[CERT-daily] {Spam?} Tageszusammenfassung - Freitag 8-05-2015

Daily end-of-shift report team at cert.at
Fri May 8 18:13:21 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 07-05-2015 18:00 − Freitag 08-05-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Upcoming Security Updates for Adobe Reader and Acrobat (APSB15-10) ***
---------------------------------------------
A prenotification Security Advisory has been posted regarding upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, May 12, 2015. We will continue to provide updates on the upcoming release via the Security Advisory as well as the Adobe PSIRT blog.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1193




*** Compromised WordPress sites leaking credentials ***
---------------------------------------------
Zscaler recently observed a credentials leak campaign on multiple WordPress sites. The compromised sites run backdoor code, which activates when the user submits login credentials. The credentials are encoded and sent to an attacker website in the form of a GET request. Till now, we have identified only one domain "conyouse.com" which is collecting all the credentials from these compromised
---------------------------------------------
http://feedproxy.google.com/~r/zscaler/research/~3/63XGcunva0k/compromised-wordpress-sites-leaking.html




*** GPU-based malware, the evolution of rootkits and keyloggers ***
---------------------------------------------
Malware developers have presented two proof-of-concept malware, a rootkit and a keylogger, which exploit the GPU of the infected host. Malware authors always demonstrate a great creativity and the ability to propose even more effective solutions, recently developers have published two strains of malware, Jellyfish rootkit and the Demon keylogger, that implement an unusual way to run on a victim's...
---------------------------------------------
http://securityaffairs.co/wordpress/36634/malware/gpu-based-malware.html




*** Almost EVERY SAP install hackable, researchers say ***
---------------------------------------------
Even worse when you tinker with it. A staggering 95 percent of enterprise SAP installations contain high-severity vulnerabilities that could allow systems to be hijacked, researchers say.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/05/08/sap_95_percent_vulnerable/




*** l+f: Kritische Lücke in Überwachungs-Software für kritische Systeme ***
---------------------------------------------
Über einen Bug in Symantecs Server-Überwachungs-Software können Angreifer den Systemen beliebige Dateien unterjubeln und diese ausführen.
---------------------------------------------
http://heise.de/-2638669




*** The USBKILL anti-forensics tool - it doesnt do *quite* what it says on the tin ***
---------------------------------------------
A hacker who very modestly goes by the handle Hephaestos has just announced an "anti-forensic kill switch" dubbed, well, usbkill. It doesnt do quite what the name might suggest, and it could cut either way, so use it with care!
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/tzGEjCOTbq4/




*** Flawed Open Smart Grid Protocol is a risk for Smart Grid ***
---------------------------------------------
More than four million smart meters and similar devices worldwide are open to cyber attacks due to the security issued in the Open Smart Grid Protocol. The Open Smart Grid Protocol (OSGP) is a family of specifications published by the European Telecommunications Standards Institute (ETSI) that are implemented today by more than four million smart...
---------------------------------------------
http://securityaffairs.co/wordpress/36648/hacking/flaws-open-smart-grid-protocol.html




*** IETF spezifiziert Richtlinien für den Einsatz von Verschlüsselung ***
---------------------------------------------
Das Gremium für Internet-Standards dokumentiert Richtlinien für den sinnvollen Einsatz der Transportverschlüsselung TLS. Der RFC 7525 enthält gute Anleitungen, Tipps und Hinweise auf Fallstricke für jeden, der Verschlüsselung selbst einrichtet.
---------------------------------------------
http://heise.de/-2639221




*** Angreifer können Viren-Scanner von BullGuard und Panda lahmlegen ***
---------------------------------------------
Mehrere Antiviren-Anwendungen von BullGuard und Panda weisen eine Sicherheitslücke auf, über die Angreifer die Schutzfunktionen deaktivieren können.
---------------------------------------------
http://heise.de/-2639307




*** DSA-3253 pound - security update ***
---------------------------------------------
Pound, a HTTP reverse proxy and load balancer, had several issuesrelated to vulnerabilities in the Secure Sockets Layer (SSL) protocol.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3253




*** Sentinel 7.3 HF1 (Sentinel 7.3.0.1) Build 1800 7.3.0.1 ***
---------------------------------------------
Abstract: Sentinel 7.3.0.1 upgrade patch for Sentinel 7.Document ID: 5202070Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.3.0.1-1817.x86_64.tar.gz.sha256 (109 bytes)sentinel_server-7.3.0.1-1817.x86_64.tar.gz (1.67 GB)Products:Sentinel 7.1SentinelSentinel 7.1.1Sentinel 7.1.2Sentinel 7.XSentinel 7.3Sentinel 7.2.2Sentinel 7.2.1Sentinel 7.2Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=mBuUwDq2kD0~




*** Rockwell Automation RSLinx Classic Vulnerability ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on April 21, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for a stack-based buffer overflow vulnerability in Rockwell Automation's OPCTest.exe, which is a test client for RSLinx Classic's support of the OPC-DA protocol.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02




*** VMSA-2015-0003.7 ***
---------------------------------------------
VMware product updates address critical information disclosure issue in JRE
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0003.html




*** ZDI Security Advisories for EMC AutoStart and for ManageEngine Products ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/published/




*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM WebSphere Real Time ***
http://www.ibm.com/support/docview.wss?uid=swg21902444

*** IBM Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Tivoli System Automation for Multiplatforms (CVE-2015-2808) ***
http://www.ibm.com/support/docview.wss?uid=swg21882749

*** IBM Security Bulletin: Multiple Kernel vulnerabilities affect PowerKVM (Multiple CVEs) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022146

*** IBM Security Bulletin: A Security Vulnerability exists in the Dojo runtime that affects Rational Application Developer ***
http://www.ibm.com/support/docview.wss?uid=swg21883926

*** Security Bulletin: Vulnerability in SSLv3 affects Upward Integration Modules (UIM) (CVE-2014-3566) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097659

*** IBM Security Bulletin: PowerKVM is affected by a Qemu vulnerability (CVE-2015-1779) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022149

*** IBM Security Bulletin: Multiple Unzip vulnerabilities affect PowerKVM (Multiple CVEs) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022145

*** IBM Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Endpoint Manager (CVE-2015-2808) ***
http://www.ibm.com/support/docview.wss?uid=swg21883852

*** Security Bulletin: Vulnerability in RC4 stream cipher affects IBM ToolsCenter (CVE-2015-2808) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097676


More information about the Daily mailing list