[CERT-daily] Tageszusammenfassung - Mittwoch 12-08-2015

Wed Aug 12 18:06:13 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 11-08-2015 18:00 − Mittwoch 12-08-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** MS15-AUG - Microsoft Security Bulletin Summary for August 2015 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS15-AUG


*** Adobe, MS Push Patches, Oracle Drops Drama ***
---------------------------------------------
Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracles chief security officer lobbed something ..
---------------------------------------------
http://krebsonsecurity.com/2015/08/adobe-ms-push-patches-oracle-drops-drama/


*** Defending against CVE-2015-1769: a logical issue exploited via a malicious USB stick ***
---------------------------------------------
Today Microsoft released update MS15-085 to address CVE-2015-1769, an important severity security issue in Mount Manager. It affects both client and server versions, from Windows Vista to Windows 10. The goal of this blog post ..
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx


*** MSRT August 2015: Vawtrak ***
---------------------------------------------
As part of our ongoing effort to provide better malware protection, we are adding the following detections to the Microsoft Malicious Software Removal Tool (MSRT) this month:  Win32/Vawtrak  Win32/Critroni Win32/Kasidet  Critroni is a ransomware malware family that can lock your files and ask ..
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/08/11/msrt-august-2015-vawtrak.aspx


*** Emerging ransomware: Troldesh ***
---------------------------------------------
Troldesh (detected as variants of Win32/Troldesh) started to show up in the early part of 2015 and became more prevalent in June this year. Overall detections have so far lessened in July - except for a notable spike around the 8th of the month, ..
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/08/09/emerging-ransomware-troldesh.aspx


*** OpenSSH 7.0 Released ***
---------------------------------------------
An anonymous reader writes: Today the OpenSSH project maintainers announced the release of version 7.0. This release is focusing on deprecating weak and unsafe cryptographic methods, though some of the work wont be complete until 7.1. This release removes support for the following: the legacy SSH v1 protocol, ..
---------------------------------------------
http://it.slashdot.org/story/15/08/11/2340247/openssh-70-released


*** IoT security is RUBBISH says IoT vendor collective ***
---------------------------------------------
Online Trust Alliance calls on gadget vendors to stop acting like clowns A vendor group whose membership includes Microsoft, Symantec, Verisign, ADT and TRUSTe reckons the Internet of Things (IoT) market is being pushed with no regard to either ..
---------------------------------------------
http://www.theregister.co.uk/2015/08/12/iot_security_is_rubbish_says_iot_vendor_collective/


*** KCI-Angriff auf TLS missbraucht Clientzertifikate ***
---------------------------------------------
Ein komplexer Angriff nutzt eine trickreiche Kombination aus Clientzertifikaten und einem statischen Diffie-Hellman-Schlüsselaustausch. Der Angriff ist nur in sehr speziellen Situationen relevant, doch es zeigt sich wieder einmal, dass das TLS-Protokoll selbst Sicherheitslücken hat. 
---------------------------------------------
http://www.golem.de/news/schluesselaustausch-kci-angriff-auf-tls-missbraucht-clientzertifikate-1508-115699.html


*** Hacker ermöglichen Börsen-Insidergeschäfte in Millionenhöhe ***
---------------------------------------------
Pressemitteilungen beinhalten gelegentlich Informationen, die an der Börse viel Geld wert sind - vor allem, wenn sie vor ihrer Veröffentlichung in die Hände von Tätern gelangen, die damit Insidergeschäfte machen. In den USA wurde ein Verbrecherring zerschlagen, der über 100 Millionen US-Dollar damit verdient haben soll. 
---------------------------------------------
http://www.golem.de/news/pressemitteilungen-hacker-ermoeglichen-boersen-insidergeschaefte-in-millionenhoehe-1508-115704.html


*** Schneider Electric IMT25 DTM Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a memory corruption vulnerability in Schneider Electric IMT25 DTM component.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-223-01


*** Blacklists miss 90% of malware blogged IP love ***
---------------------------------------------
Correlate all the things. Threat intelligence firm RecordedFuture says popular web blacklists are missing thousands of IP addresses linked to malware data theft.
---------------------------------------------
http://www.theregister.co.uk/2015/08/12/two_shady_men_walk_into_a_bar_blacklist_report/


*** Security: Lenovos sanktioniertes Rootkit ***
---------------------------------------------
Nach einer kompletten Neuinstallation von Windows auf einem Lenovo-Laptop wurde zur Überraschung eines Anwenders plötzlich auch ein Lenovo-Dienst gestartet. Er vermutete eine Art Bios-Rootkit und lag damit offenbar gar nicht so falsch. 
---------------------------------------------
http://www.golem.de/news/security-lenovos-sanktioniertes-rootkit-1508-115717.html


*** Windows Service Accounts - Why They're Evil and Why Pentesters Love them! ***
---------------------------------------------
Windows Service Accounts have been one of those enterprise neccessary evils - things that you have to have, but nobody ever talks about or considers to be a problem. All too often, these service accounts are in the Domain Admins group, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20029


*** August 2015 Security Update Release Summary ***
---------------------------------------------
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are ..
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2015/08/11/august-2015-security-update-release-summary.aspx


*** Thunderstrike 2: Mac firmware worm details ***
---------------------------------------------
This is the annotated transcript of our DefCon 23 / BlackHat 2015 talk, which presented the full details of Thunderstrike 2, the first firmware worm for Apples Macs that can spread via both software or Thunderbolt hardware accessories and writes ..
---------------------------------------------
https://trmm.net/Thunderstrike2_details


*** Firefox Under Fire: Anatomy of latest 0-day attack ***
---------------------------------------------
On the August 6th, the Mozilla Foundation released a security update for the Firefox web browser that fixes the CVE-2015-4495 vulnerability in Firefox's embedded PDF viewer, PDF.js. This vulnerability allows attackers to bypass the same-origin policy and execute JavaScript remotely that will be ..
---------------------------------------------
http://www.welivesecurity.com/2015/08/11/firefox-under-fire-anatomy-of-latest-0-day-attack/


*** Finding Vulnerabilities in Core WordPress: A Bug Hunter's Trilogy, Part II - Supremacy ***
---------------------------------------------
In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts - describing his long path of discovered flaws and vulnerabilities in ..
---------------------------------------------
http://blog.checkpoint.com/2015/08/11/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-ii-supremacy/


*** SSD Advisory - ZendXml Multibyte Payloads XXE/XEE ***
---------------------------------------------
The XML standard defines a concept of an external entites. XXE (XML eXternal Entity) attack is an attack on an application that parses XML input from untrusted sources using incorrectly configured XML parser. The application may be forced to open arbitrary files and/or network resources. Exploiting XXE issues on PHP applications may also lead to denial of service or in some cases (for example, when an 'expect' PHP module is installed) lead to command execution.
---------------------------------------------
https://blogs.securiteam.com/index.php/archives/2550