[CERT-daily] Tageszusammenfassung - Freitag 4-07-2014

Fri Jul 4 18:03:32 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 03-07-2014 18:00 − Freitag 04-07-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Cisco Intelligent Automation for Cloud Form Data Viewer information disclosure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94177


*** VU#143740: Netgear GS108PE Prosafe Plus Switch contains hard-coded login credentials ***
---------------------------------------------
Netgear GS108PE Prosafe Plus Switch contains hard-coded login credentials that can be used for authenticating to the web server running on the device. The username is ..
---------------------------------------------
http://www.kb.cert.org/vuls/id/143740


*** MS14-JUL - Microsoft Security Bulletin Advance Notification for July 2014 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-JUL


*** Phishing: iPhone 6 und iWatch als Lockmittel ***
---------------------------------------------
Angreifer nutzen derzeit die Aufmerksamkeit rund um zukünftige Apple-Produkte, um Nutzer auf eine gefälschte Apple-Webseite zu locken. Die Aufmachung der Mail erinnert an offizielle Apple-Mitteilungen.
---------------------------------------------
http://www.heise.de/security/meldung/Phishing-iPhone-6-und-iWatch-als-Lockmittel-2249257.html


*** Security Bulletin: IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) Potential IPMI credentials Exposure (CVE-2014-0860) ***
---------------------------------------------
The administrative IPMI credentials for authenticating communications between the IBM BladeCenter Advanced Management Module (AMM), Integrated Management Module (IMM), and Integrated Management Module 2 (IMM2) are stored in plaintext within the AMM firmware binaries.  
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_bladecenter_advanced_management_module_amm_integrated_management_module_imm_and_integrated_management_module_2_imm2_potential_ipmi_credentials_exposure_cve_2014_0860?lang=en_


*** Dailymotion Compromised to Send Users to Exploit Kit ***
---------------------------------------------
Attackers made the popular video site redirect users to the Sweet Orange Exploit Kit.  On June 28, the popular video sharing website Dailymotion was compromised to redirect users to the Sweet Orange Exploit Kit. This exploit kit takes advantage of vulnerabilities in Java, Internet Explorer, and Flash Player. If the ..
---------------------------------------------
http://www.symantec.com/connect/blogs/dailymotion-compromised-send-users-exploit-kit


*** HP Universal Configuration Management Database Flaws Let Remote Users Obtain Information and Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030518


*** "Phishing wird vom seltenen Anlass zum Tagesgeschäft" ***
---------------------------------------------
Während immer mehr Phishing-Webseiten auftauchen, werden die angewandten Taktiken immer raffinierter. Opfer werden vermehrt persönlich angesprochen.
---------------------------------------------
http://futurezone.at/digital-life/phishing-wird-vom-seltenen-anlass-zum-tagesgeschaeft/73.217.168


*** Miniduke is back: Nemesis Gemina and the Botgen Studio ***
---------------------------------------------
In the wake of our publications from 2013, the Miniduke campaigns have stopped or at least decreased in intensity. However, in the beginning of 2014 they resumed attacks in full force, once again grabbing our attention. We believe its time to uncover more information on their operations.
---------------------------------------------
https://www.securelist.com/en/blog/208214341/Miniduke_is_back_Nemesis_Gemina_and_the_Botgen_Studio


*** phpinfo() Type Confusion Infoleak Vulnerability and SSL Private Keys ***
---------------------------------------------
In this post we will detail the phpinfo() type confusion vulnerability that we disclosed to PHP.net and show how it allows a PHP script to steal the private SSL key. We demonstrate this on a Ubuntu 12.04 LTS 32 bit default installation of PHP and mod_ssl. Unfortunately this kind of problem is not considered a security problem by PHP.net and therefore this security vulnerability does not have a CVE name assignet to it, yet.
---------------------------------------------
https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html