[CERT-daily] Tageszusammenfassung - Mittwoch 9-07-2014

Wed Jul 9 18:15:45 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 08-07-2014 18:00 − Mittwoch 09-07-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** "Weaponized" exploit can steal sensitive user data on eBay, Tumblr, et al. ***
---------------------------------------------
Google and Twitter already patched against potent "Rosetta Flash" attack.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/B_J-82SKyS4/


*** Who owns your typo?, (Wed, Jul 9th) ***
---------------------------------------------
Heres one way how to get at sensitive data that seems to be making a comeback. Already in the olden days, it was popular with the crooks to register domain names that only differed by a typo from the name of a legitimate high traffic site. Googl.com, for example. The crooks would then run web pages with lots of advertisements on these domains, and live happily ever after from the ad revenue that the misdirected typo traffic alone brought their way. Google put a stop to this by registering, for
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18363&rss


*** Exploiting IoT technologies ***
---------------------------------------------
How many Internet of Things (IoT) devices do you have? From smart TVs to coffee machines, these devices are becoming more and more popular in both homes and offices. A team of researchers at NCC Group, led by technical director, Paul Vlissidis, conducted research into a number of IoT devices and looked at some of the ways that an attacker could exploit them. The team, which also consisted of Pete Beck and Felix Ingram, principal consultants, conducted a live demonstration which explored the
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/07/exploiting-iot-technologies/


*** Who inherits your IP address?, (Wed, Jul 9th) ***
---------------------------------------------
Somewhat similar to the typo squatting story earlier, the recent proliferation of cloud service usage by enterprises has led to a new problem. For a project at a community college, we needed a couple servers, and didnt want (or have the funds) to build them on-site. In view of the limited duration of the experiment, we decided to "rent" the boxes as IaaS (infrastructure as a service) devices from two "cloud" providers. So far, all went well. But when we brought the instances
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18365&rss


*** Yahoo Patches Bugs in Mail, Messenger, Flickr ***
---------------------------------------------
Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks.
---------------------------------------------
http://threatpost.com/yahoo-fixes-trio-of-bugs-in-mail-messenger-flickr/107079


*** Trojan:W32/Lecpetex: Bitcoin miner spreading via FB messages ***
---------------------------------------------
In early March this year, while investigating various threats as part of our Facebook malware cleanup effort, we ran across an interesting one that was spreading in zipped files attached to messages.The messages themselves were classic social engineering bait that lead the users to install the executable file in the attachment, which turned out to be a Bitcoin miner, which we identify as Trojan:W32/Lecpetex. Some of the more interesting details of our analysis are presented in our Lecpetex
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002725.html


*** Indien stellte falsche Google-Zertifikate aus ***
---------------------------------------------
Erneut kam es zu einem schwerwiegenden Zwischenfall bei einem Herausgeber von SSL-Zertifikaten: Die staatlich betriebene CA von Indien hat unter anderem Zertifikate für Google-Dienste herausgegeben. Diese eignen sich zum Ausspähen von SSL-Traffic.
---------------------------------------------
http://www.heise.de/security/meldung/Indien-stellte-falsche-Google-Zertifikate-aus-2252544.html


*** DPAPI vulnerability allows intruders to decrypt personal data ***
---------------------------------------------
Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems.
---------------------------------------------
http://www.net-security.org/secworld.php?id=17094


*** ATTACK of the Windows ZOMBIES on point-of-sale terminals ***
---------------------------------------------
Infosec bods infiltrate botnet, uncover crap password security Security watchers have spotted a fresh Windows-based botnet that attempts to hack into point-of-sale systems.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/07/09/botnet_brute_forces_pos/


*** Security updates available for Adobe Flash Player (APSB14-17) ***
---------------------------------------------
July 8, 2014
---------------------------------------------
http://blogs.adobe.com/psirt/?p=1108


*** MS14-JUL - Microsoft Security Bulletin Summary for July 2014 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-JUL


*** Assessing risk for the July 2014 security updates ***
---------------------------------------------
Today we released six security bulletins addressing 29 unique CVE's. Two bulletins have a maximum severity rating of Critical, three have maximum severity Important, and one is Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2014/07/08/assessing-risk-for-the-july-2014-security-updates.aspx


*** VMSA-2014-0006.6 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html


*** Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-Site Scripting Vulnerability ***
---------------------------------------------
CVE-2014-3313
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3313


*** Yokogawa Centum Buffer Overflow Vulnerability ***
---------------------------------------------
Advisory Document
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01


*** DSA-2974 php5 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2974


*** DSA-2973 vlc ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-2973


*** HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Operations Analytics. The vulnerability could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04363613


*** ABB Relion 650 Series OpenSSL Vulnerability (Update A) ***
---------------------------------------------
Advisory Document
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-126-01A


*** Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerability ***
---------------------------------------------
CVE-2014-3309
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3309


*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-14:17.kmem ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532698


*** Juniper Security Bulletins ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10634&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10633&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10638&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10637&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10641&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10635&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10613&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10640&actp=RSS


*** IBM Security Bulletin: IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL ***
---------------------------------------------
IBM InfoSphere Guardium System x/Flex Systems appliances are affected by vulnerabilities in OpenSSL (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470)  Security vulnerabilities have been discovered in OpenSSL.  CVE(s): CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-5298  Affected product(s) and affected version(s):       Hardware versions affected: InfoSphere Guardium Collector X1000 InfoSphere
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_infosphere_guardium_system_x_flex_systems_appliances_are_affected_by_vulnerabilities_in_openssl?lang=en_us


*** IBM Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerability (CVE-2014-0191) ***
---------------------------------------------
Denial-Of-service vulnerability has been discovered in Libxml2 that was reported on May 09, 2014  CVE(s): CVE-2014-0191  Affected product(s) and affected version(s):   Rational Systems Tester   3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5, 3.3.0.6, 3.3.0.7    Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21678183 X-Force Database: http://xforce.iss.net/xforce/xfdb/93092
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_systems_tester_is_affected_by_libxml2_vulnerability_cve_2014_0191?lang=en_us