[CERT-daily] Tageszusammenfassung - Mittwoch 25-02-2015

Wed Feb 25 18:13:49 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 24-02-2015 18:00 − Mittwoch 25-02-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Security Advisory - WP-Slimstat 3.9.5 and lower ***
---------------------------------------------
Advisory for: WP-Slimstat Security Risk: Very high Exploitation level: Remote DREAD Score: 8/10 Vulnerability: Weak Cryptographic keys leading to SQL injections Patched Version: 3.9.6 WP-Slimstat's users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by breaking the plugin's weak "secret" key, use to perform a SQL...
---------------------------------------------
http://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html


*** Finding Unknown Malware ***
---------------------------------------------
If you have ever been given the mission to "Find Evil" on a compromised system, you understand the enormity of that tasking. In this technical presentation, Alissa will introduce sound methodology for identifying malware, using strategies based on "Knowing Normal", "Data Reduction" and "Least Frequency of Occurrence" in order to identify malicious binaries and common methods of persistence. The skills and tools presented here will aid in efficient...
---------------------------------------------
http://blog.malwareresearch.institute/video/2015/02/24/finding-unknown-malware


*** A new strain of banking trojan VAWTRAK uses Macros and abuses Windows PowerShell ***
---------------------------------------------
Security experts at TrendMicro observed significant improvements in VAWTRAK banking trojan which couples use malicious macros and Windows PowerShell. Early 2015 the Microsoft Malware Protection Center (MMPC) issued an alert about a surge in the infections of malware using macros to spread their malicious code. The experts MMPC have observed a significant increase in enable-macros ...
---------------------------------------------
http://securityaffairs.co/wordpress/34107/cyber-crime/vawtrak-uses-macros-windows-powershell.html


*** Scanning Internet-exposed Modbus devices for fun & fun ***
---------------------------------------------
[...] here is a scan I have run against the whole IPv4 address space, looking for Internet-exposed Modbus services.
---------------------------------------------
http://pierre.droids-corp.org/blog/html/2015/02/24/scanning_internet_exposed_modbus_devices_for_fun___fun.html


*** "Surreptitiously Weakening Cryptographic Systems" ***
---------------------------------------------
New paper: "Surreptitiously Weakening Cryptographic Systems," by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart. Abstract: Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses taxonomy. This allows comparing different...
---------------------------------------------
https://www.schneier.com/blog/archives/2015/02/surreptitiously_1.html


*** Mozilla Thunderbird Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1031792


*** Mozilla Firefox Multiple Flaws Let Remote Users Deny Service, Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1031791


*** FreeBSD IGMP Integer Overflow Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031798


*** Splunk Enterprise 6.2.2 addresses two vulnerabilities ***
---------------------------------------------
Description Splunk Enterprise version 6.2.2 addresses two vulnerabilities Multiple vulnerabilities in OpenSSL prior to 1.0.1k (SPL-95203, CVE-2014-3572, CVE-2015-0204) Splunk Web crashes due to specific HTTP requests (SPL-93754) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in...
---------------------------------------------
http://www.splunk.com/view/SP-CAAANV8


*** Software Toolbox Top Server Resource Exhaustion Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a resource exhaustion vulnerability in the Software Toolbox Top Server application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-055-01


*** Kepware Resource Exhaustion Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a resource exhaustion vulnerability in the Kepware Technologies DNP Master Driver for the KEPServerEX Communications Platform.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-055-02


*** Schneider Electric Invensys Positioner Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a buffer overflow vulnerability in the Device Type Manager software for Schneider Electric's Invensys SRD Control Valve Positioner product line.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-055-03


*** HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP System Management Homepage running OpenSSL on Linux and Windows. This vulnerability is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04571379


*** IBM Security Bulletins ***
---------------------------------------------
Rational Reporting for Development Intelligence - OpenSSL support for SSL 3.0 Fallback protection + 3 other CVEs
http://www.ibm.com/support/docview.wss?uid=swg21697194

AppScan Enterprise can be affected by multiple vulnerabilities (CVE-2014-6136, CVE-2014-8918)
http://www.ibm.com/support/docview.wss?uid=swg21697249

Rational Insight - Jazz Reporting Service report results can be viewed without user log-in (CVE-2014-6115)
http://www.ibm.com/support/docview.wss?uid=swg21697034

Rational Reporting for Development Intelligence - Jazz Reporting Service report results can be viewed without user log-in (CVE-2014-6115)
http://www.ibm.com/support/docview.wss?uid=swg21697035

Tivoli Storage Manager client encryption key password vulnerability (CVE-2014-4818)
http://www.ibm.com/support/docview.wss?uid=swg21697022

Tivoli Common Reporting(TCR) iFixes for Security Vulnerability
http://www.ibm.com/support/docview.wss?uid=swg21695800

Multiple vulnerabilities in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)
http://www.ibm.com/support/docview.wss?uid=swg21697112

Vulnerabilities in OpenSSL affect IBM Systems Director (CVE-2014-3513 and CVE-2014-3567)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097159

Rational Insight - OpenSSL support for SSL 3.0 Fallback protection + 3 other CVEs
http://www.ibm.com/support/docview.wss?uid=swg21697193
---------------------------------------------


*** Cisco UCS C-Series Integrated Management Controller Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0633