[CERT-daily] Tageszusammenfassung - Donnerstag 16-04-2015

Daily end-of-shift report team at cert.at
Thu Apr 16 18:08:52 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 15-04-2015 18:00 − Donnerstag 16-04-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner


*** Impacts of a Hack on a Magento Ecommerce Website ***
---------------------------------------------
Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience In this post, I'll show you how a hacked website results in almost immediate loss of money. We are not talking about drive-by infections that can be prevented by using a good anti-virus, updated software, and extensions like NoScript. ... This time, we're talking about using legitimate sites that have absolutely no externally visible signs of compromise.
---------------------------------------------
https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html




*** Services - Critical - Multiple Vulnerabilites - SA-CONTRIB-2015-096 ***
---------------------------------------------
    Advisory ID: DRUPAL-SA-CONTRIB-2015-096
    Project: Services (third-party module)
    Version: 7.x
    Date: 2015-April-15
    Security risk: 16/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon
    Vulnerability: Access bypass, Arbitrary PHP code execution
---------------------------------------------
https://www.drupal.org/node/2471879




*** Display Suite - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-095 ***
---------------------------------------------
    Advisory ID: DRUPAL-SA-CONTRIB-2015-095
    Project: Display Suite (third-party module)
    Version: 7.x
    Date: 2015-April-15
    Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
    Vulnerability: Cross Site Scripting
---------------------------------------------
https://www.drupal.org/node/2471733




*** The Delicate Art of Remote Checks - A Glance Into MS15-034 ***
---------------------------------------------
Recently, the research team posted a testing script for the MS15-034 vulnerability to pastebin for the greater community to test.  We received some feedback about how exactly we figured out how to check, and remote checks in general.
---------------------------------------------
http://blog.beyondtrust.com/the-delicate-art-of-remote-checks-a-glance-into-ms15-034




*** Denial of Service Attacks Possible with OpenSSL Vulnerability CVE-2015-1787 ***
---------------------------------------------
On March 19 we wrote about how OpenSSL disclosed and fixed 13 vulnerabilities to address several security holes. Among the vulnerabilities addressed was CVE-2015-1787, which can result in a complete denial of service on an application compiled with OpenSSL library. This blog post will tackle how the bug can be exploited ...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Q6dMoVlcsE4/




*** Exploit kits (still) pushing Teslacrypt ransomware, (Thu, Apr 16th) ***
---------------------------------------------
Teslacrypt is a form of ransomware that was first noted in January of this year. This malware apparently targets video game-related files. Ive seen Teslacrypt dropped by the Sweet Orange exploit kit (EK), and its also been dropped by Nuclear EK. McAfee saw it dropped by Angler EK last month.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19581&rss




*** New POS Malware Emerges - Punkey ***
---------------------------------------------
During a recent United States Secret Service investigation, Trustwave encountered a new family of POS malware, that we named Punkey. It appears to have evolved from the NewPOSthings family of malware first discovered by Dennis Schwarz and Dave Loftus at...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/New-POS-Malware-Emerges---Punkey/




*** IBM stellt seine Security-Datenbank ins Netz ***
---------------------------------------------
IBM Security macht seine IT-Sicherheitsdatenbank künftig auf der Sharing-Plattform X-Force Exchange in der Cloud zugänglich.
---------------------------------------------
http://heise.de/-2608795





*** crossdomain.xml : Beware of Wildcards ***
---------------------------------------------
This blog entry will describe a wide spread Flash vulnerability that affected many big websites including paypal.com. The description will picture the state of the website paypal.com and ebay.com in 2013-2014. The vulnerabilities were completely fixed two weeks ago. Therefore, it is not possible to reproduce this vulnerability as-is.
---------------------------------------------
http://blog.h3xstream.com/2015/04/crossdomainxml-beware-of-wildcards.html





*** Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38403

*** Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd

*** Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-iosxr



More information about the Daily mailing list