[CERT-daily] Tageszusammenfassung - Donnerstag 27-11-2014

Thu Nov 27 18:16:46 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 26-11-2014 18:00 − Donnerstag 27-11-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** New anti-APT tools are no silver bullets: An independent test of APT attack detection appliances ***
---------------------------------------------
New anti-APT tools are no silver bullets: An independent test of APT attack detection appliances CrySyS Lab, BME http://www.crysys.hu/ MRG-Effitas https://www.mrg-effitas.com/ November 26, 2014. The term Advanced Persistent Threat (APT) refers to a potential attacker that has the capability and the intent to carry out advanced attacks against specific high profile targets in order to [...]
---------------------------------------------
http://blog.crysys.hu/2014/11/new-anti-apt-tools-are-no-silver-bullets-an-independent-test-of-apt-attack-detection-appliances/


*** Adobe Reader sandbox popped says Google researcher ***
---------------------------------------------
Yet another reason to make sure youve patched promptly and properly The Acrobat Reader Windows sandbox contains a vulnerability that could allow attackers to break out and gain higher privileges, Google security bod James Forshaw claims.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/27/adobe_reader_sandbox_popped/


*** Crunch - Password Cracking Wordlist Generator ***
---------------------------------------------
Features: crunch generates wordlists in both combination and permutation ways it can breakup output by number of lines or file size * now has resume support * pattern now supports number and symbols * pattern now supports upper and lower case characters separately * adds a status report when generating multiple files * new -l option for literal support of @,%^ * new -d option to limit duplicate characters see man file for details * now has unicode support...
---------------------------------------------
http://hack-tools.blackploit.com/2014/11/crunch-password-cracking-wordlist.html


*** SEC Risk Factors: How To Determine The Business Value Of Your Data To A Foreign Government ***
---------------------------------------------
This white paper will explore where the SEC is headed on this issue and propose a novel solution that's both specific to the company and avoids the potential danger of revealing too much information about company vulnerabilities - the ability to verifiably assess the value of your intellectual property (IP) to a rival Nation State by establishing its Target Asset Value™.
---------------------------------------------
http://jeffreycarr.blogspot.co.uk/2014/11/sec-risk-factors-how-to-determine.html


*** Factsheet HTTPS could be a lot more secure ***
---------------------------------------------
HTTPS is a frequently used protocol for protecting web traffic against parties setting out to eavesdrop on or manipulate the traffic. Configuring HTTPS requires precision: there are many options, and by no means all of them are secure.
---------------------------------------------
https://www.ncsc.nl/english/services/expertise-advice/knowledge-sharing/factsheets/factsheet-https-could-be-a-lot-more-secure.html


*** Cisco: Fehler in H.264-Plugin betrifft alle Firefox-Nutzer ***
---------------------------------------------
Ein Fehler in der Speicherverwaltung des H.264-Plugins betrifft potentiell alle Firefox-Nutzer, da Mozilla dieses zwangsweise installiert. Besonders schwerwiegend ist der Fehler zwar nicht, er offenbart aber ein Problem in der Zusammenarbeit mit Cisco.
---------------------------------------------
http://www.golem.de/news/cisco-fehler-in-h-264-plugin-betrifft-alle-firefox-nutzer-1411-110829-rss.html


*** l+f: Nur zwei Tage vom Patch zum Exploit-Kit ***
---------------------------------------------
Der Zeitraum zwischen der Bekanntgabe einer Lücke durch einen Patch und deren aktiver Ausnutzung wird immer kürzer.
---------------------------------------------
http://www.heise.de/security/meldung/l-f-Nur-zwei-Tage-vom-Patch-zum-Exploit-Kit-2467550.html


*** Meta-Hack stört hunderte Medien-Webseiten ***
---------------------------------------------
Auf hunderten großer Webseiten erschien am Donnerstag die Meldung "You have been hacked". Ursache war eine eingebettete Kommentarfunktion von Gigya.
---------------------------------------------
http://www.heise.de/security/meldung/Meta-Hack-stoert-hunderte-Medien-Webseiten-2467599.html


*** TYPO3 CMS 4.5.38 and 6.2.7 released ***
---------------------------------------------
The TYPO3 Community announces the versions 4.5.38 LTS and 6.2.7 LTS of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes.
---------------------------------------------
https://typo3.org/news/article/typo3-cms-4538-and-627-released/


*** TYPO3-EXT-SA-2014-017: Improper Access Control in WebDav for filemounts (webdav) ***
---------------------------------------------
It has been discovered that the extension "WebDav for filemounts" (webdav) is susceptible to Improper Access Control. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: 2.0.0 Vulnerability Type: Improper Access Control Severity: Medium Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-017/


*** DSA-3077 openjdk-6 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3077


*** Cisco ASA SSL VPN Memory Consumption Error Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031269


*** Mutt Buffer Overflow in mutt_substrdup() Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031266


*** Xen Security Advisory 112 (CVE-2014-8867) - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor ***
---------------------------------------------
Acceleration support for the "REP MOVS" instruction, when the first iteration accesses memory mapped I/O emulated internally in the hypervisor, incorrectly assumes that the whole range accessed is handled by the same hypervisor sub-component. Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests. Resolution: Applying the appropriate attached patch resolves this issue.
---------------------------------------------
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00006.html


*** Xen Security Advisory 111 (CVE-2014-8866) - Excessive checking in compatibility mode hypercall argument translation ***
---------------------------------------------
Impact: A buggy or malicious HVM guest can crash the host. Mitigation: Running only PV guests will avoid this issue. There is no mitigation available for HVM guests on any version of Xen so far released by xenproject.org. Resolution: Applying the appropriate attached patch resolves this issue.
---------------------------------------------
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00005.html


*** F5 Security Advisories ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15877.html?ref=rss
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15875.html?ref=rss
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15881.html?ref=rss
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15868.html?ref=rss
https://support.f5.com:443/kb/en-us/solutions/public/15000/800/sol15885.html?ref=rss