[CERT-daily] Tageszusammenfassung - Mittwoch 29-04-2015

Wed Apr 29 18:06:28 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 28-04-2015 18:00 − Mittwoch 29-04-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** VU#534407: Barracuda Web Filter insecurely performs SSL inspection ***
---------------------------------------------
Barracuda Web Filter prior to version 8.1.0.005 does not properly check upstream certificate validity when performing SSL inspection, and delivers one of three default root CA certificates across multiple machines for SSL inspection.
---------------------------------------------
http://www.kb.cert.org/vuls/id/534407


*** Cisco IOS XE Software OTV Processing Code Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the Overlay Transport Virtualization (OTV) processing code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38549


*** Cisco StarOS for Cisco ASR 5000 Series HAMGR Service Proxy Mobile IPv6 Processing Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in proxy mobile (PM) IPv6 processing of Cisco StarOS for Cisco ASR 5000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the hamgr service on the affected device. 
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38557


*** Android: Tausende Apps akzeptieren gefälschte Zertifikate ***
---------------------------------------------
Die Schwachstelle ist seit einem halben Jahr bekannt, doch noch immer können Tausende Android-Apps mit gefälschten Zertifikaten überlistet werden, verschlüsselte Verbindungen aufzubauen. Über diese können Zugangsdaten abgegriffen werden
---------------------------------------------
http://www.golem.de/news/android-tausende-apps-akzeptieren-gefaelschte-zertifikate-1504-113785.html


*** Example setup of WordPress with static export ***
---------------------------------------------
'the only winning move is not to play' - Joshua, Wargames 2 So another advice from CIRCL is: whenever it is possible, the Content Management System component should be removed from the attack surface. This article gives an example about how to set up a system that exposes only static websites without dynamically generated content to the user and attacker.
---------------------------------------------
https://www.circl.lu/pub/tr-36/


*** Malware Analysis-Basics: Static Analysis ***
---------------------------------------------
Hi all, I have started learning malware analysis sometime back, and will share my learning through a series of articles on malware analysis. I will start from very basic and go to advanced level of analysis. So in this this document we ..
---------------------------------------------
http://resources.infosecinstitute.com/malware-analysis-basics-static-analysis/


*** Und täglich grüsst die D-Link-Lücke ***
---------------------------------------------
Seit mindestens August klafft eine kritische Lücke in Routern der Firmen D-Link und Trendnet. Diese geht auf ein Toolkit der Firma Realtek zurück, die Anfragen von Sicherheitsforschern für Monate beharrlich ignorierte. Nun ist die Lücke öffentlich.
---------------------------------------------
http://heise.de/-2628562


*** Unboxing Linux/Mumblehard: Muttering spam from your servers ***
---------------------------------------------
Today, ESET researchers reveal a family of Linux malware that stayed under the radar for more than 5 years. We have named this family Linux/Mumblehard. A white paper about this threat is available for download on WeLiveSecuriy.
---------------------------------------------
http://www.welivesecurity.com/2015/04/29/unboxing-linuxmumblehard-muttering-spam-servers/


*** Magento updaten! ASAP! ***
---------------------------------------------
Für die Onlineshop-Software Magento ist bereits im Februar ein Patch (SUPEE-5344) erschienen, der eine schwerwiegende Sicherheitslücke schliesst. Die Firma Check Point, die die Schwachstelle entdeckt hat, ..
---------------------------------------------
http://www.cert.at/services/blog/20150429154511-1469.html


*** TA15-119A: Top 30 Targeted High Risk Vulnerabilities ***
---------------------------------------------
Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are ..
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA15-119A


*** Container Security: Just The Good Parts ***
---------------------------------------------
Security is usually a matter of trade-offs. Questions like: 'Is X Secure?', don't often have direct yes or no answers. A technology can mitigate certain classes of risk even ..
---------------------------------------------
https://securityblog.redhat.com/2015/04/29/container-security-just-the-good-parts/


*** Report: SSDP reflection attacks spike, and other Q1 2015 DDoS trends ***
---------------------------------------------
The largest distributed denial-of-service attack ever detected by Arbor Networks systems was observed in the first quarter of this year.
---------------------------------------------
http://www.scmagazine.com/largest-ddos-detected-in-q1-report-says/article/411648/


*** ZDI-15-157: Samsung Security Manager ActiveMQ Broker Service MOVE Method Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. Successful exploitation allows an attacker to gain complete control of the system on which the product is installed.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-157/


*** ZDI-15-156: Samsung Security Manager ActiveMQ Broker Service PUT Method Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. Authentication is not required to exploit this vulnerability. Successful exploitation allows an attacker to gain complete control of the system on which the product is installed.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-156/