[CERT-daily] Tageszusammenfassung - Donnerstag 13-11-2014

Thu Nov 13 18:07:28 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 12-11-2014 18:00 − Donnerstag 13-11-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** DNSSEC mit zu kurzen RSA-Schlüsseln ***
---------------------------------------------
Unter anderem bei DNSSEC kommen noch sehr oft RSA-Schlüssel mit 1024 Bit zum Einsatz. Das könnte noch gefährlicher sein, als bisher angenommen, warnen Kryptologen.
---------------------------------------------
http://www.heise.de/security/meldung/DNSSEC-mit-zu-kurzen-RSA-Schluesseln-2449480.html


*** Microsoft Patchday November 2014 ***
---------------------------------------------
Normalerweise schreiben wir nichts über die monatlichen Patchdays von Microsoft: wir schreiben ja auch nicht, wenn ein heller Feuerball in der Früh im Osten über den Horizont steigt. Fast jeder IT Verantwortliche kennt das monatliche Spiel: Lesen, bewerten, eventuell testen dann der Rollout der Patches auf Server und Clients. Dieses ..
---------------------------------------------
http://www.cert.at/services/blog/20141112130155-1300.html


*** Evolution of Upatre Trojan Downloader ***
---------------------------------------------
Upatre is a Trojan Downloader family that once installed, is responsible for stealing information and downloading additional malware onto the victim machine. It typically arrives via spammed e-mail messages from the Cutwail Botnet, either as an attachment or via a URL pointing to a remote hosting site. We are also seeing Exploit Kits being used as a vector for Upatre infections in the wild.
---------------------------------------------
http://research.zscaler.com/2014/11/evolution-of-upatre-trojan-downloader.html


*** SA-CONTRIB-2014-109 - Freelinking - Cross Site Scripting (XSS) ***
---------------------------------------------
The Freelinking module implements a filter framework for easier creation of HTML links to other pages on the site or to external sites. The module does not sanitize the node title when providing a link to the node, opening a Cross Site Scripting (XSS) vulnerability.
---------------------------------------------
https://www.drupal.org/node/2373981


*** SA-CONTRIB-2014-108 - Webform Component Roles - Access Bypass ***
---------------------------------------------
The Webform component module enables site admins to limit visibility or editability of webform components based on user roles. The module doesn't sufficiently check that disabled component values are not modified upon submission of the form.
---------------------------------------------
https://www.drupal.org/node/2373973


*** SA-CONTRIB-2014-107 - Scheduler - Cross Site Scripting ***
---------------------------------------------
The Scheduler module allows nodes to be published and unpublished on specified dates. The module allows administrators to provide additional help text on the content editing form when scheduling is enabled. The module doesn't sufficiently filter the help text which could lead to a Cross Site Scripting (XSS) attack. This vulnerability is mitigated by the fact that an ..
---------------------------------------------
https://www.drupal.org/node/2373961


*** Annus HORRIBILIS! ALL the main TLS stacks now officially pwned in 2014 ***
---------------------------------------------
Critical crypto 0-day not the worst of mega Nov patch batch The appearance of a critical vuln in Microsoft SChannel - patched as part of this years bumper November Patch Tuesday - means that every major TLS stack has now fallen to a critical flaw at some time during this year.
---------------------------------------------
http://www.theregister.co.uk/2014/11/12/ms_crypto_library_megaflaw/


*** Use Protection if Peering Promiscuously ***
---------------------------------------------
Last week, I wrote a blog post discussing the dangers of BGP routing leaks between peers, illustrating the problem using examples of recent snafus between China Telecom and Russia’s Vimpelcom.  This follow-up blog post provides three additional examples of misbehaving peers and further demonstrates the impact unmonitored routes can have on Internet performance ..
---------------------------------------------
http://research.dyn.com/2014/11/use-protection-if-peering-promiscuously/


*** Microsoft stopft ein fast zwei Jahrzehnte altes Sicherheitsloch ***
---------------------------------------------
Microsoft hat eine seit fast zwei Jahrzehnten existierende Sicherheitslücke in seinem Windows-Betriebssystem gestopft. Microsoft stufte das Problem in einem am Mittwoch veröffentlichten Sicherheitshinweis als "ernst" ein und stellte ein Update zur Verfügung.
---------------------------------------------
http://derstandard.at/2000008083067


*** Phisher zielen auf Apple-Pay-Interessenten ab ***
---------------------------------------------
Mit einer auf deutschsprachige Nutzer ausgelegten E-Mail wird derzeit nach Apple-ID-Accounts geangelt. Sie laden vorgeblich zur Registrierung für den bislang nur in den USA verfügbaren iPhone-Bezahldienst ein.
---------------------------------------------
http://www.heise.de/security/meldung/Phisher-zielen-auf-Apple-Pay-Interessenten-ab-2456418.html