[CERT-daily] Tageszusammenfassung - Montag 15-06-2015

Mon Jun 15 18:16:41 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 12-06-2015 18:00 − Montag 15-06-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Hey kids, who wants to pwn a million BIOSes? ***
---------------------------------------------
IT security bods warn of dysfunctional ecosystem, fraught with vulnerability The overlooked task of patching PC BIOS and UEFI firmware vulnerabilities leaves corporations wide open to attack, a new paper by security researchers warns.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/12/bios_security_is_pants/


*** Oh look - JavaScript Droppers ***
---------------------------------------------
In a typical drive-by-download attack scenario the shellcode would download and execute a malware binary. The malware binary is usually wrapped in a dropper that unpacks or de-obfuscates and executes it. Droppers' main goal is to launch malware without being detected by antiviruses and HIPS. Nowadays the most popular way of covert launching would probably...
---------------------------------------------
http://labs.bromium.com/2015/06/12/oh-look-javascript-droppers/


*** NTP für Windows: Schaltsekunde könnte Probleme bereiten ***
---------------------------------------------
Wer den NTP-Client für Windows installiert hat, sollte vor dem 30. Juni ein Update durchführen
---------------------------------------------
http://derstandard.at/2000017430786


*** Windows Server 2003 End of Life: You Can't RIP ***
---------------------------------------------
Windows XP reached end of support last year and now it's time for another end of life: Windows Server 2003. On July 14, 2015, this widely deployed Microsoft operating system will reach its end of life - a long run since its launch in April 2003. Estimates on the number of still-active Windows Server 2003 users vary from...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/FwOEN1rriTc/


*** OPM hack: Vast amounts of extremely sensitive data stolen ***
---------------------------------------------
The extent of the breach suffered by the US Office of Personnel Management has apparently widened. Reports are coming in that the hackers have not only accessed Social Security numbers, job assign...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/FaMAmsBY66Y/secworld.php


*** Dnstwist variiert und testet Domainnamen ***
---------------------------------------------
Wer überwachen will, wie Vertipper- und Phishing-Domains für einen Domainnamen verbreitet sind, kann das Python-Skript Dnstwist nutzen. Es übernimmt viel Handarbeit und hilft bei der Analyse.
---------------------------------------------
http://heise.de/-2690418


*** The top mistakes banks make defending against hackers ***
---------------------------------------------
Many financial institutions fail to perform comprehensive risk analysis and assessment, exposing their companies and clients to enormous risk.
---------------------------------------------
https://www.htbridge.com/blog/the-top-mistakes-banks-make-defending-against-hackers.html


*** Call to participate in the EU28 Cloud Security Conference ***
---------------------------------------------
On June 16, in Riga, the Ministry of Defence of the Republic of Latvia and the European Union Agency for Network and Information Security (ENISA) will organise the EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union. The participants of the conference will discuss the cloud security in the two parallel tracks: "Legal & Compliance" and "Technologies and Solutions".
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/call-to-participate-in-the-eu28-cloud-security-conference


*** The Duqu 2.0 persistence module ***
---------------------------------------------
We have described how Duqu 2.0 does not have a normal "persistence" mechanism. This can lead users to conclude that flushing out the malware is as simple as rebooting all the infected machines. In reality, things are a bit more complicated.
---------------------------------------------
http://securelist.com/blog/research/70641/the-duqu-2-0-persistence-module/


*** Duqu 2.0 Attackers Used Stolen Foxconn Certificate to Sign Driver ***
---------------------------------------------
The attackers behind the recently disclosed Duqu 2.0 APT have used stolen digital certificates to help sneak their malware past security defenses, and one of the certificates used in the attacks was issued to Foxconn, the Chinese company that manufactures products for Apple, BlackBerry, Dell, and many other companies. Researchers at Kaspersky Lab, who discovered...
---------------------------------------------
http://threatpost.com/duqu-2-0-attackers-used-stolen-foxconn-certificate-to-sign-driver/113315


*** Massive route leak causes Internet slowdown ***
---------------------------------------------
Earlier today a massive route leak initiated by Telekom Malaysia (AS4788) caused significant network problems for the global routing system. Primarily affected was Level3 (AS3549 - formerly known as Global Crossing) and their customers. Below are some of the details as we know them now.
---------------------------------------------
https://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/


