[CERT-daily] Tageszusammenfassung - Dienstag 4-08-2015

Tue Aug 4 18:18:03 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 03-08-2015 18:00 − Dienstag 04-08-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Thunderstrike 2: Mac-Firmware-Wurm soll sich über Thunderbolt-Adapter verbreiten ***
---------------------------------------------
Weitere EFI-Schwachstellen ermöglichen nach Angabe von Sicherheitsforschern die Modifikation der Firmware mobiler Macs. Ein Angreifer könne dadurch einen Schädling einschleusen, der sich über Thunderbolt-Adapter und Peripherie fortpflanzt.
---------------------------------------------
http://heise.de/-2767994


*** DYLD_PRINT_TO_FILE exploit found in the wild ***
---------------------------------------------
Last month, Stefan Esser blogged about a zero-day vulnerability in OS X, without having informed Apple about the problem first. Unfortunately, today has brought the discovery of the first known exploit. (Read more...)
---------------------------------------------
https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/


*** Hackers use cartons with sticks, may be foiled by watermelons ***
---------------------------------------------
Translation from Russian hack-slang: Credit card, PayPal and secure server Gaining an invite to the best of the nearly 60 websites powering the cybercrime underground is only half the fight for researchers; they also need to know that credit cards are called cartons, PayPal a stick, and bulletproof servers watermelons.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/russian_cyber_underground_update/


*** Android-Schwachstelle: Stagefright-Exploits wohl bald aktiv ***
---------------------------------------------
Erste Nachweise, dass die wohl gravierende Sicherheitslücke in Android ausnutzbar ist, sind bereits im Umlauf. Patches gibt es bereits für Android und Cynanogenmod. Bis die Hersteller sie bereitstellen, könnte Stagefright aber millionenfach missbraucht worden sein.
---------------------------------------------
http://www.golem.de/news/android-schwachstelle-stagefright-exploits-wohl-bald-aktiv-1508-115578-rss.html


*** Android MediaServer Bug Traps Phones in Endless Reboots ***
---------------------------------------------
We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android's mediaserver program. This causes a device's system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/w1VZWbnfA4c/


*** Your Password is Too Damn Short ***
---------------------------------------------
Im a little tired of writing about passwords. But like taxes, email, and pinkeye, theyre not going away any time soon. Heres what I know to be true, and backed up by plenty of empirical data:
---------------------------------------------
http://blog.codinghorror.com/your-password-is-too-damn-short/


*** Yahoo! ads! caught! spreading! CryptoWall! ransomware! AGAIN! ***
---------------------------------------------
Unpatched Flash holes exploited to inject file-scrambling nasty Yahoo!s ad network is still being used to spread ransomware to Windows PCs a year after the last big outbreak.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/yahoo_malware_ads/


*** Open source tool for deploying SSL public key pinning in iOS, OS X apps ***
---------------------------------------------
At Black Hat USA 2015, Data Theorem and Yahoo! will be unveiling TrustKi, a new, open source security toolkit that helps developers easily include complex mobile security functionality, known as SSL p...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jxmlYG4OZVA/secworld.php


*** Cybersecurity Policy and Threat Assessment for the Energy Sector ***
---------------------------------------------
INTRODUCTION: A wake-up call An HP Enterprise Security's 2014 Global Report on the Cost of Cyber Crime by the Ponemon Institute reveals some astounding aspects of the cyber-attacks on the energy utilities. First, these assets suffered the highest average annual losses from cybercrimes ($13, 2 million), closely followed by the losses caused by computer attacks...
---------------------------------------------
http://resources.infosecinstitute.com/cybersecurity-policy-and-threat-assessment-for-the-energy-sector/


*** Symantec Endpoint Protection: Gefährlicher Sicherheitslücken-Cocktail ***
---------------------------------------------
Über verschiedene Schwachstellen in Symantecs End Point Protection 12.1 können sich Angreifer in Netzwerke schleichen, beliebigen Code und Befehle ausführen und anschließend ganze Systemverbunde kapern.
---------------------------------------------
http://heise.de/-2768461


*** MatrixSSL Tiny: A TLS software implementation for IoT devices ***
---------------------------------------------
INSIDE Secure announced the availability of MatrixSSL Tiny, the world's smallest Transport Layer Security (TLS) software implementation, to allow companies to affordably secure IoT devices with string...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/mnlQoZJr0zU/secworld.php


*** Bugtraq: Mozilla extensions: a security nightmare ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536133


*** WordPress 4.2.4 Security and Maintenance Release ***
---------------------------------------------
August 4, 2015 | WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise...
---------------------------------------------
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/


*** Security Advisory: Apache vulnerability CVE-2012-0053 ***
---------------------------------------------
(SOL15273)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/200/sol15273.html?ref=rss


*** DSA-3327 squid3 - security update ***
---------------------------------------------
Alex Rousskov of The Measurement Factory discovered that Squid3, a fullyfeatured web proxy cache, does not correctly handle CONNECT method peerresponses when configured with cache_peer and operating on explicitproxy traffic. This could allow remote clients to gain unrestrictedaccess through a gateway proxy to its backend proxy.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3327


*** SSA-504631 (Last Update 2015-08-04): Incorrect Certificate Validation in COMPAS Mobile App ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-504631.pdf


*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affected IBM Workflow for Bluemix July 2015 ***
http://www.ibm.com/support/docview.wss?uid=swg21963428

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791) ***
http://www.ibm.com/support/docview.wss?uid=swg21960633

*** IBM Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities ***
http://www.ibm.com/support/docview.wss?uid=swg21962726

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational ClearQuest(CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21962816

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916) ***
http://www.ibm.com/support/docview.wss?uid=swg21902824

*** IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM MobileFirst Platform Foundation and IBM Worklight ***
http://www.ibm.com/support/docview.wss?uid=swg21961179