[CERT-daily] Tageszusammenfassung - Dienstag 19-08-2014

Tue Aug 19 18:12:38 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 18-08-2014 18:00 − Dienstag 19-08-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** New Attack Binds Malware in Parallel to Software Downloads ***
---------------------------------------------
Open source software distribution systems that lack security processes and integrity checks are prone to a new attack that binds malware to a download without modifying the original application.
---------------------------------------------
http://threatpost.com/new-attack-binds-malware-in-parallel-to-software-downloads/107800


*** Microsofts Windows 8 App Store Is Full of Scamware ***
---------------------------------------------
Deathspawner writes Windows 8 brought a lot to the table, with one of its most major features being its app store. However, its not a feature that Microsoft seems too intent on keeping clean. As it is today, the store is completely littered with misleading apps and outright scamware. The unfortunate thing is that ..
---------------------------------------------
http://beta.slashdot.org/story/206067


*** Virenscanner: Testlabor analysiert das fehlende Prozent ***
---------------------------------------------
In Labortests erkennen fast alle Virenscanner stets über 99 Prozent der Schädlinge. Doch genau das fehlende Prozent kann den Unterschied machen, wie die Verbreitung der durchgeschlüpften Dateien zeigt.
---------------------------------------------
http://www.heise.de/security/meldung/Virenscanner-Testlabor-analysiert-das-fehlende-Prozent-2293206.html


*** Part 2: Is your home network unwittingly contributing to NTP DDOS attacks?, (Sun, Aug 17th) ***
---------------------------------------------
This diary follows from Part 1, published on Sunday August 17, 2014.  How is it possible that with no port forwarding enabled through the firewall that Internet originated NTP requests were getting past the firewall to the misconfigured NTP server? The reason why these packets are passing ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18549&rss


*** Stuxnet: Geschlossene Sicherheitslücke gefährdet noch immer Millionen ***
---------------------------------------------
Experten führen die hohen Zahlen auf eine mangelnde Wartung von Servern zurück
---------------------------------------------
http://derstandard.at/2000004498863


*** APT Gang Branches Out to Medical Espionage in Community Health Breach ***
---------------------------------------------
The Community Health Systems data breach has been tied to a Chinese APT gang that has branched out to medical espionage, stealing patient data in an effort to target intelligence on medical device development.
---------------------------------------------
http://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828


*** Multipe vulnerabilities in EMC Documentum products ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533161
http://www.securityfocus.com/archive/1/533160
http://www.securityfocus.com/archive/1/533159
http://www.securityfocus.com/archive/1/533162


*** DSA-3006 xen ***
---------------------------------------------
http://www.debian.org/security/2014/dsa-3006


*** FreeNAS password security bypass ***
---------------------------------------------
FreeNAS could allow a remote attacker to bypass security restrictions, caused by the use of a blank password by the Web admin. An attacker could exploit this vulnerability to reset the admin password and gain full administrative access to the device.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95326


*** Apache HttpComponents certificate spoofing ***
---------------------------------------------
Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a ..
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95327


*** Cisco NX-OS Software SNMP Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in the Simple Network Management Protocol (SNMP) module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID. An attacker could exploit this vulnerability by making a large number of requests to ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341