[CERT-daily] Tageszusammenfassung - Dienstag 9-09-2014

Tue Sep 9 18:10:04 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 08-09-2014 18:00 − Dienstag 09-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition.
The vulnerability is due to a failure to properly handle a crafted SSH packet. An attacker could exploit this vulnerability by sending a crafted packet to the SSH server running on the Cisco IMC of an affected device, which could result in the Cisco IMC becoming unresponsive. The operating system running on the blade will be unaffected.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140908-ucse


*** Cisco IOS XR Software DHCPv6 Denial Of Service Vulnerability ***
---------------------------------------------
A vulnerability in the DHCP version 6 (DHCPv6) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the DHCPv6 server process on an affected device to crash.
The vulnerability is due to incorrect handling of malformed DHCPv6 packets. An attacker could exploit this vulnerability by sending a malformed DHCPv6 packet to an affected device configured with DHCPv6 server functionality. An exploit could allow the attacker to cause the DHCPv6 process on the device to crash.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3343


*** Netgear ProSafe Plus Configuration Utility information disclosure ***
---------------------------------------------
Netgear ProSafe Plus Configuration Utility could allow a remote attacker to obtain sensitive information, caused by the storing of passwords in plaintext within the backup file. An attacker could exploit this vulnerability using the configuration backup file to obtain sensitive information.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95780


*** Researchers reveal security issues in Android apps ***
---------------------------------------------
On Monday, the University of New Haven revealed its first video in a series of security findings.
---------------------------------------------
http://www.scmagazine.com/researchers-reveal-security-issues-in-android-apps/article/370370/


*** Why Google Is Pushing For a Web Free of SHA-1 ***
---------------------------------------------
An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ME5Z29v_gGw/story01.htm


*** Salesforce: Oh no! Dyre RATs are thirsty for our customers logins ***
---------------------------------------------
But attacks werent the cause of server outage, were told Salesforce has warned that miscreants are trying to infect its customers with a remote access trojan (RAT) dubbed Dyre that siphons off Salesforce.com login data.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/09/08/salesforcecom_warns_users_they_are_the_target_for_new_rat_dyre/


*** H1 2014 Threat Report ***
---------------------------------------------
Our latest Threat Report is now available.
The report includes our statistics, incidents calendar and threatscape summaries for H1(Q1+Q2) 2014.
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002741.html


*** QEMU VGA Emulator Bug Lets Local Guest Users Obtain Potentially Sensitive Information from the Host System ***
---------------------------------------------
Description:   A vulnerability was reported in QEMU. A local user on a guest system can obtain potentially sensitive information from the host system.
A guest system Graphics Output Protocol driver can set a high resolution to trigger a flaw in the VGA emulator and obtain host memory contents.
Impact:   A local user on a guest system can obtain potentially sensitive information from the host system memory.
---------------------------------------------
http://www.securitytracker.com/id/1030817


*** Enigmail PGP plugin forgets to encrypt mail sent as blind copies ***
---------------------------------------------
User now waiting for the bad guys come and get me with their water-boards Enigmail has patched a hole in the worlds most popular PGP email platform that caused mail to be sent unencrypted when all security check boxes were ticked.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/09/09/enigmail_encryption_error_prompts_plaintext_panic/


*** Kaspersky Internet Security Android App Certificate Validation Flaw Lets Remote Users Spoof Servers ***
---------------------------------------------
A vulnerability was reported in Kaspersky Internet Security app for Android. A remote user can spoof servers.
The application (com.kms.free) does not verify X.509 certificates from SSL servers. A remote user with the ability conduct a man-in-the-middle attack can supply a specially crafted certificate to spoof an SSL server obtain or modify sensitive information
---------------------------------------------
http://www.securitytracker.com/id/1030815


*** OpenSSL Security Policy ***
---------------------------------------------
Recent flaws have captured the attention of the media and highlighted how much of the internet infrastructure is based on OpenSSL. Weve never published our policy on how we internally handle security issues; that process being based on experience and has evolved over the years.
---------------------------------------------
https://www.openssl.org/about/secpolicy.html


*** 'Google Dorking' - Waking Up Web Admins Everywhere ***
---------------------------------------------
Last July, the US Department of Homeland Security warned of a new kind of criminal attack: 'Google dorking'. This refers to asking Google for things they have found via special search operators. Let's look closely and see what this is. Google finds things online using a program that accesses web sites: the Google web crawler, called ...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/DdLfN3jTMhw/


*** How a DNS Sinkhole Can Protect Against Malware ***
---------------------------------------------
The Domain Name Service (DNS) is an integral part of Internet access. It translates human-recognized domain names into computer-readable IP addresses in order to facilitate online communication and connection between devices. ... And one of the best ways to gain control is via DNS itself, in order to disrupt malware transmission at the very point of connection. A DNS sinkhole, or sinkhole server, gives organizations this control in order to prevent internal access to malicious websites.
---------------------------------------------
http://resources.infosecinstitute.com/dns-sinkhole-can-protect-malware/


*** Threat Spotlight: 'Kyle and Stan' Malvertising Network Threatens Windows and Mac Users With Mutating Malware ***
---------------------------------------------
Once the victim gets redirected to the final URL, the website automatically starts the download of a unique piece of malware for every user. The file is a bundle of legitimate software, like a media-player, and compiles malware and a unique-to-every-user configuration into the downloaded file. The attackers are purely relying on social engineering techniques, in order to get the user to install the software package. No drive-by exploits are being used thus far.
---------------------------------------------
https://blogs.cisco.com/security/kyle-and-stan/


*** Modern anti-spam and E2E crypto ***
---------------------------------------------
... asked me to write up some thoughts on how spam filtering and fully end to end crypto would interact, so its all available in one message instead of scattered over other threads. Specifically he asked for brain dumps on: - how does antispam currently work at large email providers - how would widespread E2E crypto affect this - what are the options for moving things to the client (and pros, cons) - is this feasible for email?
---------------------------------------------
https://moderncrypto.org/mail-archive/messaging/2014/000780.html


*** Research Finds No Large Scale Heartbleed Exploit Attempts Before Vulnerability Disclosure ***
---------------------------------------------
In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations - perhaps the NSA - that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but ...
---------------------------------------------
http://threatpost.com/research-finds-no-large-scale-heartbleed-exploit-attempts-before-vulnerability-disclosure/108161


*** UPDATE: Upcoming Security Updates for Adobe Reader and Acrobat (APSB14-20) ***
---------------------------------------------
UPDATE: The security update for Adobe Reader and Acrobat has been re-scheduled from September 9, 2014 to the week of September 15, 2014. This delay was necessary to address issues identified during routine regression testing.
---------------------------------------------
http://blogs.adobe.com/psirt/?p=1121