End-of-Day report
Timeframe:   Freitag 14-07-2017 18:00 − Montag 17-07-2017 18:00
Handler:     Stefan Lenzhofer
Co-Handler:  Stephan Richter
       News      
∗∗∗ The Week in Ransomware - July 14th 2017 - NemucodAES, LeakerLocker, and More ∗∗∗
It has been a slow week in terms of new releases, which is always a good thing. Still lots of small crapware being released that will never have much wide distribution. We also have some good news, which is the release of a NemucodAES decryptor by Emsisoft. This allows victims of this ransomware to get their files back for free. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-14th-2017-nemucodaes-leakerlocker-and-more/
∗∗∗ We Tested More than 50 Free Security Tools so You can Use Them for Your Online Protection ∗∗∗
The idea that we should create a gargantuan list of cyber security tools started to spring in our minds around the beginning of this year. We started from a simple idea: It should be useful. We need it. You need it. It will come in handy in the future, to have all those tools in […]
https://heimdalsecurity.com/blog/free-cyber-security-tools-list/
∗∗∗ Popular Chrome Extension Sold To New Dev Who Immediately Turns It Into Adware ∗∗∗
An anonymous reader writes: A company is going around buying abandoned Chrome extensions from their original developers and converting these add-ons into adware. The latest case is the Particle for YouTube Chrome extension, a simple tool that allows users to change the UI and behavior of some of YouTubes standard features. Because Google was planning major changes to YouTubes UI, the extensions original author decided to retire it and create a new one. This is when the a mysterious company
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/StqZHG6JsVY/popular-chrome-extension-sold-to-new-dev-who-immediately-turns-it-into-adware
∗∗∗ Petya From The Wire: Detection using IDPS ∗∗∗
Most malware that traverses a network do so with specific indicators, some of which look like legitimate network traffic and others that are completely unique to the malware. A single IDPS signature can have high confidence of detecting an infection...
http://trustwave.com/Resources/SpiderLabs-Blog/Petya-From-The-Wire--Detection-using-IDPS/
∗∗∗ Gandi.net: Angreifer klaut interne Login-Daten und leitet Domains auf Malware um ∗∗∗
Ein Angreifer hat die Login-Daten des französischen Registrars Gandi.net für einen seiner technischen Provider erlangt und 751 DNS-Einträge manipuliert, damit sie auf eine schädliche Website umleiten.
https://heise.de/-3772259
∗∗∗ DDoS-Angriffe: Hacker flooden liebsten am Wochenende und abends ∗∗∗
In seinem aktuellen DDoS-Report katalogisiert die deutsche Sicherheitsfirma Link11 die Distributed-Denial-of-Service-Angriffe auf Unternehmen der DACH-Region. Der Bericht legt nahe, dass solche Angriffe nach wie vor viel Schaden in Unternehmen anrichten.
https://heise.de/-3773640
∗∗∗ Jetzt patchen: FreeRADIUS stopft Sicherheitslücken ∗∗∗
Wer den beliebten Open-Source-RADIUS-Server FreeRADIUS verwendet, sollte Updates einspielen. Über Sicherheitslücken können Angreifer aus der Ferne Schadcode zur Ausführung bringen.
https://heise.de/-3773875
∗∗∗ Keeping up with the Petyas: Demystifying the malware family ∗∗∗
Last June 27, there was a huge outbreak of a Petya-esque malware with WannaCry-style infector in the Ukraine. Since there is still confusion about how exactly this malware is linked to the original Petya, we have prepared this small guide on the background of the Petya family.Categories: CybercrimeMalwareTags: Anti-RansomwareEternalPetyaGoldeneye ransomwaregreen petyajanusMischa ransomwareNotPetyaPetrwrappetya originsPetya ransomwareransomwarered petya(Read more...)The post Keeping up with the
https://blog.malwarebytes.com/cybercrime/2017/07/keeping-up-with-the-petyas-demystifying-the-malware-family/
   Advisories    
∗∗∗ DSA-3911 evince - security update ∗∗∗
Felix Wilhelm discovered that the Evince document viewer made insecureuse of tar when opening tar comic book archives (CBT). Opening amalicious CBT archive could result in the execution of arbitrary code.This update disables the CBT format entirely.
https://www.debian.org/security/2017/dsa-3911
∗∗∗ DSA-3910 knot - security update ∗∗∗
Clément Berthaux from Synaktiv discovered a signature forgery vulnerability inknot, an authoritative-only DNS server. This vulnerability allows an attackerto bypass TSIG authentication by sending crafted DNS packets to a server.
https://www.debian.org/security/2017/dsa-3910
∗∗∗ DSA-3909 samba - security update ∗∗∗
Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutualauthentication bypass vulnerability in samba, the SMB/CIFS file, print, andlogin server. Also known as Orpheus Lyre, this vulnerability is located inSamba Kerberos Key Distribution Center (KDC-REP) component and could be used byan attacker on the network path to impersonate a server.
https://www.debian.org/security/2017/dsa-3909
∗∗∗ WordPress Download Manager <= 2.9.49 - Cross-Site Scripting (XSS) ∗∗∗
https://wpvulndb.com/vulnerabilities/8856
∗∗∗ WP-Members <= 3.1.7 - Authenticated Cross-Site Scripting (XSS) ∗∗∗
https://wpvulndb.com/vulnerabilities/8858
∗∗∗ WordPress Download Manager <= 2.9.50 - Open Redirect ∗∗∗
https://wpvulndb.com/vulnerabilities/8857