[CERT-daily] Tageszusammenfassung - Dienstag 11-03-2014

Tue Mar 11 18:21:36 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 10-03-2014 18:00 − Dienstag 11-03-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** A clear-eyed guide to Mac OSs actual security risks ***
---------------------------------------------
Apple has improved its security in recent years, but is it enough?
---------------------------------------------
http://www.csoonline.com/article/749495/a-clear-eyed-guide-to-mac-os-s-actual-security-risks?source=rss_application_security


*** CanSecWest Presenter Self-Censors Risky Critical Infrastructure Talk ***
---------------------------------------------
Researcher Eric Filiol withdrew his presentation from this weeks CanSecWest conference because of concerns the information could be used to attack critical infrastructure worldwide.
---------------------------------------------
http://threatpost.com/cansecwest-presenter-self-censors-risky-critical-infrastructure-talk/104687


*** More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack ***
---------------------------------------------
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that's OK because it's a very serious issue for every website owner. Today I want to talk about a large DDOS attack that leveraged thousands of unsuspecting WordPress websites as indirect amplification vectors. Any WordPress site with XML-RPC enabled...
---------------------------------------------
http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html


*** Can this $70 dongle stem the epidemic of password breaches? ***
---------------------------------------------
Maybe not, but its approach could improve the security of password databases.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/TIJ7a8DsSVY/


*** Careto and OS X Obfuscation ***
---------------------------------------------
Last month, security researchers released a report about a targeted attack operation which they named Careto, or Mask in Spanish. The attack was noted for encoding its configuration data and encrypting its network traffic, making analysis more difficult. However, the capabilities of the Mac malware used in Careto was not as sophisticated as its Windows...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/tLQMNa8HgFc/


*** Saboteurs slip Dendroid RAT into Google Play ***
---------------------------------------------
Google quickly removed the malware, which was reportedly disguised as a legitimate parental control app, from its marketplace.
---------------------------------------------
http://www.scmagazine.com/saboteurs-slip-dendroid-rat-into-google-play/article/337607/


*** Ein Drittel aller Zertifikats-Herausgeber nur Security-Ballast ***
---------------------------------------------
Bei einer Untersuchung von 48 Millionen SSL-Zertifikaten stellten Forscher fest, dass jeder dritte Herausgeber kein einziges HTTPS-Zertifikat ausgestellt hat. Diese Schläfer-CAs sind ein beträchtliches Sicherheitsrisiko, das man leicht entschärfen könnte.
---------------------------------------------
http://www.heise.de/security/meldung/Ein-Drittel-aller-Zertifikats-Herausgeber-nur-Security-Ballast-2139451.html


*** Download: Threat Report ***
---------------------------------------------
Our Threat Report covering the second half of 2013 (with some forecasting of 2014) was released last week.Youll find it, and all of our previous reports in the Labs section of f-secure.com. On 10/03/14 At 06:24 PM
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002681.html


*** Verschlüsselung: Snowden empfiehlt Textsecure und Redphone ***
---------------------------------------------
Edward Snowden lobt in der Diskussion auf der SXSW Openwhispersystems und dessen Entwickler Moxie Marlinspike für die Veröffentlichung einfach zu nutzender Verschlüsselungstools.
---------------------------------------------
http://www.golem.de/news/verschluesselung-snowden-empfiehlt-textsecure-und-redphone-1403-105052-rss.html


*** iOS 7.1: Apple stopft zahlreiche Sicherheitslücken ***
---------------------------------------------
Mit dem jüngsten Update behebt Apple über zwei Dutzend teils kritische Fehler in seinem Mobilbetriebssystem. Ein Jailbreak ist nun nicht mehr möglich.
---------------------------------------------
http://www.heise.de/security/meldung/iOS-7-1-Apple-stopft-zahlreiche-Sicherheitsluecken-2139770.html


*** Team Cymrus SOHO Pharming Whitepaper ***
---------------------------------------------
UPDATE: Here is the video for our SOHO Pharming Update of March 11, 2014. This update discusses the results of our SOHO Pharming Whitepaper release as well as further developments on that topic. If youve navigated to this site from an external source and are seeking the download of the SOHO Pharming Whitepaper, please scroll down on this page. Thanks for watching and feel free to share with your colleagues and friends!
---------------------------------------------
https://www.team-cymru.com/ReadingRoom/Whitepapers/SOHOPharming.html


