[CERT-daily] Tageszusammenfassung - Dienstag 24-03-2015

Tue Mar 24 18:11:01 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 23-03-2015 18:00 − Dienstag 24-03-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** DMARC and Spam: Why It Matters ***
---------------------------------------------
Recently I discussed how TorrentLocker spam was using email authentication for its spam runs. At the time, I suggested that these spam runs were using email authentication to gather information about victim networks and potentially improve the ability to evade spam filters. DomainKeys Identified Mail's (DKIM) own specification mentions the possibility of messages with from "trusted sources" and with a...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/W3IX-WkypVo/


*** Why enterprise IT and security teams should talk more ***
---------------------------------------------
The "It wont happen to me" mentality combined with communication gaps between the IT and security teams greatly increases enterprises risk of being breached.
---------------------------------------------
http://www.scmagazine.com/why-enterprise-it-and-security-teams-should-talk-more/article/404676/


*** Xen shows off 35-piece cloudpocalypse collection ***
---------------------------------------------
The latest fixing fashions for open-source hypervisors hit the catwalk The Xen Project has fixed 35 flaws, all rated critical, for versions 4.3 and 4.4 of its flagship hypervisor. The fixes appear to correspond to flaws identified after the late February 2014 cloudpocalypse, when major cloud providers feared they would once again need to reboot substantial parts of their server fleets to keep them secure.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/24/xen_shows_off_35piece_cloudpocalypse_collection/


*** Four advantages of an identity behavior-based approach to cybersecurity ***
---------------------------------------------
With an ever-increasing number of data breaches, more money is being poured into IT security budgets. According to Gartner, the average global security budget increased 8 percent from 2013 to 2014 and...
---------------------------------------------
http://www.net-security.org/article.php?id=2243


*** KNX-Schwachstellen: Spielen mit den Lichtern der anderen ***
---------------------------------------------
Das aktuelle KNX-Protokoll abzusichern, halten die Entwickler nicht für nötig. Denn Angreifer brauchen physischen Zugriff auf das System. Doch den bekommen sie leichter als gedacht - und können dann sogar Türöffner und Alarmanlagen steuern.
---------------------------------------------
http://www.golem.de/news/knx-schwachstellen-spielen-mit-den-lichtern-der-anderen-1503-113085-rss.html


*** BlackHat talk hibernated over 0-day in SAPs Afaria mobile manager ***
---------------------------------------------
Researcher has form as a gent: he held back disclosure of medical records leak Alexander Polyakov has been forced to withdraw a talk detailing dangerous vulnerabilities into SAPs mobile device management product Afaria scheduled to be given at BlackHat Asia Pacific this week.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/24/sap_blackhat_talk_nixed_medical_app_vulns/


*** Google deckt erneut Missbrauch im SSL-Zertifizierungssystem auf ***
---------------------------------------------
Über das Public-Key-Pinning im Webbrowser Chrome ist Google auf gefälschte Zertifikate für Google-Domains gestoßen. Diese werden von der Root-CA CNNIC beglaubigt, der viele Betriebssysteme und Browser beim Aufbau verschlüsselter Verbindungen vertrauen.
---------------------------------------------
http://heise.de/-2583414


*** The importance of standards in electronic identification and trust services providers ***
---------------------------------------------
ENISA publishes a new report on the importance of standards in the area of electronic identification and trust services providers.
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/the-importance-of-standards-in-electronic-identification-and-trust-services-providers


*** Full, cracked version of NanoCore RAT leaked, onslaught of infection attempts expected ***
---------------------------------------------
NanoCore, a lesser-known remote access Trojan (RAT), has recently been spotted being delivered to employees of energy companies in Asia and the Middle East via spear-phishing emails impersonating a le...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2995


*** Android Installer Hijacking Vulnerability Could Expose Android Users to Malware ***
---------------------------------------------
Executive Summary We discovered a widespread vulnerability in Google's Android OS we are calling "Android Installer Hijacking", estimated to impact 49.5 percent of all current Android users. In detail: Android Installer Hijacking allows an attacker...
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/03/android-installer-hijacking-vulnerability-could-expose-android-users-to-malware/


*** The average DDoS attack tripled in volume ***
---------------------------------------------
The average packet volume for DDoS attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 Gbps in the final quarter of 2014, ac...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18125


*** Privilege Gone Wild 2: Over 25% of Organizations Have No Privileged Access Controls ***
---------------------------------------------
BeyondTrust recently conducted a survey, with over 700 respondents, to explore how organizations view the risk of misuse from privileged account misuse, as well as trends in addressing and mitigating those risks.
---------------------------------------------
http://blog.beyondtrust.com/privilege-gone-wild-2-over-25-of-organizations-have-no-privileged-access-controls


