[CERT-daily] Tageszusammenfassung - Dienstag 1-12-2015

Daily end-of-shift report team at cert.at
Tue Dec 1 18:11:35 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 30-11-2015 18:00 − Dienstag 01-12-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0 ***
---------------------------------------------
Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. [...] To help protect customers from potentially fraudulent use of these unconstrained digital certificates, the certificates have been deemed no longer valid by Dell Inc. and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of these certificates.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/3119884




*** SHA1 Phase Out Overview, (Mon, Nov 30th) ***
---------------------------------------------
SHA1 (Secure Hashing Algorithm 1) has been in use for about 20 years. More recently, some weaknesses have been identified in SHA1, and in general, faster computing hardware makes it more and more likely that collisions willbe found. As a result, SHA2 starts to replace SHA1and you should see this impacting your users next year. Various software will stop trusting SHA1 signatures, and users may receive warnings about invalid signatures or certificates as a result. First a very quick primer on...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20423&rss




*** Belkins N150 router is perfect for learning hacking skills - wait, what, its in production? ***
---------------------------------------------
Practice your CSRF and DNS meddling exploits here Belkins home routers can be commandeered by hackers, thanks to a Telnet backdoor, a cross-site request forgery (CSRF) vulnerability and other bugs, were told.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/12/01/hole_in_belkin_home_router/




*** DDoS-Attacken gegen griechische Banken ***
---------------------------------------------
Armada Collective weitet DDoS-Angriffe in Europa aus und erpresst nun Kreditinstitute in Griechenland.
---------------------------------------------
http://www.heise.de/newsticker/meldung/DDoS-Attacken-gegen-griechische-Banken-3028007.html?wt_mc=rss.ho.beitrag.rdf




*** Guest Talk: "Alice in the Sky - On Security of Air Traffic Control Communication" ***
---------------------------------------------
January 14, 2016 - 2:00 pm - 4:45 pm SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/guest-talk-alice-in-the-sky-on-security-of-air-traffic-control-communication/




*** Conficker, back from the undead, dominates malware threat landscape ***
---------------------------------------------
Look out, ransomware is coming up on the rails Conficker was the most common malware used to attack UK and international organisations in October, accounting for 20 per cent of all attacks globally, according to security vendor Check Point.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/12/01/conficker_dominates_threat_landscape_malware/




*** Nuclear Pack loads a fileless CVE-2014-4113 Exploit ***
---------------------------------------------
http://malware.dontneedcoffee.com/2015/12/nuclear-pack-loading-fileless-cve-2014.html




*** Reverse Engineering Intel DRAM Addressing and Exploitation ***
---------------------------------------------
We demonstrate the power of such attacks by implementing a high speed covert channel that achieves transmission rates of up to 1.5Mb/s, which is three orders of magnitude faster than current covert channels on main memory. Finally, we show how our results can be used to increase the efficiency of the Rowhammer attack significantly by reducing the search space by a factor of up to 16384.
---------------------------------------------
http://arxiv.org/abs/1511.08756




*** Dell Foundation Service ermöglicht Tracking von Nutzern ***
---------------------------------------------
Im Dell Foundation Service zur Wartung von Computern klafft eine Schwachstelle, über die Angreifer die Service-Tag-Nummer auslesen können. Eine gefixte Version steht zum Download bereit.
---------------------------------------------
http://heise.de/-3028416




*** "Crash Course - PCI DSS 3.1 is here. Are you ready?" Part II ***
---------------------------------------------
Thanks to all who attended our recent webinar, "Crash Course - PCI DSS 3.1 is here. Are you ready?". During the stream, there were a number of great questions asked by attendees that didn't get answered due to the limited time. This blog post is a means to answer many of those questions. Still have...
---------------------------------------------
https://blog.whitehatsec.com/crash-course-pci-dss-3-1-is-here-are-you-ready-part-ii/




*** l+f: Das Telegram-Protokoll macht Stalking einfach ***
---------------------------------------------
Hat man die Telefonnummer eines Telegram-Nutzers, kann man relativ einfach dessen Online-Status überwachen.
---------------------------------------------
http://heise.de/-3028550




*** Can you trust SSL encryption of your email provider? ***
---------------------------------------------
Have you ever though how secure and reliable is your SSL/TLS connection to your email servers? A brief research about encryption implementation of the most popular free email providers.
---------------------------------------------
https://www.htbridge.com/blog/can-you-trust-ssl-encryption-of-your-email-provider.html




*** Xen Heap Overflow in PC-Net II Emulator Lets Local Users on a Guest System Gain Elevated Privileges on the Host System ***
---------------------------------------------
http://www.securitytracker.com/id/1034268




*** Security Notice - Statement on Pierre Kim Revealing Security Vulnerabilities in Huawei WiMAX Routers ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-464086.htm




*** Cisco ASR 1000 Series Root Shell License Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-asa




*** Cisco Cloud Services Router 1000V Command Injection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-csr




*** Cisco Web Security Appliance Native FTP Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-wsa




*** Security Advisory 2015-03: Vulnerability discovered in OTRS FAQ package ***
---------------------------------------------
December 01, 2015 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security at otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2016-03-02] uid OTRS Security Team  GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22...
---------------------------------------------
https://www.otrs.com/security-advisory-2015-03-vulnerability-discovered-in-otrs-faq-package/


More information about the Daily mailing list