[CERT-daily] Tageszusammenfassung - Donnerstag 9-04-2015

Daily end-of-shift report team at cert.at
Thu Apr 9 18:16:14 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 08-04-2015 18:00 − Donnerstag 09-04-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Securing high-risk, third-party relationships ***
---------------------------------------------
High-profile attacks reveal that malicious hackers target third-party vendors and supply chain partners as a backdoor into their primary target, according to CyberArk Software. Organizations in e...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/vSpu1uYwxR4/secworld.php




*** AlienSpy RAT exploited to deliver the popular Citadel Trojan ***
---------------------------------------------
Security experts at Fidelis firm discovered that variants of the AlienSpy remote access trojan (RAT) are currently being used in global phishing campaigns. Cyber criminals have exploited the AlienSpy RAT to deliver the popular Citadel banking Trojan and maintain the persistence inside the targeted architecture with a backdoor mechanism. Criminal crews used AlienSpy RAT to compromise systems in...
---------------------------------------------
http://securityaffairs.co/wordpress/35802/cyber-crime/alienspy-rat-citadel-trojan.html




*** Apple aktualisiert Safari für OS X 10.8, 10.9 und 10.10 ***
---------------------------------------------
Mit den Versionen 8.0.5, 7.1.5 und 6.2.5 seines Browsers behebt Cupertino jede Menge Sicherheitslücken, darunter auch ein altes Problem im Privatmodus.
---------------------------------------------
http://heise.de/-2597649




*** 44 Relevant Cyber Security Conferences around the World ***
---------------------------------------------
Wherever you may be in the world, chances are there's a cyber security event happening near you this year. Cyber security conferences are important and necessary for the industry and for each of us, individually, because they help bring together the community. What's more, innovation often spurs after having a meaningful discussion with a peer or a mentor, or after being part of a conversation on your favorite topic in the field of information security.
---------------------------------------------
https://heimdalsecurity.com/blog/44-relevant-cyber-security-conferences-around-the-world/




*** Polymorphic Beebone botnet sinkholed in international police operation ***
---------------------------------------------
On April 8, a global operation targeted the Beebone (also known as AAEH) botnet, a polymorphic downloader bot which installs various forms of malware on victims' computers. Initial figures show tha...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/MGj0qJKKZ0I/secworld.php




*** Deadly combination of Upatre and Dyre Trojans still actively targeting users ***
---------------------------------------------
Upatre (or Waski) is a downloader Trojan that has lately become the malware of choice for cyber crooks to deliver additional, more dangerous malware on users computers. A few weeks ago, Swiss and ...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/IJ4tqq_YAUU/malware_news.php




*** LG software disables Windows security feature, developer says ***
---------------------------------------------
LG Split Screen software that comes with the companys ultra wide monitors stealthily weakens Windows users defenses by deactivating the OS User Account Control (UAC) feature, developer Christopher ...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1t_AM7tskik/secworld.php




*** Hidden backdoor API to root privileges in Apple OS X ***
---------------------------------------------
The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It's been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system.
---------------------------------------------
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/




*** The Banking Trojan Emotet: Detailed Analysis ***
---------------------------------------------
The Emotet Trojan is a highly automated and developing, territorially-targeted bank threat. Its small size, the dispersal methods used and the modular architecture, all make Emotet a very effective weapon for the cyber-criminal.
---------------------------------------------
http://securelist.com/analysis/69560/the-banking-trojan-emotet-detailed-analysis/




*** Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists ***
---------------------------------------------
When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted store for both iOS and OSX. Apple on Wednesday released...
---------------------------------------------
http://threatpost.com/apple-leaves-cnnic-root-in-ios-osx-certificate-trust-lists/112086




*** TA15-098A: AAEH ***
---------------------------------------------
Original release date: April 09, 2015 Systems Affected Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012 Overview AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and...
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA15-098A




*** ZDI-15-119: IBM Tivoli Storage Manager FastBack CRYPTO_S_EncryptBufferToBuffer Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/OQuaNiGQOf8/




*** ZDI-15-118: IBM Tivoli Storage Manager FastBack Mount CMountDismount::GetVaultDump Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/RumTeWThXlw/




