[CERT-daily] Tageszusammenfassung - Montag 22-12-2014

Mon Dec 22 18:07:34 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 19-12-2014 18:00 − Montag 22-12-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** TA14-353A: Targeted Destructive Malware ***
---------------------------------------------
Original release date: December 19, 2014 Systems Affected Microsoft Windows Overview US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities targeting a major entertainment ..
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA14-353A


*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8019
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8007
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3410
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018


*** iTwitter <= 0.04 - XSS & CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7729


*** Network Time Protocol Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for multiple vulnerabilities within the Network Time Protocol (NTP).
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-353-01


*** Post to Twitter <= 0.7 CSRF & XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7730


*** Which NTP Servers do You Need to Patch? ***
---------------------------------------------
While people generally know where their real NTP servers are, all to often they dont know that theyve got a raft of accidental NTP servers - boxes that have NTP enabled without the system maintainers knowing about it. Common servers ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19095


*** Tor-Projekt wappnet sich gegen möglichen Angriff ***
---------------------------------------------
Das Tor-Projekt befürchtet eine Beschlagnahmung wichtiger Infrastruktur-Server, die das Anonymisierungsnetz unbenutzbar machen könnte. Einem anonymen Tipp zufolge stehe diese schon in wenigen Tagen bevor.
---------------------------------------------
http://www.heise.de/security/meldung/Tor-Projekt-wappnet-sich-gegen-moeglichen-Angriff-2505057.html


*** Compromised Wordpress sites serving multiple malware payloads ***
---------------------------------------------
During our daily log monitoring process, we observe many interesting threat events. One such event led to a compromised WordPress site campaign, which was found to serve multiple malware families including Upatre/Hencitor/Extrat Xtreme ..
---------------------------------------------
http://research.zscaler.com/2014/12/compromised-wordpress-sites-serving.html


*** Neue NTP-Versionen fixen Fehler im Zeit-Server ***
---------------------------------------------
Mit nur einem Paket könnte ein Angreifer Zeit-Server mit dem NTP-Dienst übernehmen. Admins sollten ihre Konfiguration checken und bei Bedarf das Abhilfe versprechende Update so schnell wie möglich einspielen.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-NTP-Versionen-fixen-Fehler-im-Zeit-Server-2505113.html


*** Südkorea führt Übungen zur Hacker-Abwehr an Atomkraftwerken durch ***
---------------------------------------------
Nach der Enthüllung geschützter Informationen über zwei südkoreanische Atomreaktoren im Internet hat der Betreiber eine zweitägige Übungen zur Abwehr von Cyber-Attacken begonnen. Die Übungen würden an vier von 23 Reaktorstandorten im Land durchgeführt, teilte eine Sprecherin der staatlichen Koreanischen Wasser- und Atomenergie-Gesellschaft (KHNP) am Montag mit.
---------------------------------------------
http://derstandard.at/2000009692066


*** Pattern-Based Approach for In-Memory ShellCodes Detection ***
---------------------------------------------
Introduction During an analysis, it can be really useful to know some common instructions with which malware, and more specifically shellcodes, achieve their goals. As we can imagine, these sets of common instructions could be used ..
---------------------------------------------
http://resources.infosecinstitute.com/pattern-based-approach-memory-shellcodes-detection/


*** Is this URL safe? Hiding Malware in Plain Sight From Online Scanners ***
---------------------------------------------
There are serveral sites which offer scanning a URL for malware. One should expect that these sites emulate a real browser good enough so that their rating can be trusted. Unfortunatly this is not the case.
---------------------------------------------
http://noxxi.de/research/content-encoding-online-scanner.html


*** Mikl-Leitner will Cybercrime-Gesetz bis 2018 ***
---------------------------------------------
Ein Cybercrime-Gesetz soll bis zum Ende dieser Legislaturperiode, also 2018, beschlossen werden. Dieses Ziel nannte Innenministerin Johanna Mikl-Leitner (ÖVP) bei einer Pressekonferenz am Montag in Wien. Anlass war die Präsentation der Erkenntnisse aus einem Planspiel, bei dem es um einen Hackerangriff auf den Flughafen Wien und einen Erpressungsversuch mit terroristischem Hintergrund ging.
---------------------------------------------
http://derstandard.at/2000009710328


*** PHP 5.6.3 unserialize() execute arbitrary code ***
---------------------------------------------
A while ago the function "process_nested_data" was changed to better
handle object properties. Before it was possible to create numeric
object properties which would cause ..
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120160