[CERT-daily] Tageszusammenfassung - Dienstag 22-07-2014

Tue Jul 22 18:09:40 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 21-07-2014 18:00 − Dienstag 22-07-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Retefe Bankentrojaner ***
---------------------------------------------
Die meisten [...] Bankentrojaner basieren auf technisch betrachtet ziemlich komplexen Softwarekomponenten: Verschlüsselte Konfigurationen, Man-in-the-Browser-Funktionalität, Persistenz- und Updatemechanismen, um einige zu nennen. Im letzten halben Jahr hat sich eine gänzlich neue Variante behauptet, welche erst im Februar 2014 einen Namen erhielt: Retefe.
---------------------------------------------
http://securityblog.switch.ch/2014/07/22/retefe-bankentrojaner/


*** IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches ***
---------------------------------------------
IBM recently patched a handful of vulnerabilities in some of its KVM switches that if exploited, could have given an attacker free reign over any system attached to it.
---------------------------------------------
http://threatpost.com/ibm-fixes-code-execution-cookie-stealing-vulnerabilities-in-switches/107339


*** Mobile App Wall of Shame: CNN App for iPhone ***
---------------------------------------------
The CNN App for iPhone is one of the most popular news applications available for the iPhone. At present, it is sitting at #2 in the iTunes free News app category and #165 among all free apps. Along with providing news stories, alerts and live video, it also includes iReport functionality, allowing...
---------------------------------------------
http://research.zscaler.com/2014/07/cnn-app-for-iphone.html


*** OWASP Zed Attack Proxy, (Mon, Jul 21st) ***
---------------------------------------------
Affectionately know as ZAP the OWASP Zed Attack Proxy in an excellent web application testing tool. It finds its way into the hands of experienced penetration testers, newer security administrators, vulnerability assessors, as well as auditors and the curious. One of the reasons for its popularity is the ease of use and the extensive granular capability to examine transactions. While some may know ZAP as a fork or successor to the old Paros proxy,it is so much more. Roughly 20% of the code base...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18421&rss


*** Old and Persistent Malware ***
---------------------------------------------
User error is the best reason to explain why Excel spreadsheets infected with the Laroux macro virus have been published on the China Securities Regulatory Commission website (csrc.gov.cn). The commission regulates China's financial markets and provides an online law library on their website where visitors can download various files and texts. Two of the files available in the library contain the MSEXcel.Laroux virus.
---------------------------------------------
https://blogs.cisco.com/security/old-and-persistent-malware/


*** FakeNet Malware Analysis ***
---------------------------------------------
FakeNet is a tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware's network activity from within a safe environment.
---------------------------------------------
http://www.ehacking.net/2014/07/fakenet-malware-analysis.html


*** Cisco-Routerlücke: Der mysteriöse Vorab-Patch ***
---------------------------------------------
Die kritische Sicherheitslücke, die neun Router und Kabelmodems von Cisco verwundbar für Angriffe aus dem Netz macht, ist bei deutschen Providern vor Jahren mit einem Update geschlossen worden. Allerdings bleibt unklar, warum Cisco den Fix erst jetzt öffentlich machte.
---------------------------------------------
http://www.heise.de/security/meldung/Cisco-Routerluecke-Der-mysterioese-Vorab-Patch-2264271.html


*** App "telemetry", (Tue, Jul 22nd) ***
---------------------------------------------
ISC reader James had just installed "Foxit Reader" on his iPhone, and had answered "NO" to the "In order to help us improve Foxit Mobile PDF, we would like to collect anonymous usage data..." question, when he noticed his phone talking to China anyway. The connected-to site was alog.umeng.com, 211.151.151.7. Umeng is an "application telemetry" and online advertising company. Below is what was sent (some of the ids are masked or have been obfuscated)  I
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18425&rss


*** Massive Malware Infection Breaking WordPress Sites ***
---------------------------------------------
The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly injected which is causing websites to break. While we're still researching, we do want to share share some observations: This infection is aimed at websites built on the...
---------------------------------------------
http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html


*** Privacy Badger Extension Blocks Tracking Through Social Icons ***
---------------------------------------------
Online tracking has been a thorny problem for years, and as Web security companies, browser vendors and users have become more aware of the problem and smarter about how to defend themselves, ad companies and trackers have responded in kind. The advent of social networks has made it far easier for tracking companies to monitor user behavior across...
---------------------------------------------
http://threatpost.com/privacy-badger-extension-blocks-tracking-through-social-icons/107348


*** [webapps] - MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities ***
---------------------------------------------
http://www.exploit-db.com/exploits/34128


*** Apache Multiple Flaws Let Remote Users Deny Service or Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030615


*** Tenable Nessus Access Control Flaw in Web UI Lets Remote Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1030614


*** Apache Scoreboard / Status Race Condition ***
---------------------------------------------
Topic: Apache Scoreboard / Status Race Condition Risk: Medium Text:Hi there, --[ 0. Sparse summary Race condition between updating ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070114


*** HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Autonomy IDOL. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04370307


*** Moodle rubric/advanced grading cross-site scripting ***
---------------------------------------------
Moodle rubric/advanced grading cross-site scripting
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94724


*** OleumTech WIO Family Vulnerabilities ***
---------------------------------------------
Security researchers Lucas Apa and Carlos Mario Penagos Hollman of IOActive have identified multiple vulnerabilities in OleumTech's WIO family including the sensors and the DH2 data collector. The researchers have coordinated the vulnerability details with NCCIC/ICS-CERT and OleumTech in hopes the vendor would develop security patches to resolve these vulnerabilities. While ICS-CERT has had many discussions with both OleumTech and IOActive this past year, there has not been consensus...
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01


*** Bugtraq: Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532857