Tageszusammenfassung - Dienstag 25-08-2015

End-of-Shift report

Timeframe: Montag 24-08-2015 18:00 − Dienstag 25-08-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a

Signed Dridex Campaign

Malware authors use various means to make their malware look similar to legitimate software. One such approach involves signing a malware sample with a digital certificate. Recently we saw Dridex malware authors using this technique while ..

http://research.zscaler.com/2015/08/signed-dridex-campaign.htm

---

AlienSpy RAT Resurfaces as JSocket

The dismantled AlientSpy remote access Trojan, the same malware found on the phone of dead Argentine prosecutor Alberto Nisman, has resurfaced with new crypto and a new name.

http://threatpost.com/alienspy-rat-resurfaces-as-jsocket/114385

---

Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=40652

---

RTF Exploit Installs Italian RAT: uWarrior

Unit 42 researchers have observed a new Remote Access Tool (RAT) constructed by an unknown actor of Italian origin. This RAT, referred to as uWarrior because of embedded PDB strings, has been previously described ..

http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-rat-uwarrior/

---

Multiple vulnerabilities in Hewlett-Packard KeyView IDOL

http://www.zerodayinitiative.com/advisories/ZDI-15-405 http://www.zerodayinitiative.com/advisories/ZDI-15-404 http://www.zerodayinitiative.com/advisories/ZDI-15-403 http://www.zerodayinitiative.com/advisories/ZDI-15-402 http://www.zerodayinitiative.com/advisories/ZDI-15-401 http://www.zerodayinitiative.com/advisories/ZDI-15-400 http://www.zerodayinitiative.com/advisories/ZDI-15-399 http://www.zerodayinitiative.com/advisories/ZDI-15-398 http://www.zerodayinitiative.com/advisories/ZDI-15-397

---

Ask Sucuri: How Did My WordPress Website Get Hacked?

With the proliferation of Infrastructure and Platform as a Service providers, it is no surprise that a majority of today's websites are hosting in the proverbial cloud. This is great because it allows organizations and individuals alike to quickly deploy their websites, with relatively little overhead ..

https://blog.sucuri.net/2015/08/ask-sucuri-how-did-my-wordpress-website-get-hacked-a-tutorial.html

---

What I learned from cracking 4000 Ashley Madison passwords

When the Ashley Madison database first got dumped, there was an interesting contingent of researchers talking about how pointless it would be to crack the passwords, ..

http://www.pxdojo.net/2015/08/what-i-learned-from-cracking-4000.html

---

Browsefox variant High Stairs

https://blog.malwarebytes.org/security-threat/2015/08/browsefox-variant-high-stairs/

---

Datenschutz: Ashley Madison wusste von gravierenden Sicherheitsmängeln

Einige Wochen vor dem Angriff des Impact Teams warnten interne Sicherheitsexperten vor gravierenden Mängeln in der Infrastruktur der Webseite.

http://www.golem.de/news/datenschutz-ashley-madison-wusste-von-gravierenden-sicherheitsmaengeln-1508-115931.html

---

Ashley Madison: Gehackte Seitensprung-Site hackte eigene Konkurrenz

Die Dating-Webseite, die vor kurzem Opfer eines Hacker-Angriffs und Datenleck wurde, hat vor einigen Jahren selbst eine Konkurrenzplattform angegriffen. Dabei soll der Technikchef von Ashley Madison die Datenbank der Konkurrenz kopiert haben.

http://heise.de/-2790189

---

Are Data Breaches Getting Larger?

This research says that data breaches are not getting larger over time. "Hype and Heavy Tails: A Closer Look at Data Breaches," by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest: Abstract: Recent widely publicized data breaches have ..

https://www.schneier.com/blog/archives/2015/08/are_data_breach.html

---

You are the weakest link - goodbye!

On my first visit to Team Cymru's HQ in Lake Mary, Florida, I found myself reading the wall hangings and looking at the pictures depicting specific times in history. Many of them depicting the inspiring words of leaders such as Churchill. It lead me to think about the many lessons that can we learn from ..

https://blog.team-cymru.org/2015/08/you-are-the-weakest-link-goodbye/

---

Github Mitigates DDoS Attack

Github said it turned back a distributed denial of service attack; it's unknown whether this attack is related to a similar attack this March.

http://threatpost.com/github-mitigates-ddos-attack/114403

---

Gehackter Samsung-Kühlschrank verrät Gmail-Anmeldedaten

Auf der Hackerkonferenz DEFCON wurde eine Methode präsentiert, mit der ein Kühlschrank-Modell von Samsung dazu gebracht werden kann, Gmail-Log-ins zu verraten.

http://futurezone.at/digital-life/gehackter-samsung-kuehlschrank-verraet-gmail-anmeldedaten/148.990.168

---

Certifi-Gate: Missbräuchliche App im Google Play Store entdeckt

Sicherheitsforscher präsentierten vor wenigen Wochen eine Schwachstelle, die Fernverwaltungs-Software wie Teamviewer betrifft. Im Nachgang fanden die Forscher eine App in Googles Play Store, die genau diese Schwäche ausnutzt.

http://heise.de/-2790706