*** DFN-CERT-2015-0484 - F5 Networks BIG-IP Protocol Security Module (PSM), F5 Networks BIG-IP Systeme: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ***
---------------------------------------------
08.04.2015
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0484/




*** DFN-CERT-2015-0477 - MantisBT: Mehrere Schwachstellen ermöglichen u. a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
08.04.2015
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0477/




*** Asterisk TLS Certificate Validation Flaw With Null Byte in Common Name Lets Remote Users Bypass Certificate Validation ***
---------------------------------------------
http://www.securitytracker.com/id/1032052




*** CiviCRM private report - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-094 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-094Project: CiviCRM private report (third-party module)Version: 6.x, 7.xDate: 2015-April-08 Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryDescriptionCiviCRM private report module enables users to create their own private copies of CiviCRM reports, which they can modify and save to meet their needs without requiring the "Administer reports" permission.The
---------------------------------------------
https://www.drupal.org/node/2467697




*** [2015-04-09] Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows ***
---------------------------------------------
XSS and XSRF vulnerabilities within the Confluence plugin Comala Workflows of Comalatech enable an attacker to perform unauthorized actions in the name of another logged-in user and attack other users of the web application with JavaScript code, browser exploits or Trojan horses.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150409-0_Comalatech_ComalaWorkflows_Multiple_XSS_XSRF_vulnerabilities_v10.txt



*** Juniper Security Advisories ***
---------------------------------------------
*** JSA10679 - 2015-04 Security Bulletin: OpenSSL 8th January 2015 advisory. ***
http://kb.juniper.net/index?page=content&id=JSA10679&actp=RSS

*** JSA10680 - 2015-04 Security Bulletin: OpenSSL 19th March 2015 advisory ***
http://kb.juniper.net/index?page=content&id=JSA10680&actp=RSS

*** JSA10678 - 2015-04 Security Bulletin: Junos: Insufficient entropy on QFX3500 and QFX3600 platforms when the system boots up (CVE-2015-3006) ***
http://kb.juniper.net/index?page=content&id=JSA10678&actp=RSS

*** JSA10677 - 2015-04 Security Bulletin: SRX Series: Cross-Site-Scripting Vulnerability in Dynamic VPN (CVE-2015-3005). ***
http://kb.juniper.net/index?page=content&id=JSA10677&actp=RSS

*** JSA10676 - 2015-04 Security Bulletin: SRX Series: ISC BIND vulnerability denial of service in delegation handling (CVE-2014-8500) ***
http://kb.juniper.net/index?page=content&id=JSA10676&actp=RSS

*** JSA10675 - 2015-04 Security Bulletin: Junos J-Web: Clickjacking vulnerability (CVE-2015-3004) ***
http://kb.juniper.net/index?page=content&id=JSA10675&actp=RSS

*** JSA10674 - 2015-04 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in Junos CLI (CVE-2015-3003) ***
http://kb.juniper.net/index?page=content&id=JSA10674&actp=RSS

*** JSA10673 - 2015-04 Security Bulletin: IDP: Multiple vulnerabilities addressed by third party software updates. ***
http://kb.juniper.net/index?page=content&id=JSA10673&actp=RSS

*** JSA10672 - 2015-04 Security Bulletin: SRX Series: disconnecting from console may not automatically log out (CVE-2015-3002) ***
http://kb.juniper.net/index?page=content&id=JSA10672&actp=RSS




*** Apple Security Advisories ***
---------------------------------------------
Apple TV 7.2
https://support.apple.com/kb/HT204662

*** iOS 8.3 ***
https://support.apple.com/kb/HT204661

*** OS X Yosemite 10.10.3 and Security Update 2015-004 ***
https://support.apple.com/kb/HT204659

*** Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 ***
https://support.apple.com/kb/HT204658

*** OS X Yosemite 10.10.3 Combo Update ***
https://support.apple.com/kb/DL1804

*** OS X Yosemite 10.10.3 Update ***
https://support.apple.com/kb/DL1805

*** Security Update 2015-004 Mountain Lion ***
https://support.apple.com/kb/DL1802

*** Security Update 2015-004 Mavericks ***
https://support.apple.com/kb/DL1803

*** iOS 8.3 ***
https://support.apple.com/kb/DL1806

*** Xcode 6.3 ***
https://support.apple.com/kb/HT204663


More information about the Daily mailing list