[CERT-daily] Tageszusammenfassung - Freitag 22-05-2015

Fri May 22 18:09:33 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 21-05-2015 18:00 − Freitag 22-05-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Fake jQuery Scripts in Nulled WordPress Plugins ***
---------------------------------------------
We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not a server-side redirect, rather it happened due to some script loaded by the web pages. A quick look through the HTML code revealed this script: It was very suspicious for...
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/NmLDakrD_1U/fake-jquery-scripts-in-nulled-wordpress-pugins.html


*** Researchers publish developer guidance for medical device security ***
---------------------------------------------
The guidance is organized into 10 categories, and serves as "starting point for a more complete code," report authors said.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/jvWoZydXqwc/


*** Researchers observe SVG files being used to distribute ransomware ***
---------------------------------------------
When downloaded and executed, the SVG files cause websites to open up that download what appears to be CryptoWall ransomware.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/Aa-yVI5Bd-A/


*** Exploring CVE-2015-1701 - A Win32k Elevation of Privilege Vulnerability Used in Targeted Attacks ***
---------------------------------------------
Our analysis of the win32k.sys vulnerability used in a recent targeted attack reveals that it opens up an easy way to bypass the sandbox, making it a bigger threat than originally thought. As mentioned in Microsoft security bulletin MS15-051, CVE-2015-1701 is an elevation of privilege vulnerability that exists when the Win32k.sys kernel-mode driver improperly handles...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RuzGqW0kQdY/


*** Digital Agenda Seminar: European Cyber Security Month ***
---------------------------------------------
Within the context of European Cyber Security Month (ECSM) preparations, the ENISA team is organising several seminars and trainings in order to build up the coalition for Cybersecurity Education action. You are invited to participate in the second seminar in Berlin, Germany on June 5th, 2015. 
In this half-day seminar we discuss and provide the latest information on Digital Agenda topics such as e-skills, Network Information Security, educational tools and advocacy initiatives. To participate it is necessary to confirm  participation to daria.catalui at enisa.europa.eu by June 4th, 2015.
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/digital-agenda-seminar-european-cyber-security-month


*** Daten von Millionen zurückgesetzten Android-Smartphones wiederherstellbar ***
---------------------------------------------
Wer sein Android-Smartphone verkauft hat, muss befürchten, dass trotz gelöschten Gerätespeichers noch private Daten wie etwa Nachrichten und Log-in-Daten im Speicher schlummern, die unter Umständen wiedergehergestellt werden können.
---------------------------------------------
http://heise.de/-2663267


*** Forensic Analysis of Smartphone Factory Reset Function ***
---------------------------------------------
ADISA, the organisation that sets security standards around the secure disposal of IT Assets, has released new research into the forensic analysis of smartphone factory reset functions. Written by Steve Mellings, Founder of ADISA, and Professor Andrew Blyth of the University of South Wales, the white paper explores how effective smartphone factory reset functions actually are at removing data. This data is then used to offer businesses and individual users advice on how best to protect their...
---------------------------------------------
http://www.informationsecuritybuzz.com/forensic-analysis-of-smartphone-factory-reset-function/


*** When Security Makes Users Asleep! ***
---------------------------------------------
It's a fact, in industries or on building sites, professional people make mistakes or, worse, get injured. Why? Because their attention is reduced at a certain point. When you're doing the same job all day long, you get tired and lack of concentration. The same can apply in information security! For a long time, more and more solutions are deployed in companies to protect their data and users. Just...
---------------------------------------------
http://blog.rootshell.be/2015/05/22/when-security-makes-users-asleep/


*** Citrix Security Advisory for DHE_EXPORT TLS Vulnerability CVE-2015-4000 ***
---------------------------------------------
A TLS protocol vulnerability has been recently disclosed that could result in attackers being able to intercept and modify SSL/TLS encrypted traffic ...
---------------------------------------------
http://support.citrix.com/article/CTX201114


*** Citrix Security Advisory for CVE-2015-3456 ***
---------------------------------------------
Citrix is aware of the recent vulnerability that has been reported against the Xen hypervisor. This issue is known as the ...
---------------------------------------------
http://support.citrix.com/article/CTX201078


*** python-kerberos checkPassword() spoofing ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/103310


*** Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38946


*** ICU Buffer Overflows in resolveImplicitLevels() Let Remote Users Deny Service and Potentially Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1032366


*** Schneider Electric OFS Server Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a DLL hijacking vulnerability in the Schneider Electric OPC Factory Server (OFS) server application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01


*** Emerson AMS Device Manager SQL Injection Vulnerability ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on April 21, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for an SQL injection vulnerability in the Emerson AMS Device Manager application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-111-01


*** OleumTech WIO Family Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-14-202-01 OleumTech WIO Family Vulnerabilities that was published July 21, 2014. This advisory provides vulnerability details in the OleumTech WIO family including the sensors and the DH2 data collector.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-14-202-01A


*** HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code ***
---------------------------------------------
A potential security vulnerability has identitfied with HP Helion OpenStack. The vulnerability could be exploited resulting in Denial of Service (DoS) or execution of arbitrary code.
---------------------------------------------
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04685037


*Next End-of-Shift report on 2015-05-26*