[CERT-daily] Tageszusammenfassung - Montag 27-04-2015

Mon Apr 27 18:07:44 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 24-04-2015 18:00 − Montag 27-04-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Sicherheitslücke im Yubikey Neo ***
---------------------------------------------
Der USB-Stick Yubikey Neo lässt sich auch als Smartcard nutzen. Durch einen Bug kann man die eigentlich erforderliche Eingabe der PIN umgehen. Ein Angreifer kann die Krypto-Funktionen dadurch sogar über Funk missbrauchen.
---------------------------------------------
http://heise.de/-2621122


*** CVE-2015-0359 (Flash up to 17.0.0.134) and Exploit Kits ***
---------------------------------------------
http://malware.dontneedcoffee.com/2015/04/cve-2015-0359-flash-up-to-1700134-and.html


*** Security Advisory: NTP vulnerability CVE-2015-1799 ***
---------------------------------------------
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/500/sol16506.html?


*** What's Your Security Maturity Level? ***
---------------------------------------------
Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum (think 15 pieces of flair). When ..
---------------------------------------------
http://krebsonsecurity.com/2015/04/whats-your-security-maturity-level/


*** Sunday, April 26. 2015 How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security ***
---------------------------------------------
Lately a lot of attention has been payed to software like Superfish and Privdog that intercepts TLS connections to be able to manipulate HTTPS traffic. These programs had severe (technically different) vulnerabilities that allowed attacks on HTTPS connections.
---------------------------------------------
https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html


*** Pwning a thin client in less than two minutes ***
---------------------------------------------
The point of this blog post is to demonstrate that a malicious actor can compromise such thin clients in a trivial and quick way provided physical access, a standard prerequisite in an attack against a kiosk.
---------------------------------------------
http://blog.malerisch.net/2015/04/pwning-hp-thin-client.html


*** Clickjacking, Cursorjacking & Filejacking ***
---------------------------------------------
Same origin bypasses using clickjacking Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information ..
---------------------------------------------
http://resources.infosecinstitute.com/bypassing-same-origin-policy-part-3-clickjacking-cursorjacking-filejacking/


*** Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win. ***
---------------------------------------------
A lot of network defense goes wrong before any contact with an adversary, starting with how defenders conceive of the battlefield. Most defenders focus on protecting their assets, prioritizing them, and sorting them by workload and ..
---------------------------------------------
http://blogs.technet.com/b/johnla/archive/2015/04/26/defenders-think-in-lists-attackers-think-in-graphs-as-long-as-this-is-true-attackers-win.aspx


*** IBM Security Bulletin: SPSS Statistics ActiveX Control Code Execution Vulnerability Notification ***
---------------------------------------------
SPSS Statistics ActiveX control on Windows 32 bit installations could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to visit a specially-crafted Web page with Internet Explorer, a local attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. 
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21697746


*** A Javascript-based DDoS Attack as seen by Safe Browsing ***
---------------------------------------------
To protect users from malicious content, Safe Browsing's infrastructure analyzes web pages with web browsers running in virtual machines. This allows us to determine if a page contains malicious content, such as Javascript ..
---------------------------------------------
http://googleonlinesecurity.blogspot.co.at/2015/04/a-javascript-based-ddos-attack-as-seen.html?m=1


*** Node.js Server-Side JavaScript Injection Detection & Exploitation ***
---------------------------------------------
Late last year, Burp scanner started testing for Server-Side JavaScript (SSJS) code injection. As you'd expect, this is where an attacker injects JavaScript into a server side parser and results in arbitrary code execution.
---------------------------------------------
http://blog.gdssecurity.com/labs/2015/4/15/nodejs-server-side-javascript-injection-detection-exploitati.html


*** Critical Persistent XSS 0day in WordPress ***
---------------------------------------------
Yes, you've read it right: a critical, unpatched 0-day vulnerability affecting WordPress' comment mechanisms was disclosed earlier today by Klikki Oy. Who's affected If your ..
---------------------------------------------
https://blog.sucuri.net/2015/04/critical-persistent-xss-0day-in-wordpress.html


*** TeslaCrypt - Decrypt It Yourself ***
---------------------------------------------
After the takedown of Cryptolocker, we have seen the rise of Cryptowall. Cryptowall 2 introduced 'features' such as advanced anti-debugging techniques, only to have many of those features removed in Cryptowall 3. Ransomware is ..
---------------------------------------------
http://blogs.cisco.com/security/talos/teslacrypt