[CERT-daily] Tageszusammenfassung - Dienstag 11-08-2015

Tue Aug 11 18:07:32 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 10-08-2015 18:00 − Dienstag 11-08-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Beliebige SSL-Zertifikate durch Missbrauch der Uralt-Internettechnik BGP ***
---------------------------------------------
Das für das globale Internet unabdingbare Border Gateway Protocol (BGP) lässt sich leicht manipulieren. Ein Hacker beschrieb auf der Black Hat, wie man darüber gültige SSL-Zertifikate für beliebige Domains ausstellen lassen kann.
---------------------------------------------
http://heise.de/-2774454


*** Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=36968


*** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=33996


*** CVE-2015-2419 - Internet Explorer Double-Free in Angler EK ***
---------------------------------------------
The Angler Exploit Kit (EK) recently added support for an Internet Explorer (IE) vulnerability (CVE-2015-2419) that was patched in July 2015. Quickly exploiting recently patched vulnerabilities is standard for Angler EK authors, but the target has been Adobe Flash Player since the ..
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/08/cve-2015-2419_inte.html


*** The Italian Connection: An analysis of exploit supply chains and digital quartermasters ***
---------------------------------------------
On July 5, 2015 an unknown hacker publicly announced on Twitter that he had breached the internal network of Hacking Team - an Italian pentesting company known ..
---------------------------------------------
http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exploit-supply-chains-and-digital-quartermasters/


*** QNAP Turbo NAS Series Devices Multiple Flaws Let Remote Users Conduct Cross-Site Scripting Attacks, Traverse the Directory, Execute Arbitrary Code, and Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1033224


*** QNAP Logging Error Lets Local Users Obtain Disk Encryption Keys ***
---------------------------------------------
http://www.securitytracker.com/id/1033223


*** Internal modem can be exploited by malware to gain persistence ***
---------------------------------------------
Two security experts at the last Def Con hacking conference have demonstrated how Internal LTE/3G modems can be hacked to help malware survive OS reinstalls Many users totally ignore that LTE/3G modems built into new business laptops and ..
---------------------------------------------
http://securityaffairs.co/wordpress/39252/hacking/internal-modem-hacking.html


*** Who's Behind Your Proxy? Uncovering Bunitu's Secrets ***
---------------------------------------------
In our previous analysis we showed how the Bunitu Trojan was distributed via the Neutrino exploit kit in various malvertising campaigns. After spending more time analyzing ..
---------------------------------------------
https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-bunitus-secrets/


*** Watch out for Costly Mobile Ads ***
---------------------------------------------
There are lots of ways you can have a bad hair day with a mobile device - a rogue app from the Play Store, a dubious file from a non-official source or even a phish attack which takes advantage of a mobile's smaller screen size. A less annoying issue is pop-ups, adverts ..
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/08/watch-out-for-costly-mobile-ads/


*** Tanksysteme ungeschützt im Netz: Leichte Beute für Hacker ***
---------------------------------------------
Bankomatkassen an Zapfsäulen wurden bereits zum Ziel von Hackerangriffen, um Daten zu stehlen. Doch Tankstellen könnten von Kriminellen im Internet auch für weitaus gefährlichere Attacken ins Visier genommen werden. Das Forscherteam von Rapid7 fand laut "Wired" ..
---------------------------------------------
http://derstandard.at/2000020547838


*** Vulnerabilities iframe <= 3.0 ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8150
https://wpvulndb.com/vulnerabilities/8149


*** Threat Group-3390 Targets Organizations for Cyberespionage ***
---------------------------------------------
Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers investigated activities associated with Threat Group-3390[1] (TG-3390). Analysis of TG-3390s operations, targeting, and tools led CTU researchers to assess with moderate confidence ..
---------------------------------------------
http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/


*** Instant KARMA Might Still Get You ***
---------------------------------------------
About a year ago, I started looking into Android applications that arent validating SSL certificates. Users of these applications could be at risk if they fall victim to a man-in-the-middle (MITM) attack. Earlier this year, I also wrote about ..
---------------------------------------------
https://insights.sei.cmu.edu/cert/2015/08/instant-karma-might-still-get-you.html


*** Dynamic DNS Security and Potential Threats ***
---------------------------------------------
Recently I began to notice a trend that Dynamic DNS providers have been repeatedly abused as a part of malware campaigns. How is dynamic DNS a threat to your enterprise? What can be done to mitigate this threat? Before we answer these questions, ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/dynamic-dns-security-and-potential-threats


*** Another Android hole: "OCtoRuTA" - One (Java) Class to Rule Them All ***
---------------------------------------------
Yet another large-scale vulnerability has been revealed in Android. This one lets an otherwise innocent-looking app go rogue, and enjoy privileges normally limited to the trusted parts of Android.
---------------------------------------------
https://nakedsecurity.sophos.com/2015/08/11/another-android-hole-octoruta-one-java-class-to-rule-them-all/


*** Kali Linux 2.0 Released ***
---------------------------------------------
We're still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new Kali Linux Dojo, which was a blast. With the help of a few good people, the Dojo rooms were set up ready for the masses - where many ..
---------------------------------------------
https://www.kali.org/releases/kali-linux-20-released/


*** Security Updates Available for Adobe Flash Player (APSB15-19) ***
---------------------------------------------
A security bulletin (APSB15-19) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1254


*** Mobilfunkdaten bei Facebook massenhaft auslesbar ***
---------------------------------------------
Einem Entwickler ist es gelungen, mit einem kleinen Skript binnen weniger Minuten zahlreiche Mobilfunknummern von Nutzern über Facebook abzufragen. Sicherheitsexperten drängen auf eine andere Voreinstellung.
---------------------------------------------
http://heise.de/-2776623