*** Is Your Multi-Factor Authentication Solution the Real Thing? ***
---------------------------------------------
In infosec, multi-factor authentication is often considered a positive, constructive element of layered security. However, some people have an oversimplified view. With multi-factor authentication, there are many nuances to consider. At BSides Austin I presented on this topic.  When shopping for a multi-factor authentication solution, what should you look for? There are over 200 multi-factor authentication vendors, how do you evaluate the best one for your needs? You can weed out more the half
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/is-your-multi-factor-authentication-solution-the-real-thing


*** Why Website Reinfections Happen ***
---------------------------------------------
I joined Sucuri a little over a month ago. My job is actually as a Social Media Specialist, but we have this process where regardless of your job you have to learn what website infections look like and more importantly, how to clean them. It's this idea that regardless of you are you must always...
---------------------------------------------
http://blog.sucuri.net/2015/03/why-website-reinfections-happen.html


*** HP Security Bulletins ***
---------------------------------------------
*** HPSBST03196 rev.1- HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Code Execution ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599191

*** HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, Unauthorized Access ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04604357

*** HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code Execution, Denial of Service, Disclosure of information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04602055

*** HPSBMU03220 rev.1 - HP Shunra Network Appliance / HP Shunra Wildcat Appliance, Remote Execution of Code ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04518183

*** HPSBMU03297 rev.1- HP Helion Application Lifecycle Service (ALS) for Linux, Remote Code Execution ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04599861

*** HPSBMU03301 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Disclosure of Information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04609844

*** HPSBHF03151 rev.1 - HP Integrated Lights-Out 2 and 4 (iLO 2, iLO 4), Chassis Management (iLO CM), Remote Denial of Service, Remote Execution of Code, Elevation of Privilege ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04486432

*** HPSBHF03275 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4), Remote Disclosure of Information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04582218

*** HPSBHF03276 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4), Remote Unauthorized Access, Denial of Service (Dos) ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04582368

*** HPSBMU03292 rev.1 - HP Operations Orchestration Authentication Bypass ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595607

*** HPSBMU03291 rev.1 - HP Operations Orchestration running Powershell Operations, Remote Disclosure of Information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595417

*** HPSBMU03263 rev.1 - HP Insight Control running OpenSSL, Remote Disclosure of Information ***
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04574073


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, 2050 and 5710 are affected by vulnerabilities in NTP (CVE-2014-9293, CVE-2014-9294, CVE-2014-9297, CVE-2014-9298) ***
http://www.ibm.com/support/docview.wss?uid=swg21699578

*** IBM Security Bulletin: Vulnerabilities in IBM Rational ClearQuest (CVE-2014-8925) ***
http://www.ibm.com/support/docview.wss?uid=swg21699148

*** IBM Security Bulletin: IBM Forms Experience Builder is affected by a Dojo Toolkit vulnerability (CVE-2014-8917) ***
http://www.ibm.com/support/docview.wss?uid=swg21697448

*** IBM Security Bulletin: IBM Security Identity Manager Adapters passwords exposed in log files (CVE-2014-8923) ***
http://www.ibm.com/support/docview.wss?uid=swg21699902

*** IBM Security Bulletin: Multiple vulnerabilities IBM Java SDK affect IBM Rational Connector for SAP Solution Manager (CVE-2014-3566 CVE-2014-6457) ***
http://www.ibm.com/support/docview.wss?uid=swg21698921

*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2014-3065) ***
http://www.ibm.com/support/docview.wss?uid=swg21696456

*** IBM Security Bulletin: Multiple vulnerabilities in Java Runtime affect XIV Management Tools (CVE-2015-0410) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005143

*** IBM Security Bulletin: Multiple vulnerabilities IBM Java SDK affect IBM Rational Connector for SAP Solution Manager (CVE-2014-6593 CVE-2015-0410) ***
http://www.ibm.com/support/docview.wss?uid=swg21698695

*** IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2014-7809) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005037

*** IBM Security Bulletin: Multiple Kerberos (krb5) vulnerabilities affect PowerKVM (Multiple CVEs) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022076

*** IBM Security Bulletin: Security Bulletin: IBM i is affected by the following SAMBA vulnerabilities: CVE-2015-0240 ***
http://www.ibm.com/support/docview.wss?uid=nas8N1020638


*** EMC Documentum xMS information disclosure ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/101741


*** DSA-3203 tor - security update ***
---------------------------------------------
Several denial-of-service issues have been discovered in Tor, aconnection-based low-latency anonymous communication system.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3203


*** InBoundio Marketing Plugin <= 2.0.3 - Shell Upload ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7864