[CERT-daily] Tageszusammenfassung - Dienstag 20-01-2015

Tue Jan 20 18:08:22 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 19-01-2015 18:00 − Dienstag 20-01-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** How Was Your Credit Card Stolen? ***
---------------------------------------------
Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and ..
---------------------------------------------
http://krebsonsecurity.com/2015/01/how-was-your-credit-card-stolen/


*** Symantec Data Center Security: Server Advanced, Multiple Security Issues on Management Server and Protection Policies Rule Bypass ***
---------------------------------------------
The management server for Symantec Critical System Protection (SCSP) 5.2.9 and Data Center Security: Server Advanced (SDCS:SA) 6.0.x is susceptible to security issues which could enable privileged access to the management server.  Rules in the prevention policies could be bypassed if deployed to SCSP/SDCS:SA agents to restrict access to specific host functionality.
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150119_00


*** Verschlüsselung: Neue Angriffe auf RC4 ***
---------------------------------------------
Zwei Forscherteams kündigen unabhängig voneinander an, bald neue Angriffe gegen den RC4-Verschlüsselungsalgorithmus vorzustellen. Knapp ein Prozent der Webserver setzt immer noch ausschließlich auf RC4. 
---------------------------------------------
http://www.golem.de/news/verschluesselung-neue-angriffe-auf-rc4-1501-111805.html


*** PlugX Malware Found in Official Releases of League of Legends, Path of Exile ***
---------------------------------------------
Hacks in Taiwan (HITCON), a security conference hosted in that country, has discovered an attack involving several online games. Official releases of two popular online games were found to be compromised, downloading malware onto computers. HITCON worked with Trend Micro to provide a clean-up ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/plugx-malware-found-in-official-releases-of-league-of-legends-path-of-exile


*** Symantec Critical System Protection Multiple Flaws Let Remote Authenticated Users Execute Arbitrary Code, Inject SQL Commands, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information ***
---------------------------------------------
Multiple vulnerabilities were reported in Symantec Critical System Protection. A remote authenticated user can execute arbitrary code on the target system. A remote user can conduct cross-site scripting attacks. A remote authenticated ..
---------------------------------------------
http://www.securitytracker.com/id/1031566


*** Moodle Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks ***
---------------------------------------------
Multiple vulnerabilities were reported in Moodle. A remote user can cause denial of service conditions. A remote user can conduct cross-site scripting and cross-site request forgery attacks. A remote user can obtain potentially sensitive information.
---------------------------------------------
http://www.securitytracker.com/id/1031557


*** F-Secure: Bios-Trojaner aufzuspüren, ist "fast aussichtslos" ***
---------------------------------------------
Weil die Antivirenhersteller keine Muster von Regierungs-Malware haben, die PC-Komponenten auf Firmware-Ebene infiziert, können sie diese kaum entdecken. Mikko Hypponen von F-Secure sieht vor allem die Hardwarehersteller in der Pflicht.
---------------------------------------------
http://www.golem.de/news/f-secure-bios-trojaner-aufzuspueren-ist-fast-aussichtslos-1501-111811.html


*** Glorious Leaders Not-That-Glorious Malwares - Part 2 ***
---------------------------------------------
This is second (and last) part of the analysis of Korean Central News Agency Malware. If you havent read the first part yet, I would suggest reading that first here. First of all I should mention that its not launch.exe and ..
---------------------------------------------
https://www.codeandsec.com/Glorious-Leaders-Not-That-Glorious-Malwares-Part-2


*** Owning Modems And Routers Silently ***
---------------------------------------------
Do you have cable internet? Own a surfboard modem? Since most of my buddies in AZ do, I sent them to this page and to my amusement, they got knocked off the net for a few minutes. How? Javascript. Specifically a CSRF in the Motorolla Surfboard.
---------------------------------------------
http://www.gironsec.com/blog/2015/01/owning_modems_and_routers_silently/


*** Libavcodec: Fehler erlauben Codeausführung in VLC-Codecbibliothek ***
---------------------------------------------
Speziell präparierte Videodateien können zur Codeausführung unter anderem in VLC genutzt werden. Dessen Entwickler verhalten sich aber zurückhaltend, zudem werfen die Berichte einige Fragen auf. 
---------------------------------------------
http://www.golem.de/news/libavcodec-fehler-erlauben-codeausfuehrung-in-vlc-codecbibliothek-1501-111816.html


*** Go Static or Go Home - Inviting the Trojan Horse Inside ***
---------------------------------------------
And then, after all that spending on all that complexity for defense, some of us go on to install a DCMS (Dynamic Content Management System) as our public-facing web server. This approach is like building a mighty walled city and then inviting the Trojan horse inside, or making Achilles invulnerable to harm except for his heel.
---------------------------------------------
http://queue.acm.org/detail.cfm?id=2721993


*** ENISA Warns of Internet Vulnerabilities (InfoRiskToday) ***
---------------------------------------------
The Internet infrastructure remains susceptible to a variety of threats, including routing attacks, DNS spoofing and poisoning attacks and distributed denial-of-service disruptions. But a number of best practices can help prevent related exploits, a new EU government study says.
---------------------------------------------
http://www.inforisktoday.com/enisa-warns-internet-vulnerabilities-a-7814


*** Session Hijacking Cheat Sheet ***
---------------------------------------------
'Session Hijacking' is an old and routine topic in the field of application security. To make it more interesting, in this article, we are going to focus on different ways it can be performed. Introduction for beginners Web ..
---------------------------------------------
http://resources.infosecinstitute.com/session-hijacking-cheat-sheet/


*** Paper: Nesting doll: unwrapping Vawtrak ***
---------------------------------------------
Raul Alvarez unwraps the many layers of an increasingly prevalent banking trojan.Banking trojans remain one of the most prevalent kinds of malware. Among them, trojans based on Zeus have long been the most prevalent, but in recent months a relatively new trojan has been challenging the reign of Zeus: Vawtrak.Also known as Neverquest or Snifula, Vawtrak initially targeted users of Japanese banking systems, but it has since broadened its scope. In a recent paper (pdf), Sophos researcher James
---------------------------------------------
http://www.virusbtn.com/blog/2015/01_20.xml


*** GoDaddy CSRF Vulnerability Allows Domain Takeover ***
---------------------------------------------
tl;dr: An attacker can leverage a CSRF vulnerability to take over domains registered with GoDaddy. The vulnerability has been patched.
---------------------------------------------
http://breakingbits.net/2015/01/18/taking-over-godaddy-accounts-using-csrf/


*** Finding Privilege Escalation Flaws in Linux ***
---------------------------------------------
We often tend to ignore privilege escalation flaws. In order to take advantage of these vulnerabilities, an attacker first needs to have access to the system itself. But in particular for systems that many users have access to, it can be difficult to monitor them all for compromised ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19207