[CERT-daily] Tageszusammenfassung - Dienstag 2-06-2015

Daily end-of-shift report team at cert.at
Tue Jun 2 18:07:55 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 01-06-2015 18:00 − Dienstag 02-06-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit ***
---------------------------------------------
What follows is a detailed analysis of the root cause of a vulnerability we call CVE-2015-X, as well as a step-by-step explanation of how to trigger it. For more on Flash vulnerabilities, we also invite you...
---------------------------------------------
http://feedproxy.google.com/~r/PaloAltoNetworks/~3/JsuXUOWrYYM/




*** DYRE Banking Malware Upsurges; Europe and North America Most Affected ***
---------------------------------------------
Online banking users in Europe and North America are experiencing the upsurge of DYRE, a malware family notorious for the multiple ways it steals data and its ties to parcel mule scams, among others. There has been a 125% increase of DYRE-related infections worldwide this quarter compared to the last, proving that cybercriminal interest in...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/HyDW9pkWWws/




*** Malvertising infected millions of users in 2015 ***
---------------------------------------------
New research from Malwarebytes has found that malvertising is one of the primary infection vectors used to reach millions of consumers this year. The analysis looked at the three large scale zero-...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/9go1s-jFKtc/malware_news.php




*** Playing with IP Reputation with Dshield & OSSEC ***
---------------------------------------------
[This blogpost has also been published as a guest diary on isc.sans.org] When investigating incidents or searching for malicious activity in your logs, IP reputation is a nice way to increase the reliability of generated alerts. It can help to prioritize incidents. Let's take an example with a WordPress blog. It will, sooner or later, be targeted by a brute-force attack on the default /wp-admin page. In...
---------------------------------------------
http://blog.rootshell.be/2015/06/02/playing-with-ip-reputation-with-dshield-ossec/




*** Bugtraq: WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/535663




*** Red Hat JBoss Fuse and A-MQ XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Files ***
---------------------------------------------
http://www.securitytracker.com/id/1032442




*** Xen Security Advisories XSA-128, XSA-129, XSA-130, XSA-131 ***
---------------------------------------------
Potential unintended writes to host MSI message data field via qemu, PCI MSI mask bits inadvertently exposed to guests, Guest triggerable qemu MSI-X pass-through error messages, Unmediated PCI register access in qemu
---------------------------------------------
http://xenbits.xen.org/xsa/




*** USN-2625-1: Apache HTTP Server update ***
---------------------------------------------
Ubuntu Security Notice USN-2625-12nd June, 2015apache2 updateA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummarySeveral security improvements have been made to the Apache HTTP Server.Software description apache2 - Apache HTTP server  DetailsAs a security improvement, this update makes the following changes tothe Apache package in Ubuntu 12.04 LTS:Added support for ECC keys and ECDH ciphers.The SSLProtocol configuration directive now allows specifying
---------------------------------------------
http://www.ubuntu.com/usn/usn-2625-1/




*** USN-2624-1: OpenSSL update ***
---------------------------------------------
Ubuntu Security Notice USN-2624-11st June, 2015openssl updateA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryThe export cipher suites have been disabled in OpenSSL.Software description openssl - Secure Socket Layer (SSL) cryptographic library and tools  DetailsAs a security improvement, this update removes the export cipher suitesfrom the default cipher list to prevent their use in possible
---------------------------------------------
http://www.ubuntu.com/usn/usn-2624-1/




*** Cisco Headend Digital Broadband Delivery System Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39133




*** HPSBGN03269 rev.2 - HP StoreAll OS, Remote Code Execution ***
---------------------------------------------
A potential security vulnerability has been identified with HP StoreAll OS. This is the GNU C Library (glibc) vulnerability known as "GHOST" which could be exploited remotely resulting in execution of code.
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599438




*** PCRE Heap Overflow in Regex Processing Lets Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1032453


More information about the Daily mailing list