[CERT-daily] Tageszusammenfassung - Montag 22-09-2014

Mon Sep 22 18:21:35 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 19-09-2014 18:00 − Montag 22-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Tiny Tinba Trojan Could Pose Big Threat ***
---------------------------------------------
In July 2014, the original source code of Tinba was made public in an underground forum. This leaked version comes with complete documentation and full source code. This follows other source code leaks from much more infamous and prevalent threats, which researchers worry that attackers could use as the basis for new versions. Similar to...
---------------------------------------------
http://www.seculert.com/blog/2014/09/tiny-tinba-trojan-could-pose-big-threat.html


*** Apple Pay: A Security Analysis ***
---------------------------------------------
Has Apple taken a bite out of hackers' arsenals? The company is betting on it. Its recent announcement about a new secure payment option has the retail and tech worlds buzzing. If Apple can implement its near-field communication (NFC) payment...
---------------------------------------------
http://www.fireeye.com/blog/corporate/2014/09/apple-pay-a-security-analysis-2.html


*** How to secure your new iPhone in three simple steps ***
---------------------------------------------
Summary: Symantec recommends best practices to keep your Apple ID account and iPhone safe.
---------------------------------------------
http://www.symantec.com/connect/blogs/how-secure-your-new-iphone-three-simple-steps


*** Conditional Malicious iFrame Targeting WordPress Web Sites ***
---------------------------------------------
We have an email, labs at sucuri.net where we receive multiple questions a day about various forms of malware. One of the most common questions happen when our Free Security Scanner, SiteCheck, detects a spam injection or a hidden iframe and the user is unable to locate the infection in the source code. It's not until we...
---------------------------------------------
http://blog.sucuri.net/2014/09/conditional-malicious-iframe-targeting-wordpress-web-sites.html


*** PHP Fixes Several Bugs in Version 5.4 and 5.5, (Fri, Sep 19th) ***
---------------------------------------------
PHP announced the released of version 5.5.17 and 5.4.33. Ten bugs were fixed in version 5.4.33 and 15 bugs were fixed in version 5.5.17. All PHP users are encouraged to upgrade.The latest version are available for download here. [1] http://php.net/ChangeLog-5.php#5.4.33 [2] http://php.net/ChangeLog-5.php#5.5.17 [3] http://windows.php.net/download ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18683&rss


*** CipherShed Fork from TrueCrypt Project, Support Windows, Mac OS and Linux - https://ciphershed.org, (Fri, Sep 19th) ***
---------------------------------------------
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18677&rss


*** New OWASP Testing guide version 4! Check https://www.owasp.org/images/1/19/OTGv4.pdf, (Sat, Sep 20th) ***
---------------------------------------------
Manuel Humberto Santander Peláez SANS Internet Storm Center - Handler Twitter: (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18687&rss


*** CloudFlare ditches private SSL keys for better security ***
---------------------------------------------
Sorry, spooks, we cant decrypt this for you CloudFlare has announced the outcome of what it says is two years work - switching on Keyless SSL - which lets customers encrypt their web traffic via the companys services without having to hand over their private SSL keys.
---------------------------------------------
http://www.theregister.co.uk/2014/09/22/cloudflare_ditches_keys_for_better_security/


*** Holzleim: Fingerabdrucksensor des iPhone 6 ausgetrickst ***
---------------------------------------------
Mit einer simpel angefertigten Kopie hat Ben Schlabs von den SRLabs den Fingerabdrucksensor des iPhone 6 getäuscht. Da Apple unter iOS 8 auch Drittanbieter diese Authentifizierungsmethode nutzen lässt, ist dies brisanter als beim iPhone 5S.
---------------------------------------------
http://www.golem.de/news/holzleim-fingerabdrucksensor-des-iphone-6-ausgetrickst-1409-109368-rss.html