*** Microsoft Security Bulletin Summary for March 2014 ***
---------------------------------------------
This bulletin summary lists security bulletins released for March 2014.
With the release of the security bulletins for March 2014, this bulletin summary replaces the bulletin advance notification originally issued March 6, 2014.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms14-mar


*** Security updates available for Adobe Flash Player ***
---------------------------------------------
Adobe has released security updates for Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. These updates address important vulnerabilities, and Adobe recommends users update their product installations to the latest versions: ...
---------------------------------------------
http://helpx.adobe.com/security/products/flash-player/apsb14-08.html


*** TA14-069A: Microsoft Ending Support for Windows XP and Office 2003 ***
---------------------------------------------
Original release date: March 10, 2014 Systems Affected Microsoft Windows XP with Service Pack 3 (SP3) Operating SystemMicrosoft Office 2003 Products Overview Microsoft is ending support for the Windows XP operating system and Office 2003 product line on April 8, 2014. [1] After this date, these products will no longer receive:Security patches which help protect PCs from harmful viruses, spyware, and other malicious softwareAssisted technical support from MicrosoftSoftware and content updates...
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA14-069A-0


*** Asterisk - Multiple Vulnerabilities ***
---------------------------------------------
Asterisk PJSIP Channel Drive Bug Lets Remote Users Deny Service
Asterisk chan_sip File Descriptor Flaw Lets Remote Authenticated Users Deny Service
Asterisk HTTP Header Cookie Processing Overflow Lets Remote Users Deny Service
Asterisk PJSIP Channel Driver Subscription Handling Bug Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1029892
http://www.securitytracker.com/id/1029891
http://www.securitytracker.com/id/1029890
http://www.securitytracker.com/id/1029893


*** FreeType Buffer Overflow in CFF Driver Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1029895


*** D-Link DIR-600 Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/57304


*** D-Link DSL-2640U Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/57269


*** Bugtraq: Android Vulnerability: Install App Without User Explicit Consent ***
---------------------------------------------
http://www.securityfocus.com/archive/1/531394


*** IBM Security Bulletin: IBM SPSS SamplePower vsflex8l ActiveX Control ComboList Property Remote Code Execution Vulnerability (CVE-2014-0895) ***
---------------------------------------------
There is security vulnerability with an ActiveX control shipped by IBM SPSS SamplePower Version 3.0.1. This is corrected in the IBM SPSS SamplePower product Interim Fix.  CVE(s): CVE-2014-0895   Affected product(s) and affected version(s):    IBM SPSS SamplePower for Windows V3.0.1   Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21666790 X-Force Database:
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_spss_samplepower_vsflex8l_activex_control_combolist_property_remote_code_execution_vulnerability_cve_2014_0895?lang=en_us


*** IBM Security Bulletin: Download of Code Without Integrity Check vulnerability in IBM Security AppScan Standard (CVE-2014-0904) ***
---------------------------------------------
IBM Security AppScan Standard can be affected a vulnerability in the update process that could allow remote code injection.  CVE(s): CVE-2014-0904   Affected product(s) and affected version(s): IBM Security AppScan Standard 8.8   IBM Security AppScan Standard 8.7 IBM Security AppScan Standard 8.6 IBM Rational AppScan Standard 8.5 IBM Rational AppScan Standard 8.0 IBM Rational AppScan Standard 7.9    Refer to the following reference URLs for remediation and additional vulnerability details:
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_download_of_code_without_integrity_check_vulnerability_in_ibm_security_appscan_standard_cve_2014_0904?lang=en_us


*** HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability ***
---------------------------------------------
Potential vulnerabilities have been identified with HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment. The vulnerabilities could be exploited remotely affecting confidentiality, integrity and availability.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04135307


*** HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF) ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in disclosure of information or cross-site request forgery (CSRF).
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039138


*** HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), or disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04039150


*** HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS) ***
---------------------------------------------
A potential security vulnerability has been identified with HP-UX running NFS rpc.lockd. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04174142