[CERT-daily] Tageszusammenfassung - Freitag 31-07-2015

Fri Jul 31 18:12:34 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 30-07-2015 18:00 − Freitag 31-07-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** Derelict TrueCrypt Russia portal is command hub for Ukraine spying op ***
---------------------------------------------
Backdoored code slung at officials, journos etc Malware used to attack Ukrainian government, military, and major news agencies in the country, was distributed from the Russian portal of encryption utility TrueCrypt, new research has revealed.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/30/truecrypt_ru_hub/


*** Username Enumeration against OpenSSH-SELinux with CVE-2015-3238 ***
---------------------------------------------
I recently disclosed a low-risk vulnerability in Linux-PAM < 1.2.1 , which allows attackers to conduct username enumeration and denial of service attacks. Below I will provide more technical details about this vulnerability. The Past Time-based username enumeration is an...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Username-Enumeration-against-OpenSSH-SELinux-with-CVE-2015-3238/


*** Flash Threats: Not Just In The Browser ***
---------------------------------------------
July has been a fairly poor month for Adobe Flash Player security, to say the least. Three separate zero-day vulnerabilities (all courtesy of the Hacking Team dump) have left many people concerned about Flash security, with many (including this blog) calling for it to go away. Some sort of reaction from Adobe to improve Flash...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/6YRcRVFMKYg/


*** Bundestags-Hack: Reparatur des Bundestagsnetzes soll vier Tage dauern ***
---------------------------------------------
Das Netzwerk des Bundetages soll zwischen dem 13. und 17. August 2015 neu aufgesetzt werden. In dieser Zeit wird es komplett abgeschaltet. Auch E-Mails können dann nicht mehr empfangen oder versendet werden.
---------------------------------------------
http://www.golem.de/news/bundestags-hack-reparatur-des-bundestagsnetzes-soll-vier-tage-dauern-1507-115518-rss.html


*** Compromised site serves Nuclear exploit kit together with fake BSOD ***
---------------------------------------------
Support scammers not lying about a malware infection for a change.During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted to trick the user into falling for a support scam.When a (legitimate) website includes (legitimate) advertisements, these ads themselves are rarely included in the HTML code. Rather, the...
---------------------------------------------
http://www.virusbtn.com/blog/2015/07_31.xml?rss


*** MMS Not the Only Attack Vector for "Stagefright" ***
---------------------------------------------
Earlier this week Zimperium zLabs revealed an Android vulnerability which could be used to install malware on a device via a simple multimedia message. This vulnerability, now known as Stagefright, has gained a lot of attention for the potential attacks it can cause. Stagefright makes it possible, for example, for an attacker to install a spyware app...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fiKsjboNusw/


*** Real World Ramifications of Cyber Attacks ***
---------------------------------------------
Warning: the following blog contains gratuitous use of sarcasm and hyperbole from the start. Reader discretion is advised. And so, ladies and gentlemen, it has finally happened. The Internet-of-Things has risen up, Skynet style, and we are doomed. This much prophesied event finally came to pass with reports of hackers disabling cars from miles away, and altering rifle trajectories. At last, it seems, the crossover has been made from the digital world to the physical one; the end is nigh. Then...
---------------------------------------------
https://blog.team-cymru.org/2015/07/real-world-ramifications-of-cyber-attacks/


*** Symantec Endpoint Protection Multiple Issues ***
---------------------------------------------
Revisions None Severity CVSS2 Base Score ...
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150730_00


*** Cisco Security Advisories ***
---------------------------------------------

*** Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k

*** Cisco Prime Central Hosted Collaboration Solution Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40214

*** Cisco IM and Presence Service Reflected Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40217

*** Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40175

*** Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40223


*** Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Password Storage Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a password storage vulnerability in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-211-01


*** ZDI-15-372: IBM Tivoli Storage Manager FastBack Server Opcode 4755 Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/lONzWRepYUI/


*** ZDI-15-373: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Files Restore Agents Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Np2gm5rVOXQ/


*** ZDI-15-374: IBM Tivoli Storage Manager FastBack Server Opcode 1365 Volumes Restore Agents Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/zJI4EVNVvMM/


*** ZDI-15-375: IBM Tivoli Storage Manager FastBack Server Opcode 4115 Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/x0uVs7pbpJo/


*** ZDI-15-376: IBM Tivoli Storage Manager FastBack Server Opcode 8192 Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/L9RNtcsUYnU/


*** More IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us