[CERT-daily] Tageszusammenfassung - Freitag 4-12-2015

Fri Dec 4 18:09:11 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 03-12-2015 18:00 − Freitag 04-12-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** No more security fixes for older OpenSSL branches ***
---------------------------------------------
The OpenSSL Software Foundation has released new patches for the popular open-source cryptographic library, but for two of its older branches they will likely be the last security updates.This could spell trouble for some enterprise applications that bundle the 0.9.8 or 1.0.0 versions of OpenSSL and for older systems -- embedded devices in particular -- where updates are rare.OpenSSL 1.0.0t and 0.9.8zh, which were released Thursday, are expected to be the last updates because support for these...
---------------------------------------------
http://www.cio.com/article/3011882/no-more-security-fixes-for-older-openssl-branches.html#tk.rss_security


*** Automatic MIME Attachments Triage ***
---------------------------------------------
[The post Automatic MIME Attachments Triage has been first published on /dev/random]A few weeks ago I posted a diary on the ISC SANS website about a script to automate the extraction and analyze of MIME attachments in emails. Being the happy owner of an old domain (15y), this domain is present in all spammer's mailing lists. I'm receiving a lot of spam and I like it. It helps me to collect interesting files and URLs. But...
---------------------------------------------
https://blog.rootshell.be/2015/12/04/automatic-mime-attachments-triage/


*** Automating Phishing Analysis using BRO, (Fri, Dec 4th) ***
---------------------------------------------
Determining the effectiveness of Phishing campaigns using metrics is great to be able to target awareness training for users and determining the effectiveness of your technical controls. The main questions you are trying to answer are :   How many people were targeted by the phish?   How many people replied? (If applicable)   How many people visited the website in the email?   How many people submitted credentials to the website?
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20441&rss


*** "Bau keine eigenen Protokolle": Vodafone verletzt mit Secure E-Mail die erste Kryptoregel ***
---------------------------------------------
Vodafones neuer E-Mail-Dienst Secure E-Mail soll den Austausch verschlüsselter E-Mails kinderleicht machen. Das Unternehmen macht jedoch in seiner Ankündigung kaum Angaben zur Sicherheit der verwendeten Verfahren. Deshalb haben wir nachgefragt - und sind verwirrt.
---------------------------------------------
http://www.golem.de/news/bau-keine-eigenen-protokolle-vodafone-verletzt-mit-secure-e-mail-die-erste-kryptoregel-1512-117795-rss.html


*** New edition of Windows 10 turns security nightmares into reality ***
---------------------------------------------
Windows 10 IoT Core Pro lets thing-makers opt-out of security updates Microsofts released a new edition of Windows 10.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/12/04/new_version_of_windows_10_turns_security_nightmares_into_reality/


*** An Introduction to Image File Execution Options ***
---------------------------------------------
Image File Execution Options are used to intercept calls to an executable. Its in use for debugging, replacing and stopping specific executables.Categories:  All Things DevTags: IFEOImage File Execution OptionsPieter ArntzregistrySecurity.hijack(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/development/2015/12/an-introduction-to-image-file-execution-options/


*** Can you keep Linux-based ransomware from attacking your servers? ***
---------------------------------------------
According to SophosLabs, Linux/Ransm-C ransomware is one example of the new Linux-based ransomware attacks, which in this case is built into a small command line program and designed to help crooks extort money through Linux servers. These Linux ransomware attacks are moving away from targeting end users and gravitating toward targeting Linux servers, web servers specifically, with a piece of software that encrypts data and is similar to what we've seen in previous years such as...
---------------------------------------------
http://www.csoonline.com/article/3010996/application-security/can-you-keep-linux-based-ransomware-from-attacking-your-servers.html#tk.rss_applicationsecurity


