Flash Threats: Not Just In The Browser

July has been a fairly poor month for Adobe Flash Player security, to say the least. Three separate zero-day vulnerabilities (all courtesy of the Hacking Team dump) have left many people concerned about Flash security, with many (including this blog) calling for it to go away. Some sort of reaction from Adobe to improve Flash...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6YRcRVFMKYg/

Bundestags-Hack: Reparatur des Bundestagsnetzes soll vier Tage dauern

Das Netzwerk des Bundetages soll zwischen dem 13. und 17. August 2015 neu aufgesetzt werden. In dieser Zeit wird es komplett abgeschaltet. Auch E-Mails können dann nicht mehr empfangen oder versendet werden.

http://www.golem.de/news/bundestags-hack-reparatur-des-bundestagsnetzes-soll-vier-tage-dauern-1507-115518-rss.html

Compromised site serves Nuclear exploit kit together with fake BSOD

Support scammers not lying about a malware infection for a change.During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted to trick the user into falling for a support scam.When a (legitimate) website includes (legitimate) advertisements, these ads themselves are rarely included in the HTML code. Rather, the...

http://www.virusbtn.com/blog/2015/07_31.xml?rss

MMS Not the Only Attack Vector for "Stagefright"

Earlier this week Zimperium zLabs revealed an Android vulnerability which could be used to install malware on a device via a simple multimedia message. This vulnerability, now known as Stagefright, has gained a lot of attention for the potential attacks it can cause. Stagefright makes it possible, for example, for an attacker to install a spyware app...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fiKsjboNusw/

Real World Ramifications of Cyber Attacks

Warning: the following blog contains gratuitous use of sarcasm and hyperbole from the start. Reader discretion is advised. And so, ladies and gentlemen, it has finally happened. The Internet-of-Things has risen up, Skynet style, and we are doomed. This much prophesied event finally came to pass with reports of hackers disabling cars from miles away, and altering rifle trajectories. At last, it seems, the crossover has been made from the digital world to the physical one; the end is nigh. Then...

https://blog.team-cymru.org/2015/07/real-world-ramifications-of-cyber-attacks/

Symantec Endpoint Protection Multiple Issues

Revisions None Severity CVSS2 Base Score ...

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150730_00

Cisco Security Advisories

Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k

Cisco Prime Central Hosted Collaboration Solution Cross-Site Scripting Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=40214

Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=40217

Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=40175

Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=40223

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability

This advisory provides mitigation details for a password storage vulnerability in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products.

https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01