*** Cisco issues 16 patches to pop pesky peccant packets ***
---------------------------------------------
Remote code execution for some, denial of service for the rest of us Cisco has issued a string of patches for 16 faults including a fix for a possible remote code execution in its IOS and IOS XE routing software.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/15/cisco_ipv6_ios_xr_patch/


*** Vulnerabilities in Cisco Products ***
---------------------------------------------

*** Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

*** Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39339

*** Cisco IOS Software TCL Script Interpreter Privilege Escalation Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39343

*** Cisco Virtualization Experience Client 6215 Devices Command Injection Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39347


*** Novell ZENworks Mobile Management Input Validation Flaw Permits Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1032576


*** Novell Messenger 3.0 Support Pack 1 ***
---------------------------------------------
Abstract: Novell Messenger 3.0 Support Pack 1 has been released. Please be aware that there are security fixes to Messengers server and client components (see the change log below and the Readme documentation on the web). It is recommended that they are updated on an expedited basis.Document ID: 5212230Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:consoleone1.3.6h_windows.zip (46.82 MB)nm301_full_linux_multi.tar.gz (269.54 MB)nm301_client_mac_multi.zip (40.62...
---------------------------------------------
https://download.novell.com/Download?buildid=o8Y11QiTuc4~


*** DSA-3285 qemu-kvm - security update ***
---------------------------------------------
Several vulnerabilities were discovered in qemu-kvm, a fullvirtualization solution on x86 hardware.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3285


*** DSA-3284 qemu - security update ***
---------------------------------------------
Several vulnerabilities were discovered in qemu, a fast processoremulator.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3284


*** DSA-3288 libav - security update ***
---------------------------------------------
Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full list of the changes isavailable at https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4
---------------------------------------------
https://www.debian.org/security/2015/dsa-3288


*** DSA-3287 openssl - security update ***
---------------------------------------------
Multiple vulnerabilities were discovered in OpenSSL, a Secure SocketsLayer toolkit.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3287


*** DSA-3286 xen - security update ***
---------------------------------------------
Multiple security issues have been found in the Xen virtualisationsolution:
---------------------------------------------
https://www.debian.org/security/2015/dsa-3286


*** Vulnerabilities in multiple third party TYPO3 CMS extensions ***
---------------------------------------------

*** SQL Injection vulnerability in extension FAQ - Frequently Asked Questions (js_faq) ***
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-faq-frequently-asked-questions-js-faq/

*** SQL Injection vulnerability in extension Developer Log (devlog) ***
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-developer-log-devlog/

*** SQL Injection vulnerability in extension Smoelenboek (ncgov_smoelenboek) ***
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-smoelenboek-ncgov-smoelenboek/

*** SQL Injection vulnerability in extension Store Locator (locator) ***
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-store-locator-locator/

*** SQL Injection vulnerability in extension wt_directory (wt_directory) ***
http://www.typo3.org/news/article/sql-injection-vulnerability-in-extension-wt-directory-wt-directory/

*** Arbitrary Code Execution in extension Frontend User Upload (feupload) ***
http://www.typo3.org/news/article/arbitrary-code-execution-in-extension-frontend-user-upload-feupload/

*** Cross-Site Scripting in extension BE User Log (beko_beuserlog) ***
http://www.typo3.org/news/article/cross-site-scripting-in-extension-be-user-log-beko-beuserlog/

*** Arbitrary Code Execution in extension Job Fair (jobfair) ***
http://www.typo3.org/news/article/arbitrary-code-execution-in-extension-job-fair-jobfair/


*** Security Advisory - Web UI Authentication Vulnerability in Huawei E5756S ***
---------------------------------------------
Jun 15, 2015 18:00
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-441178.htm


*** Filezilla 3.11.0.2 sftp module denial of service vulnerability ***
---------------------------------------------
Topic: Filezilla 3.11.0.2 sftp module denial of service vulnerability Risk: Medium Text: # Exploit title: filezilla 3.11.0.2 sftp module denial of service vulnerability # Date: 5-6-2015 # Vendor homepage: http...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015060077


*** putty v0.64 denial of service vulnerability ***
---------------------------------------------
Topic: putty v0.64 denial of service vulnerability Risk: Medium Text: # Exploit title: putty v0.64 denial of service vulnerability # Date: 5-6-2015 # Vendor homepage: http://www.chiark.green...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015060076


*** E-Detective Lawful Interception System multiple security vulnerabilities ***
---------------------------------------------
Topic: E-Detective Lawful Interception System multiple security vulnerabilities Risk: Medium Text:Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015060075