[CERT-daily] Tageszusammenfassung - Mittwoch 1-04-2015

Wed Apr 1 18:05:51 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 31-03-2015 18:00 − Mittwoch 01-04-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38113
http://tools.cisco.com/security/center/viewAlert.x?alertId=38118
http://tools.cisco.com/security/center/viewAlert.x?alertId=38114
http://tools.cisco.com/security/center/viewAlert.x?alertId=38124


*** The Resurrection of CVE-2011-2461 ***
---------------------------------------------
Security researchers Luca Carettoni and Mauro Gentile recently found during their research that even though Adobe has fixed an old vulnerability found in 2011 (CVE-2011-2461), its side effects still linger around the Internet. Your favorite ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-resurrection-of-cve-2011-2461/


*** OWASP/WASC Distributed Web Honeypots Project Re-Launch - Seeking Participants ***
---------------------------------------------
The SpiderLabs Research Team is proud to announce that we are officially re-launching the Distributed Web Honeypots Project under the new joint OWASP/WASC project home! For those SpiderLabs Blog readers who follow our ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/OWASP/WASC-Distributed-Web-Honeypots-Project-Re-Launch---Seeking-Participants/


*** Intro to E-Commerce and PCI Compliance - Part I ***
---------------------------------------------
Have you ever heard of the term Payment Card Industry (PCI)? Specifically, PCI compliance? If you have an e-commerce website, you probably have already heard about it. But do ..
---------------------------------------------
http://blog.sucuri.net/2015/03/intro-to-e-commerce-and-pci-compliance-part-i.html


*** Inductive Automation Ignition Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for several vulnerabilities in Inductive Automation's Ignition Software.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-090-01


*** Ecava IntegraXor DLL Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for two DLL loading vulnerabilities in Ecava's IntegraXor SCADA Server.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-090-02


*** Hospira MedNet Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for four vulnerabilities in Hospira's MedNet server software.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-090-03


*** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-085-01 Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities, ..
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-085-01A


*** Rig Exploit Kit Changes Traffic Patterns, (Wed, Apr 1st) ***
---------------------------------------------
Sometime within the past month, Rig exploit kit (EK) changed URL structure." /> Notice the PHPSSESID and ?req= patterns in the above example." /> Now, we dont see the PHPSSESID and ?req= patterns. Lets take a closer look at the more ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19533


*** Multiple Xen-vulnerabilities ***
---------------------------------------------
http://www.securitytracker.com/id/1031994
http://www.securitytracker.com/id/1031998
http://www.securitytracker.com/id/1031997


*** Crypto-Ransomware Sightings and Trends for 1Q 2015 ***
---------------------------------------------
It seems that cybercriminals have yet to tire of creating crypto-ransomware malware. Since the start of 2015, we have spotted several variants of crypto-ransomware plague the threat landscape. In January, the Australia-New Zealand region was beset by variants of TorrentLocker. But we soon ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/crypto-ransomware-sightings-and-trends-for-1q-2015/


*** Firefox 37 verbessert Browser-Sicherheit ***
---------------------------------------------
Es ist wieder einmal Update-Zeit bei Mozilla: Mit Firefox 37 gibt es nun also eine neue Version des Browsers, die vor allem Sicherheitsverbesserungen verspricht.
---------------------------------------------
http://derstandard.at/2000013734909


*** A timeline of mobile botnets ***
---------------------------------------------
With the recent explosion in smartphone usage, malware authors have increasingly focused their attention on mobile devices, leading to a steep rise in mobile malware over the past couple of years. In this paper, Ruchna Nigam focuses on mobile botnets, drawing up an inventory of types of known mobile bot variants.
---------------------------------------------
https://www.virusbtn.com/virusbulletin/archive/2015/03/vb201503-mobile-botnets


*** Google: Fünf Prozent aller Nutzer haben Adware auf ihren Rechnern ***
---------------------------------------------
Bei mehr als einem Drittel davon sind es sogar mehr als vier Tools, die Werbung in Webseiten injizieren
---------------------------------------------
http://derstandard.at/2000013745151


*** Smartes Türschloss August war zu gastfreundlich ***
---------------------------------------------
Durch eine Lücke in vernetzten Türschlossern konnten sich deren Besitzer unangemeldet untereinander besuchen.
---------------------------------------------
http://heise.de/-2593822


*** JOSE - JSON Object Signing and Encryption ***
---------------------------------------------
Federated Identity Management has become very widespread in past years - in addition to enterprise deployments a lot of popular web services allow users to carry their identity over multiple sites. Social networking ..
---------------------------------------------
https://securityblog.redhat.com/2015/04/01/jose-json-object-signing-and-encryption/


*** DNS/AXFR: Nameserver verraten Geheim-URLs ***
---------------------------------------------
Das DNS-Protokoll hat eine Funktion, mit der man umfangreiche Informationen zu einer Domain abfragen kann. Dieser sogenannte AXFR-Transfer ist normalerweise ..
---------------------------------------------
http://www.golem.de/news/dns-axfr-nameserver-verraten-geheim-urls-1504-113278.html