[CERT-daily] Tageszusammenfassung - Freitag 27-02-2015

Fri Feb 27 18:16:02 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 26-02-2015 18:00 − Freitag 27-02-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** #JetLeak: Jetty-Webserver gibt Verbindungsdaten preis ***
---------------------------------------------
Der Jetty-Server steckt unter anderem in Hadoop, Heroku, Eclipse und der Google AppEngine. Angreifer können eine jetzt entdeckte Lücke dazu nutzen, Daten aus den Verbindungen anderer Nutzer auszuspionieren.
---------------------------------------------
http://heise.de/-2560894


*** Spam Uses Default Passwords to Hack Routers ***
---------------------------------------------
In case you needed yet another reason to change the default username and password on your wired or wireless Internet router: Phishers are sending out links that, when clicked, quietly alter the settings on vulnerable routers to harvest online banking credentials and other sensitive data from victims. Sunnyvale, Calif. based security firm Proofpoint said it recently detected a four-week spam...
---------------------------------------------
http://krebsonsecurity.com/2015/02/spam-uses-default-passwords-to-hack-routers/


*** Adventures in Xen exploitation ***
---------------------------------------------
tl;drThis post is about my experience trying to exploit the Xen SYSRET bug (CVE-2012-0217).This issue was patched in June 2012 and was dis ...
---------------------------------------------
https://www.nccgroup.com/en/blog/2015/02/adventures-in-xen-exploitation/


*** Sicherheits-Tool PrivDog telefoniert nach Hause - unverschlüsselt ***
---------------------------------------------
Das vermeintliche Sicherheits-Tool PrivDog steht erneut in der Kritik, denn es sendet alle besuchten URLs unverschlüsselt an den Hersteller.
---------------------------------------------
http://heise.de/-2560926


*** Dridex Downloader Analysis ***
---------------------------------------------
Introduction Yesterday I received in my company inbox an email with an attached .xlsm file named D92724446.xlsm coming from Clare588 at 78-83-77-53.spectrumnet.bg. Central and local AV engines did not find anything malicious, and a multiengine scan got 0/57 as result. I decided to investigate a little more in-depth in order to confirm that was a malicious file...
---------------------------------------------
http://resources.infosecinstitute.com/dridex-downloader-analysis/


*** D-Link remote access vulnerabilities remain unpatched ***
---------------------------------------------
D-Link routers have several unpatched vulnerabilities, the worst of which could allow an attacker to gain total control over a device, according to a systems engineer in Canada. Peter Adkins, who does security research in his free time, released details of the flaws on Thursday. Adkins said in a phone interview that he has been in intermittent contact with D-Link since Jan. 11 on the issues, but the company has not indicated when it might patch.
---------------------------------------------
http://www.cio.com/article/2889994/dlink-remote-access-vulnerabilities-remain-unpatched.html


*** Microsoft Malware Protection Center assists in disrupting Ramnit ***
---------------------------------------------
Recent disruption of the Ramnit malware family was successful due to a multinational collaboration, led by Europol's European Cybercrime Center (EC3), in partnership with Financial Services and Information Sharing & Analysis Center (FS-ISAC), Symantec, AnubisNetworks, Microsoft's Digital Crimes Unit (DCU), and the Microsoft Malware Protection Center (MMPC). The MMPC has been closely monitoring Ramnit since its discovery in April 2010, as you can see by reading:  Ramnit - The...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/02/25/microsoft-malware-protection-center-assists-in-disrupting-ramnit.aspx


*** The Evil CVE: CVE-666-666 - "Report Not Read" ***
---------------------------------------------
I had an interesting discussion with a friend this morning. He explained that, when he is conducting a pentest, he does not hesitate to add sometimes in his report a specific finding regarding the lack of attention given to the previous reports. If some companies are motivated by good intentions and ask for regular pentests against their infrastructure or a specific application, what if they even don't...
---------------------------------------------
http://blog.rootshell.be/2015/02/26/the-evil-cve-cve-666-666-report-not-read/


*** Weekly Metasploit Wrapup ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2015/02/26/weekly-metasploit-wrapup


*** Threatpost News Wrap, February 27, 2015 ***
---------------------------------------------
Mike Mimoso and Dennis Fisher discuss the news of the last week, including the Superfish fiasco, the Gemalto SIM hack controversy and the continuing NSA drama.
---------------------------------------------
http://threatpost.com/threatpost-news-wrap-february-27-2015/111312


*** VMSA-2015-0001.1 ***
---------------------------------------------
VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0001.html


*** Security Advisory: BIG-IP ASM cross-site scripting (XSS) vulnerability CVE-2015-1050 ***
---------------------------------------------
(SOL16081)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/000/sol16081.html?ref=rss


*** Security Advisory: OpenSSL vulnerability CVE-2014-0160 ***
---------------------------------------------
(SOL15159)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/100/sol15159.html?ref=rss


*** Security Advisory: XSS vulnerability in echo.jsp CVE-2014-4023 ***
---------------------------------------------
(SOL15532)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/500/sol15532.html?ref=rss


*** Cisco Security Notices ***
---------------------------------------------
*** Vulnerability in IPv6 Neighbor Discovery in Cisco IOS and IOS-XE Software ***
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0632

*** Vulnerability in Authentication Proxy Feature in Cisco IOS Software ***
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2188

*** Cisco Common Services Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0594

*** Cisco ACE 4710 Application Control Engine and Application Neworking Manager Cross-Site Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0651
---------------------------------------------


*** DSA-3176 request-tracker4 - security update ***
---------------------------------------------
Multiple vulnerabilities have been discovered in Request Tracker, anextensible trouble-ticket tracking system. The Common Vulnerabilitiesand Exposures project identifies the following problems:
---------------------------------------------
https://www.debian.org/security/2015/dsa-3176


*** Network Vision IntraVue Code Injection Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a code injection vulnerability in Network Vision's IntraVue software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-057-01


*** [2015-02-27] Multiple vulnerabilities in Loxone Smart Home ***
---------------------------------------------
Multiple design and implementation flaws within Loxone Smart Home enable an attacker to control arbitrary devices connected to the system, execute JavaScript code in the users browser, steal the users credentials and cause a denial of service.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150227-0_Loxone_Smart_Home_Multiple_Vulnerabilities_v10.txt


*** TYPO3 CMS 6.2.10 released ***
---------------------------------------------
The TYPO3 Community announces the version 6.2.10 LTS of the TYPO3 Enterprise Content Management System.
---------------------------------------------
http://www.typo3.org/news/article/typo3-cms-6210-released/


*** IBM Security Bulletin: Rational Integration Tester component in Rational Test Workbench affected by Netty vulnerability (CVE-2014-3488) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21695042


*** IBM Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Castor Library vulnerablity (CVE-2014-3004) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21695037


---------------------------------------------
*** Huge-IT Slider - SQL Injection ***
https://wpvulndb.com/vulnerabilities/7811

*** CrossSlide jQuery Plugin <= 2.0.5 - Stored XSS & CSRF ***
https://wpvulndb.com/vulnerabilities/7812

*** WPBook - CSRF ***
https://wpvulndb.com/vulnerabilities/7813

*** WPBook <= 2.7 - Cross-Site Request Forgery (CSRF) ***
https://wpvulndb.com/vulnerabilities/7813

*** WP Media Cleaner <= 2.2.6 - Cross-Site Scripting (XSS) ***
https://wpvulndb.com/vulnerabilities/7814
---------------------------------------------