[CERT-daily] Tageszusammenfassung - Montag 17-08-2015

Mon Aug 17 18:19:44 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 14-08-2015 18:00 − Montag 17-08-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

*** My browser visited Weather.com and all I got was this lousy malware (Updated) ***
---------------------------------------------
New rash of malvertising attacks threatens millions of Web surfers.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/e7WRDtjeLUI/

*** Security: Neuer digitaler Erpressungsdienst aufgetaucht ***
---------------------------------------------
Encryptor RaaS nennt sich ein neuer digitaler Erpressungsdienst, der im Tor-Netzwerk aufgetaucht ist. Sein Erschaffer hat offenbar bei Reddit dafür geworben. Angeblich soll es bereits erste Kunden geben.
---------------------------------------------
http://www.golem.de/news/security-neuer-digitaler-erpressungsdienst-aufgetaucht-1508-115794-rss.html

*** Unsicheres Smart Home: "Nutzer können nichts tun" ***
---------------------------------------------
Wiener Sicherheitsforscher warnen davor aufs vernetzte Heim mit Funk-Alarmanlagen oder Türschlösser zu setzen, weil die funkgesteuerten Anlagen viele Risiken mit sich bringen.
---------------------------------------------
http://futurezone.at/digital-life/unsicheres-smart-home-nutzer-koennen-nichts-tun/147.484.799

*** Five points of failure in recovering from an attack ***
---------------------------------------------
An over emphasis on defense is leaving the financial sector exposed to cyber attack. An increase in threat levels has seen the sector bolster defenses by focusing on detection and attack response but ...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/28f1ShUbbgo/secworld.php

*** MediaServer Takes Another Hit with Latest Android Vulnerability ***
---------------------------------------------
The "hits" keep on coming for Android's mediaserver component. We have discovered yet another Android mediaserver vulnerability, which can be exploited to perform attacks involving arbitrary code execution. With this new vulnerability, an attacker would be able to run their code with the same permissions that the mediaserver program already has as part of its...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/G8BEug87d7k/

*** Google plugs Google Admin app sandbox bypass 0-day ***
---------------------------------------------
After having had some trouble with fixing a sandbox bypass vulnerability in the Google Admin Android app, the Google Security team has finally released on Friday an update that plugs the hole. Goog...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Mf7jUvjZmF0/secworld.php

*** Wieder Root-Lücke in OS X Yosemite - inklusive 10.10.5 ***
---------------------------------------------
Nachdem das jüngste Update eine Rechteausweitung behoben hatte, ist nun die nächste entdeckt worden. Demonstrationscode für einen Exploit wurde bereits veröffentlicht.
---------------------------------------------
http://heise.de/-2780509

*** BitTorrent clients can be made to participate in high-volume DoS attacks ***
---------------------------------------------
A group of researchers have discovered a new type of DoS attack that can be pulled off by a single attacker exploiting weaknesses in the BitTorrent protocol family. The weaknesses in the Micro Tran...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/FUSeWaDyIkU/secworld.php

*** In eigener Sache: Wartungsarbeiten Dienstag, 18. August 2015 ***
---------------------------------------------
In eigener Sache: Wartungsarbeiten Dienstag, 18. August 2015 | 17. August 2015 | Am Dienstag, 18. August 2015, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies kann zu kurzen Service-Ausfällen führen (jeweils im Bereich weniger Minuten). Es gehen dabei keine Daten (zb Emails) verloren, es kann sich nur die Bearbeitung etwas verzögern. In dringenden Fällen können sie uns wie gewohnt...
---------------------------------------------
http://www.cert.at/services/blog/20150817120322-1581.html

*** Windows Platform Binary Table (WPBT) - BIOS PE backdoor ***
---------------------------------------------
[...] This feature allows a BIOS to deliver the payload of an executable, which is run in memory, silently, each time a system is booted. The executable code is run under under Session Manager context (i.e. SYSTEM).
---------------------------------------------
http://www.securityfocus.com/archive/1/536181/30/0/threaded

*** VMSA-2015-0003.10 ***
---------------------------------------------
VMware product updates address critical information disclosure issue in JRE
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0003.html

*** TOTOLink Backdoor Persistence ***
---------------------------------------------
Topic: TOTOLink Backdoor Persistence Risk: High Text:Hello, This is an update to: - Backdoor and RCE found in 8 TOTOLINK router models (http://seclists.org/fulldisclosure/20...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015080073

*** Bugtraq: BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536220

*** OSIsoft PI Data Archive Server Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for 56 vulnerabilities that were identified in OSIsoft PI System software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-225-01

*** Cisco Nexus Operating System Address Resolution Protocol Denial of Service Vulnerability ***
---------------------------------------------
40469
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40469

*** Cisco TelePresence Video Communication Server Expressway Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40442

*** Cisco NX-OS Internet Group Management Protocol Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40470

*** F5 Security Advisories ***
---------------------------------------------

*** Security Advisory: Multiple MySQL vulnerabilities ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/100/sol17115.html?ref=rss

*** Security Advisory: Linux kernel vulnerability CVE-2015-1465 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/100/sol17124.html?ref=rss

*** Security Advisory: Apache Commons FileUpload vulnerability CVE-2014-0050 ***
https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15189.html?ref=rss

*** Security Advisory: Linux kernel vulnerability CVE-2015-2042 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/100/sol17118.html?ref=rss

*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Notes and Domino ***
http://www.ibm.com/support/docview.wss?uid=swg21963812

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Rational RequisitePro (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21960340

*** IBM Security Bulletin: Security Vulnerability in Apache Batik (CVE-2015-0250) ***
http://www.ibm.com/support/docview.wss?uid=swg21963994

*** IBM Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerability affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2015-1885) ***
http://www.ibm.com/support/docview.wss?uid=swg21964102

*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Content Classification CVE-2015-4760 ***
http://www.ibm.com/support/docview.wss?uid=swg21963680

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DataQuant for Workstation (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625) ***
http://www.ibm.com/support/docview.wss?uid=swg21963822

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Discovery (CVE-2015-1931 CVE-2015-2601 CVE-2015-2613 CVE-2015-2625) ***
http://www.ibm.com/support/docview.wss?uid=swg21963191

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 5, affects: Websphere Dashboard Framework ***
http://www.ibm.com/support/docview.wss?uid=swg21963164

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 5, affects: Lotus Widget Factory. ***
http://www.ibm.com/support/docview.wss?uid=swg21963161

*** Bugtraq: ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536237

*** Bugtraq: ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536236

*** Bugtraq: ESA-2015-094: RSA Archer GRC Multiple Cross-Site Request Forgery Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536235

*** Bugtraq: ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536234

*** WP REST API (WP API) <= 1.2.2 - Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8152

*** WP OAuth Server <= 3.1.4 - Insecure Pseudorandom Number Generation ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8153