[CERT-daily] Tageszusammenfassung - Mittwoch 21-01-2015

Wed Jan 21 18:06:04 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 20-01-2015 18:00 − Mittwoch 21-01-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Windows Firewall Hook Enumeration ***
---------------------------------------------
tl;dr: We're going look in detail at Microsoft Windows Firewall Hook drivers from Windows 2000, XP and 20003. This functionality was leverage ...
---------------------------------------------
https://www.nccgroup.com/en/blog/2015/01/windows-firewall-hook-enumeration/


*** DSA-3133 privoxy - security update ***
---------------------------------------------
https://www.debian.org/security/2015/dsa-3133


*** Siemens SCALANCE X-300/X408 Switch Family DOS Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for denial-of-service vulnerabilities in the Siemens SCALANCE X-300/X408 switch family.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-020-01


*** Schneider Electric ETG3000 FactoryCast HMI Gateway Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for multiple vulnerabilities in Schneider Electric's ETG3000 series FactoryCast HMI Gateways.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-020-02


*** Oracle Critical Patch Update Advisory - January 2015 ***
---------------------------------------------
Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ..
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html


*** Google publiziert ungepatchte Lücke in OS X 10.9.5 ***
---------------------------------------------
Nachdem der Internetriese im Rahmen seiner Responsible-Disclosure-Politik in den vergangenen Monaten gleich drei offene Windows-Lücken öffentlich machte, ist nun erstmals auch Apple dran. Der Konzern hatte offenbar nicht in der geforderten Zeit reagiert.
---------------------------------------------
http://heise.de/-2523449


*** Cisco 2015 Annual Security Report: Java ist sicherer geworden ***
---------------------------------------------
2013 war kein gutes Jahr für Java, denn etliche Sicherheitslücken sorgten für verunsicherte Anwender. Gut, dass Oracle offenbar die richtigen Weichen gestellt hat, denn im vergangenen Jahr wurden deutlich weniger Lücken festgestellt.
---------------------------------------------
http://heise.de/-2523408


*** Windows Server 2003 Reaches End of Life In July ***
---------------------------------------------
Several readers sent word that were now less than six months away from the end of support for Windows Server 2003. Though the operating systems usage peaked in 2009, it still runs on millions of machines, and many IT departments are just now starting to look at replacements. Although ..
---------------------------------------------
http://tech.slashdot.org/story/15/01/21/0423229/windows-server-2003-reaches-end-of-life-in-july


*** Bash data exfiltration through DNS (using bash builtin functions) ***
---------------------------------------------
After gaining 'blind' command execution access to a compromised Linux host, data exfiltration can be difficult when the system ibinbash2s protected by a firewall.
---------------------------------------------
https://forsec.nl/2015/01/bash-data-exfiltration-through-dns-using-bash-builtin-functions/


*** Discovering and remediating an active but disused botnet ***
---------------------------------------------
On a network I help manage, we kept getting malicious DNS alerts for 'luna1.pw' on an appliance we had installed. Due to the way the network was configured, we were able to see the name request coming in but no traffic activity. This ..
---------------------------------------------
http://colin.keigher.ca/2015/01/discovering-and-remediating-active-but.html


*** rt-sa-2014-010 ***
---------------------------------------------
The signature check of FRITZ!Box firmware images is flawed. Malicious
code can be injected into firmware images without breaking the RSA
signature. The code will be executed either if a manipulated firmware
image is uploaded by the victim or if the victim confirms an update on
the webinterface during a MITM attack.
---------------------------------------------
https://www.redteam-pentesting.de/advisories/rt-sa-2014-010.txt


*** Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK ***
---------------------------------------------
This is a fast post. I will update it heavily in the coming hours/days. I spotted an instance of Angler EK which is sending three different bullets targeting Flash Player :
---------------------------------------------
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html