*** Serverseitiges JavaScript: Node.js-Patch nun verfügbar ***
---------------------------------------------
Das Update adressiert die letzte Woche gemeldete DoS-Schwachstelle und den Zugriffsfehler bei der JavaScript-Engine V8. Gleichzeitig umfasst es die ebenfalls diese Woche aktualisierten OpenSSL-Bibliotheken.
---------------------------------------------
http://heise.de/-3031934


*** XML Secure Coding ***
---------------------------------------------
ABSTRACT The XML (Extensible markup language) is a buzzword over the internet, rapidly maturing technology with powerful real world application, especially for management, organization, and exhibition of data. XML technology is solely concerned with the structure and description of data that are typically transported across the network in a bid for easily sharing between diverse...
---------------------------------------------
http://resources.infosecinstitute.com/xml-secure-coding/


*** White hats, FBI and cops team up for Dorkbot botnet takedown ***
---------------------------------------------
Your four-year reign of terror is (temporarily) over Operations of the Dorkbot botnet have been disrupted following an operation that brought together law enforcement agencies led by the FBI, Interpol and Europol, and various infosec firms.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/12/04/dorkbot_botnet_takedown/


*** Millions of smart TVs, phones and routers at risk from old vulnerability ***
---------------------------------------------
A three-year-old vulnerability in a software component used in millions of smart TVs, routers and phones still hasnt been patched by many vendors, thus posing a risk, according to Trend Micro.Although a patch was issued for the component in December 2012, Trend Micro found 547 apps that use an older unpatched version of it, wrote Veo Zhang, a mobile threats analyst."These are very popular apps that put millions of users in danger; aside from mobile devices, routers, and smart TVs are all...
---------------------------------------------
http://www.cio.com/article/3012073/security/millions-of-smart-tvs-phones-and-routers-at-risk-from-old-vulnerability.html#tk.rss_security


*** hashcat and oclHashcat have gone open source ***
---------------------------------------------
https://hashcat.net/forum/thread-4880.html
https://github.com/hashcat/


*** DSA-3413 openssl - security update ***
---------------------------------------------
Multiple vulnerabilities have been discovered in OpenSSL, a SecureSockets Layer toolkit. The Common Vulnerabilities and Exposures projectidentifies the following issues:
---------------------------------------------
https://www.debian.org/security/2015/dsa-3413


*** DFN-CERT-2015-1868: Redis: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1868/


*** Cisco Nexus 5000 Series USB Driver Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-nexus


*** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Standards Processing Engine (CVE-2015-7450) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21972329


*** IBM Security Bulletin: Vulnerability in Apache Commons affects Watson Explorer and Watson Content Analytics (CVE-2015-7450) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21971733


*** IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by multiple vulnerabilities in OpenSSL including Logjam ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098960


*** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2015-7450) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21972215


*** VU#294607: Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF ***
---------------------------------------------
Vulnerability Note VU#294607 Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF Original Release date: 04 Dec 2015 | Last revised: 04 Dec 2015   Overview The Lenovo Solution Center application contains multiple vulnerabilities that can allow an attacker to execute arbitrary code with SYSTEM privileges.  Description CWE-732: Incorrect Permission Assignment for Critical ResourceLenovo Solution Center creates a service called LSCTaskService, which runs with...
---------------------------------------------
http://www.kb.cert.org/vuls/id/294607


*** SearchBlox File Exfiltration Vulnerability ***
---------------------------------------------
This advisory provides mitigations details for a file exfiltration vulnerability in SearchBlox's web-based proprietary search engine application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-337-01


*** Honeywell Midas Gas Detector Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on November 5, 2015, and is being released to the ICS-CERT web site. This advisory provides mitigation details for two vulnerabilities in Honeywell's Midas gas detector.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02


*** WordPress Cool Video Gallery 1.9 Command Injection ***
---------------------------------------------
Topic: WordPress Cool Video Gallery 1.9 Command Injection Risk: Low Text:Title: Command Injection in cool-video-gallery v1.9 Wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-11-29 ...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015120031