[CERT-daily] Tageszusammenfassung - Freitag 26-06-2015

Fri Jun 26 18:05:24 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 25-06-2015 18:00 − Freitag 26-06-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport


*** Magento Platform Targeted By Credit Card Scrapers ***
---------------------------------------------
We've been writing a lot about E-Commerce hacks and PCI Compliance recently. The more people buy things online, the more of an issue this will be come and the more important it will ..
---------------------------------------------
https://blog.sucuri.net/2015/06/magento-platform-targeted-by-credit-card-scrapers.html


*** MMD-0034-2015 - New ELF Linux/DES.Downloader on Elasticsearch CVE-2015-1427 exploit ***
---------------------------------------------
This is a tough writing, and will be many addition will be added after the initial release. We are pushed to release this as alert of an on going attack, it is a real malware incident ..
---------------------------------------------
http://blog.malwaremustdie.org/2015/06/mmd-0034-2015-new-elf.html


*** That shot you heard? SSLv3 is now DEAD ***
---------------------------------------------
Its joined the choir invisible We really, really, really mean it this time: take SSL3 and bury ..
---------------------------------------------
http://www.theregister.co.uk/2015/06/26/that_shot_you_heard_sslv3_is_now_dead/


*** EU-Ermittler zerschlagen Ring von Online-Banking-Betrügern ***
---------------------------------------------
Verschiedenen Behörden aus Europa haben eine erfolgreiche Operation gegen Cyber-Kriminelle durchgeführt, die im großen Stil über alle Kontinente verteilt Banking-Trojaner eingesetzt haben.
---------------------------------------------
http://heise.de/-2729777


*** Windows Server 2003 noch auf Drittel aller Server: Support-Ende im Juli ***
---------------------------------------------
Am 14. Juli endet der Support von Windows Server 2003, Server 2003 R2 und Small Business Server 2003. Ab dann wird es für das zwölf Jahre alte System keine neuen Updates, Hotfixes oder Sicherheits-Aktualisierung mehr geben.
---------------------------------------------
http://derstandard.at/2000018075592


*** Polycom RealPresence Resource Manager critical vulnerabilities allow surveillance on conferences ***
---------------------------------------------
Multiple remote vulnerabilities (arbitrary file disclosure, path traversal, arbitrary file upload, privilege escalation in the web application) combined with local vulnerabilities (sudo misconfiguration, weak filesystem permissions) allow an ..
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150626-0_Polycom_RealPresence_Resource_Manager_Critical_Vulnerabilities_v10.txt


*** Siemens Climatix BACnet/IP Communication Module Cross-site Scripting Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for an identified cross-site scripting vulnerability in the Siemens Climatix BACnet/IP communication module.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-176-01


*** PACTware Exceptional Conditions Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a handling of exceptional conditions vulnerability in the PACTware Consortium PACTware application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-176-02


*** Latest spam filter test sees significant drop in catch rates ***
---------------------------------------------
Despite a drop in catch rates, 15 products earn a VBSpam award, with four earning a VBSpam+ award.Spam is notoriously volatile and thus, while we like to make the news headlines with our tests as much as anyone, we would warn against ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/06_26.xml


*** ZDI-15-262: HP System Management Homepage Single Sign On Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard System Management Homepage. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-262/