*** VB2014 preview: Tech Support Scams 2.0: an inside look into the evolution of the classic Microsoft tech support scam ***
---------------------------------------------
Jérôme Segura looks at recent developments in malicious cold calls. In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we are looking at some of the research that will be presented at the event. Today, in the final entry in this series, we look at the paper Tech Support Scams 2.0: an inside look into the evolution of the classic Microsoft tech support scam, by Jérôme Segura (Malwarebytes).Two years ago, at VB2012 in Dallas, I...
---------------------------------------------
https://www.virusbtn.com/blog/2014/09_22.xml


*** Doubleclick und Zedo lieferten virenverseuchte Werbung aus ***
---------------------------------------------
Das große Werbenetzwerk Zedo und die Google-Tochter Doubleclick sollen nach Angaben eines Antivirenherstellers fast einen Monat lang Schadcode über ihre Werbung verteilt haben. Auch größere Webseiten wie Last.fm waren betroffen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Doubleclick-und-Zedo-lieferten-virenverseuchte-Werbung-aus-2400733.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** iOS 7.1.x Exploit Released (CVE-2014-4377), (Mon, Sep 22nd) ***
---------------------------------------------
Havent upgraded to iOS 8 yet? Aside from a lot of new features, Apple also fixed a number of security vulnerabilities in iOS 8. For example CVE-2014-4377, a memory corrupion issue in iOSs core graphics library. An exploit is now available for this vulnerability. NOTE: I have not verified yet that the exploit is working / genuine. We will not link at this point to the exploit code, but basic Google Fu should allow you to find it. The author claims that the exploit is "compleatly reliable
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18693&rss


*** Datenleck: WhatsApp petzt Online-Status ***
---------------------------------------------
Ob und wie oft man WhatsApp öffnet, will man unter Umständen lieber für sich behalten. Der Betreiber macht diese Information allerdings für jedermann zugänglich, der die Nummer kennt. Selbst, wenn man dies in den Datenschutz-Einstellungen deaktiviert hat.
---------------------------------------------
http://www.heise.de/security/meldung/Datenleck-WhatsApp-petzt-Online-Status-2400819.html


*** VU#730964: FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#730964 FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities Original Release date: 19 Sep 2014 | Last revised: 19 Sep 2014   Overview Fortinet FortiGate and FortiWiFi appliances are susceptible to man-in-the-middle attacks (CWE-300) and a heap-based overflow vulnerability (CWE-122).  Description Fortinet FortiGate and FortiWiFi 4.00.6 and possibly earlier versions are susceptible to man-in-the-middle attacks (CWE-300) and a heap-based overflow...
---------------------------------------------
http://www.kb.cert.org/vuls/id/730964


*** Cisco Nexus 1000V Cross-Site Scripting Vulnerability ***
---------------------------------------------
CVE-2014-3367
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3367


*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_pure_application_system_java_se_issues_disclosed_in_the_oracle_july_2014_critical_patch_update_plus_1_additional_vulnerability?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_puredata_for_operational_analytics_a1791_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0076_cve_2014_0195_cve_2014_0224_cve_2014_0221_and_cve_2014_3470?la
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_open_source_apache_xalan_java_in_filenet_p8_application_engine?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_apache_commons_fileupload_and_tomcat_vulnerability_in_filenet_p8_application_engine?lang=en_us


*** IBM Security Bulletins for ClearQuest ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_local_access_only_authentication_type_does_not_prevent_unauthenticated_remote_access_to_help_server_administration_in_clearquest_cve_2014_3106?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_login_error_messages_credential_enumeration_in_clearquest_web_cve_2014_3105?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_missing_secure_attribute_in_encrypted_session_ssl_cookie_in_clearquest_web_cve_2014_3103?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_brute_force_attack_in_clearquest_web_cve_2014_3101?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_xml_entity_expansion_vulnerabilities_in_rational_clearquest_cve_2014_3104?lang=en_us


*** Asterisk PJSIP channel denial of service ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/96073