[CERT-daily] Tageszusammenfassung - Dienstag 25-11-2014

Tue Nov 25 18:06:39 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 24-11-2014 18:00 − Dienstag 25-11-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Remote Code Execution in Popular Hikvision Surveillance DVR ***
---------------------------------------------
A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices.
---------------------------------------------
http://threatpost.com/remote-code-execution-in-popular-hikvision-surveillance-dvr/109552


*** Multiple Dell SonicWALL products code execution ***
---------------------------------------------
Multiple Dell SonicWALL products could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the failure to validate user data prior to executing a command in the GMS ViewPoint ..
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98911


*** Obfuscated Flash Files Make Their Mark in Exploit Kits ***
---------------------------------------------
In recent years, we noticed that more and more malicious Adobe Flash (.SWF) files are being incorporated into exploit kits like the Magnitude Exploit Kit, the Angler Exploit Kit, and the Sweet Orange Exploit Kit. However, we did some more ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-flash-files-gain-the-upper-hand-with-new-obfuscation-techniques/


*** The Other Side of Masque Attacks: Data Encryption Not Found in iOS Apps ***
---------------------------------------------
Based on our research into the iOS threat Masque Attacks announced last week, Trend Micro researchers have found a new way that malicious apps installed through successful Masque Attacks can pose a threat to iOS devices: by accessing unencrypted data used by legitimate apps. According to reports, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-other-side-of-masque-attacks-data-encryption-not-found-in-ios-apps/


*** Docker docker pull privilege escalation ***
---------------------------------------------
Docker could allow a remote attacker to gain elevated privileges on the system, caused by an error in the docker pull and the docker load operations. An attacker could exploit this vulnerability to gain elevated privileges on the system.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98924


*** Docker image privilege escalation ***
---------------------------------------------
Docker could allow a remote attacker to gain elevated privileges on the system, caused by the ability to modify the default run profile of containers by images. attacker could exploit this vulnerability to gain elevated privileges on the system.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98925


*** WordPress wpDataTables 1.5.3 SQL Injection ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014110163


*** WordPress wpDataTables 1.5.3 Shell Upload ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014110162


*** [oCERT 2014-008] heap overflow, remote code execution in libFLAC ***
---------------------------------------------
FLAC is an open source lossless audio codec supported by several software and music players. The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may ..
---------------------------------------------
http://www.ocert.org/advisories/ocert-2014-008.html


*** Chrome läutet Ende für Browser-Plugins ein ***
---------------------------------------------
Ab Jänner werden sämtliche NPAPI-Plugins blockiert - Silverlight und Java betroffen
---------------------------------------------
http://derstandard.at/2000008592582


*** Hacker legen Sony Pictures komplett lahm ***
---------------------------------------------
Unbekannte haben am Montag den Firmenbetrieb bei Sony Pictures zum Erliegen gebracht. Sie sollen sämtliche Computer im Firmennetz der Sony-Tochter gekapert haben. Auch das Play-Store-Konto von Sony soll betroffen sein.
---------------------------------------------
http://www.heise.de/security/meldung/Hacker-legen-Sony-Pictures-komplett-lahm-2462889.html


*** Secret Malware in European Union Attack Linked to U.S. and British Intelligence ***
---------------------------------------------
Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.
---------------------------------------------
https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/


*** EU-Experten: Exporte von Spähsoftware sollen stärker kontrolliert werden ***
---------------------------------------------
Wirtschaftsminister Gabriel will den Export von Spähsoftware auf EU-Ebene einschränken. Erste Firmen suchen aber schon Wege, um der Exportkontrolle zu entgehen.
---------------------------------------------
http://www.golem.de/news/eu-experten-exporte-von-spaehsoftware-sollen-staerker-kontrolliert-werden-1411-110754.html