Tageszusammenfassung - Donnerstag 30-06-2016

End-of-Shift report

Timeframe: Mittwoch 29-06-2016 18:00 − Donnerstag 30-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a

Multiple vulnerabilities in Foxit Reader

DSA-3608 libreoffice - security update

Aleksandar Nikolic discovered that missing input sanitising in the RTFparser in Libreoffice may result in the execution of arbitrary code ifa malformed documented is opened.

https://www.debian.org/security/2016/dsa-3608

Ransomware auf Smartphones hat sich vervierfacht

Erpresserische Schadsoftware auf Android-Smartphones ist laut einer Untersuchung von Kaspersky innerhalb eines Jahres um das Vierfache gestiegen.

http://futurezone.at/digital-life/ransomware-auf-smartphones-hat-sich-vervierfacht/207.144.693

Malware Authors Adopt CEO Fraud Techniques

CEO Fraud scams, a type of Business Email Compromise (BEC), have gained popularity among scammers recently. These scams use the power of the CEOs name to try and elicit a ..

http://trustwave.com/Resources/SpiderLabs-Blog/Malware-Authors-Adopt-CEO-Fraud-Techniques/

CEO Fraud Scams and How to Deal With Them at the Email Gateway

Email scams known as "CEO Fraud" are very common right now. They are a type of "Business Email Compromise" (BEC). There have ..

http://trustwave.com/Resources/SpiderLabs-Blog/CEO-Fraud-Scams-and-How-to-Deal-With-Them-at-the-Email-Gateway/

Datenleck bei Terrordatenbank

http://futurezone.at/digital-life/datenleck-bei-terrordatenbank/207.148.569

Phishing Campaign with Blurred Images, (Wed, Jun 29th)

For a few days, Im seeing a lot of phishing emails that try to steal credentials from victims. Well, nothing brand new but,this time, the scenario is quite different : The ..

https://isc.sans.edu/diary.html?storyid=21207

DSA-3609 tomcat8 - security update

Multiple security vulnerabilities have been discovered in the Tomcatservlet and JSP engine, which may result in information disclosure, thebypass of CSRF protections, bypass of the SecurityManager or denial ofservice.

https://www.debian.org/security/2016/dsa-3609

Rooting Hummer malware brings $500,000 per day to its creator

Android malware with device rooting capabilities has been hitting Google Play for a while now, but for users third-party app stores the situation is even more dangerous. The Hummer malware family Hummer, an Android Trojan ..

https://www.helpnetsecurity.com/2016/06/30/rooting-hummer-malware/

StartEncrypt considered harmful today

Recently, one of our hackers (Thijs Alkemade) found a critical vulnerability in StartCom's new StartEncrypt tool, that allows an attacker to gain valid SSL certificates ..

https://www.computest.nl/blog/startencrypt-considered-harmful-today/

Wasserwaagen-App: Android-Trojaner im Play Store installiert ungewollt Apps

http://www.golem.de/news/wasserwagen-app-android-trojaner-im-play-store-installiert-ungewollt-apps-1606-121851.html

SBA Research got COMET

We are proud to announce that SBA Research got COMET funding for the next four years! Read the press release here.

https://www.sba-research.org/2016/06/30/sba-research-got-comet/

Fileless Malware - A Behavioural Analysis Of Kovter Persistence

During a recent talk by a representative of MalwareBytes, it was discussed that several modern malware families, notable Poweliks, Phase Bot and Kovter are moving away ..

http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE-%E2%80%93-A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE

What media companies don't want you to know about ad blockers

[...] Thompson did not say one word in his keynote address about the significant security benefits of ad blockers, which is ironic, because his paper was one of ..

http://www.cjr.org/opinion/ad_blockers_malware_new_york_times.php

Passwort-Cracker hashcat versucht sich an Android und VeraCrypt

Version 3.00 des Passwort-Knackers hashcat knackt weitere Dateiformate ..

http://heise.de/-3251874