[CERT-daily] Tageszusammenfassung - Freitag 9-01-2015

Fri Jan 9 18:13:37 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 08-01-2015 18:00 − Freitag 09-01-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** AIX for penetration testers (SANS Reading Room) ***
---------------------------------------------
AIX is a widely used operating system by banks, insurance companies, power stations and universities. The operating system handles various sensitive or critical information for these services. There is limited public information for penetration testers about AIX hacking, compared the other common operating systems like Windows or Linux.
---------------------------------------------
https://www.sans.org/reading-room/whitepapers/unix/aix-penetration-testers-35672


*** Datenschutzpanne in Mac OS X Yosemite ***
---------------------------------------------
Die Spotlight genannte Suchfunktion der aktuellen Mac-OS-X-Version hat erneut ein Datenschutzproblem: Stößt sie auf HTML-Mails, lädt sie ungefragt Inhalte aus externen Quellen nach - zur Freude der Spammer.
---------------------------------------------
http://www.heise.de/security/meldung/Datenschutzpanne-in-Mac-OS-X-Yosemite-2514198.html


*** Netflix Credentials Targeted By Phishing Campaign ***
---------------------------------------------
A new malicious email campaign has been observed by security researchers to target customers of Netflix by feeding them a message purporting to be an important notification from the media streaming service. ... Users are advised to check the legitimacy of the emails straight on the official page of the service and to avoid clicking on the provided link. All phishing messages can be forwarded to phishing at netflix.com for investigation.
---------------------------------------------
http://news.softpedia.com/news/Netflix-Credentials-Targeted-By-Phishing-Campaign-469405.shtml


*** Microsoft advanced notification service changes. , (Fri, Jan 9th) ***
---------------------------------------------
Quite a few of you have written in to let us know that Microsoft is changing the way in which they provide information (thanks to you all). ">You can read the full blog here --">/archive/2015/01/08/evolving-advance-notification-service-ans-in-2015.aspx In a nutshell if you want to be advised in advance younow need to register, select the products used and you will then be provided with information relating to the patches that will be released. If you are a premier customer your...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19167&rss


*** Banking Trojans Disguised As ICS/SCADA Software Infecting Plants ***
---------------------------------------------
Researcher spots spike in traditional financial malware hitting ICS/SCADA networks -- posing as popular GE, Siemens, and Advantech HMI products. A renowned ICS/SCADA security researcher has discovered a surprising twist in cyberattacks hitting plant floor networks: traditional banking Trojan malware posing as legitimate ICS software updates and files rather than the dreaded nation-state custom malware in the wake of Stuxnet.
---------------------------------------------
http://www.darkreading.com/attacks-breaches/banking-trojans-disguised-as-ics-scada-software-infecting-plants/d/d-id/1318542


*** OpenBSD Releases a Portable Version of OpenNTPD ***
---------------------------------------------
Noryungi (70322) writes Theo De Raadt roundly criticized NTP due to its recent security advisories, and pointed out that OpenBSD OpenNTPD was not vulnerable. However, it also had not been made portable to other OS in a long time. Brent Cook, also known for his work on the portable version of LibreSSL (OpenBSD cleanup and refactoring of OpenSSL) decided to take the matter in his own hands and released a new portable version of OpenNTPD. Everyone rejoice, compile and report issues!
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/NJ1R-3x9MVI/story01.htm


*** No, the Linux leap second bug WONT crash the web ***
---------------------------------------------
Fear the fear, not the second There's a reason space missions don't launch on the day a leap second is added to international clocks.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/01/09/leap_second_bug_linux_hysteria/


*** Asus-Router schutzlos bei Angriffen aus dem eigenen Netz ***
---------------------------------------------
Mindestens die Router RT-AC66 und RT-N66U können von Angreifern aus dem LAN komplett gekapert werden. Wahrscheinlich sind weitere Modelle betroffen. Firmware-Updates, die das Loch stopfen, gibt es noch nicht.
---------------------------------------------
http://www.heise.de/security/meldung/Asus-Router-schutzlos-bei-Angriffen-aus-dem-eigenen-Netz-2515120.html


*** USN-2456-1: GNU cpio vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2456-18th January, 2015cpio vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Ubuntu 10.04 LTSSummaryThe GNU cpio program could be made to crash or run programs if itopened a specially crafted file or received specially crafted input.Software description cpio - a program to manage archives of files  DetailsMichal Zalewski discovered an out of bounds write issue in theprocess_copy_in...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2456-1/


*** Cisco Unified Communications Domain Manager Platform High CPU DoS Vulnerability ***
---------------------------------------------
CVE-2014-8020
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8020


*** Cisco WebEx Meetings Server Authentication Bypass Vulnerability ***
---------------------------------------------
CVE-2014-8033
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8033


*** DSA-3122 curl - security update ***
---------------------------------------------
Andrey Labunets of Facebook discovered that cURL, an URL transferlibrary, fails to properly handle URLs with embedded end-of-linecharacters. An attacker able to make an application using libcurl toaccess a specially crafted URL via an HTTP proxy could use this flaw todo additional requests in a way that was not intended, or insertadditional request headers into the request.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3122


*** DSA-3121 file - security update ***
---------------------------------------------
Multiple security issues have been found in file, a tool/library todetermine a file type. Processing a malformed file could result indenial of service. Most of the changes are related to parsing ELFfiles.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3121


*** Emerson HART DTM Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for an improper input vulnerability in the CodeWrights HART DTM library utilized in Emerson's HART DTM.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-008-01-0


*** Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a stack-based buffer overflow vulnerability in the Wonderware InTouch Access Anywhere Server product.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-008-02


*** TP-Link TL-WR840N Cross Site Request Forgery ***
---------------------------------------------
Topic: TP-Link TL-WR840N Cross Site Request Forgery Risk: Low Text:Classification: //Dell SecureWorks/Confidential - Limited External Distribution: # # * Title: TP-...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015010041


*** Wireshark Security Advisories ***
---------------------------------------------
wnpa-sec-2015-05. TLS/SSL decryption crash. Fixed in 1.12.3, 1.10.12. | wnpa-sec-2015-04. SMTP dissector crash. Fixed in 1.12.3, 1.10.12. | wnpa-sec-2015-03. DEC DNA Routing Protocol dissector crash. Fixed in 1.12.3, 1.10.12. | wnpa-sec-2015-02. LPP dissector crash. Fixed in 1.12.3, 1.10.12. | wnpa-sec-2015-01. WCCP dissector crash. Fixed in 1.12.3, 1.10.12.
---------------------------------------------
https://www.wireshark.org/security/


*** Several vulnerabilities have been found in the third party TYPO3 extensions ***
---------------------------------------------
extension "Content Rating": http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-002/ | extension "Content Rating Extbase": http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-003/
---------------------------------------------
http://typo3.org/teams/security/security-bulletins