[CERT-daily] Tageszusammenfassung - Montag 5-05-2014

Mon May 5 18:30:47 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 02-05-2014 18:00 − Montag 05-05-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Lnk files in Email Malware Distribution ***
---------------------------------------------
Recently I have noticed more use of .lnk files used in malware distribution via email. These files are Windows Shortcut files, typically used for shortcuts on your system, such as on your desktop. The use of .lnk files in emails is not new, but a recent sample caught my eye and I took a closer look. The original email, as it would appear to the recipient, looked like this, purporting to be from an individual at Automatic Data Processing, and containing what looks to be a PDF document and a ZIP
---------------------------------------------
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/VEYzrNB7xos/lnk-files-in-email-malware-distribution.html


*** PHP Updated to Fix OpenSSL Flaws, Other Bugs ***
---------------------------------------------
The maintainers of PHP have released two new versions of the scripting language that fix a number of bugs, including a pair of vulnerabilities related to OpenSSL. Versions 5.4.28 and 5.5.12 both contain that important patch, as well as fixes for more than a dozen other vulnerabilities. The fix for the OpenSSL flaws is in both...
---------------------------------------------
http://threatpost.com/php-updated-to-fix-heartbleed-other-bugs/105867


*** iOS 7 Update Silently Removes Encryption For Email Attachments ***
---------------------------------------------
An anonymous reader writes "Apple has removed encrypted email attachments from iOS 7. Apple said back in June 2010 in regards to iOS 4.0: Data protection is available for devices that offer hardware encryption, including iPhone 3GS and later, all iPad models, and iPod touch (3rd generation and later). Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/FyN_d8fBQgo/story01.htm


*** Attack Prediction: Malicious gTLD Squatting May Be The Next Big Threat ***
---------------------------------------------
Late last year, ICANN began expanding the generic Top-Level Domains (gTLDs). In addition to the standard .COM, .ORG, and .NET TLDs, over 1,300 new names could become available in the next few years. These new gTLDs and internationalized domain names (IDNs) are awesome ideas if you think about the creativity sparked around the names one can possibly register.
---------------------------------------------
http://labs.opendns.com/2014/04/23/malicious-gtld-squatting/


*** Spear Phishing Emails: A Psychological Tactic of Threat Actors ***
---------------------------------------------
By exploiting network security vulnerabilities, today's generation of threat actors are able to install advanced polymorphic malware to steal data and damage reputations. But their manipulation efforts aren't limited to codes and machines - they extend to people, too.
---------------------------------------------
http://www.seculert.com/blog/2014/05/spear-phishing-emails-a-psychological-tactic-of-threat-actors.html


*** Evolution of Encrypting Ransomware ***
---------------------------------------------
Recently we've seen a big change in the encrypting ransomware family and we're going to shed light on some of the newest variants and the stages of evolution that have led the high profile malware to where it is today. For those that aren't aware of what encrypting ransomware is, its a cryptovirus that encrypts all your data from local hard drives, network shared drives, removable hard drives and USB. The encryption is done using an RSA -2048 asymmetric public key which makes...
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/hp9iym0nxN0/


*** Symantec Critical System Protection for Windows Default Policy Bypass ***
---------------------------------------------
Revisions None Severity Symantec does not believe that this bypass represents Symantec Critical System Protection (SCSP) vulnerability. The policy bypass ...
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140502_00


*** Bugtraq: [ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532008


*** Vuln: F5 Networks BIG-IQ Remote Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/67191


*** F5 BIG-IQ 4.1.0.2013.0 Password Change Exploit ***
---------------------------------------------
Topic: F5 BIG-IQ 4.1.0.2013.0 Password Change Exploit Risk: High Text:## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-fr...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014050012


*** OpenSSL Null Pointer Dereference in do_ssl3_write() Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030188


*** [webapps] - Seagate BlackArmor NAS - Multiple Vulnerabilities ***
---------------------------------------------
http://www.exploit-db.com/exploits/33159


*** Vuln: WordPress NextCellent Gallery Plugin CVE-2014-3123 Multiple Cross Site Scripting Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/67085


*** IBM Tivoli Netcool/Portal vulnerable to CVE-2014-0160 & CVE-2014-0076 ***
---------------------------------------------
Security vulnerabilities have been discovered in OpenSSL.  CVE(s): CVE-2014-0160 and CVE-2014-0076  Affected product(s) and affected version(s):  IBM Tivoli Netcool/Portal 2.1.2    Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21671783 X-Force Database: http://xforce.iss.net/xforce/xfdb/92322 X-Force Database: http://xforce.iss.net/xforce/xfdb/91990
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_tivoli_netcool_portal_vulnerable_to_cve_2014_0160_cve_2014_0076?lang=en_us


*** IBM Security Bulletin: Multiple OpenSSL vulnerabilities in Tivoli Endpoint Manager for Remote Control. (CVE-2013-4353,CVE-2013-6449) ***
---------------------------------------------
Security vulnerabilities exist in the version of OpenSSL shipped with Tivoli Endpoint Manager for Remote Control.  CVE(s): CVE-2013-4353 and CVE-2013-6449  Affected product(s) and affected version(s):   Tivoli Endpoint Manager for Remote Control version 8.2.1.      Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21669040 X-Force Database: http://xforce.iss.net/xforce/xfdb/90201 X-Force
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_openssl_vulnerabilities_in_tivoli_endpoint_manager_for_remote_control_cve_2013_4353_cve_2013_6449?lang=en_us


*** Bugtraq: [HP security bulletins] ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532002
http://www.securityfocus.com/archive/1/532001
http://www.securityfocus.com/archive/1/532003
http://www.securityfocus.com/archive/1/532004
http://www.securityfocus.com/archive/1/532007
http://www.securityfocus.com/archive/1/532010
http://www.securityfocus.com/archive/1/532011
http://www.securityfocus.com/archive/1/532012
http://www.securityfocus.com/archive/1/532013
http://www.securityfocus.com/archive/1/532014
http://www.securityfocus.com/archive/1/532022
http://www.securityfocus.com/archive/1/532023