[CERT-daily] Tageszusammenfassung - Donnerstag 28-05-2015

Thu May 28 18:11:24 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 27-05-2015 18:00 − Donnerstag 28-05-2015 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl


*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39012
http://tools.cisco.com/security/center/viewAlert.x?alertId=39013
http://tools.cisco.com/security/center/viewAlert.x?alertId=39015
http://tools.cisco.com/security/center/viewAlert.x?alertId=38349
http://tools.cisco.com/security/center/viewAlert.x?alertId=39041
http://tools.cisco.com/security/center/viewAlert.x?alertId=39042


*** Microsoft to Detect Search Protection Code as Malware ***
---------------------------------------------
Microsoft security products will begin detecting software containing search protection functions and classifying it as malicious on June 1.
---------------------------------------------
http://threatpost.com/microsoft-to-detect-search-protection-code-as-malware/113027


*** ZDI-15-246: (0Day) Wavelink Emulation ConnectPro TermProxy WLTermProxyService.exe HTTP Request Headers Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation ConnectPro TermProxy. User interaction is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-246/


*** ZDI-15-245: (0Day) Wavelink Emulation License Server LicenseServer.exe HTTP Request Headers Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation License Server. User interaction is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-245/


*** Ransomware threat Locker has sleeper component ***
---------------------------------------------
KnowBe4 is alerting IT managers to be vigilant of a new ransomware threat that leverages a sleeper function.
---------------------------------------------
http://www.scmagazine.com/alert-warns-it-managers-of-locker-ransomware/article/416995


*** Apple iOS Notification Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1032408


*** Angler exploit kit pushing CryptoWall 3.0, (Thu, May 28th) ***
---------------------------------------------
In the past two days, Ive infected two hosts from Angler exploit kit (EK) domains at 216.245.213.0/24. Both hosts were infected with CryptoWall 3.0 ransomware using the same bitcoin address for the ransom payment: 16Z6sidfLrfNoxJNu4qM5zhRttJEUD3XoB On Tuesday, 2015-05-26 at 15:17 UTC, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19737


*** APPLE-SA-2015-05-27-1 OS X: Flash Player plug-in blocked ***
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2015/May/msg00002.html


*** Splunk Enterprise 6.1.8, 6.0.9, and 5.0.13 address multiple vulnerabilities ***
---------------------------------------------
Splunk Enterprise 6.1.8, 6.0.9, and 5.0.13 address multiple vulnerabilities Multiple vulnerabilities in OpenSSL versions before 1.0.1m and 0.9.8zf (SPL-98351) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on ..
---------------------------------------------
http://www.splunk.com/view/SP-CAAAN4P


*** Grabit and the RATs ***
---------------------------------------------
Not so long ago, Kaspersky clients in the United States approached Kaspersky researchers with a request to investigate a new type of malicious software that they were able to recover from their organizations' servers. The malware calls itself Grabit.
---------------------------------------------
http://securelist.com/blog/research/70087/grabit-and-the-rats/


*** Trend Micro Discovers Apache Cordova Vulnerability that Allows One-Click Modification of Android Apps ***
---------------------------------------------
We've discovered a vulnerability in the Apache Cordova app framework that allows attackers to modify the behavior of apps just by clicking a URL. The extent of the modifications can range from causing nuisance for app users to crashing the ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-apache-vulnerability-that-allows-one-click-modification-of-android-apps/


*** SAP HANA Log Injection ***
---------------------------------------------
Under certain conditions the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be ..
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015050172


*** SAP HANA Information Disclosure ***
---------------------------------------------
Under certain conditions some SAP HANA Database commands could be abused by a remote authenticated attacker to access information which
is restricted. This could be used to gain access ..
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015050171


*** SOPHOS WAF JSON Filter Bypass ***
---------------------------------------------
Topic: SOPHOS WAF JSON Filter Bypass Risk: Low Text:SECURITYLABS INTELLIGENT RESEARCH - SECURITY ADVISORY http://www.securitylabs.com.br/ ADVISORY/0115 - SOPHOS WAF (WEBSERV...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015050169


*** Phishers register domain names, hammer traditional targets ***
---------------------------------------------
The number of domain names used for phishing reached an all-time high, according to a new report by the the Anti-Phishing Working Group (APWG). Many of these were registered by ..
---------------------------------------------
http://www.net-security.org/secworld.php?id=18429


*** Crash-Benachrichtigung für iOS-Geräte: Apple stellt Bugfix in Aussicht ***
---------------------------------------------
Apple will den 'Unicode of Death'-Fehler, der iPhone und iPad durch eine bestimmte Zeichenfolge zum Absturz bringt, mit einem Software-Update beheben - das Problem betrifft weit mehr als nur iMessage.
---------------------------------------------
http://heise.de/-2669432


*** Oracle PeopleSoft admin credentials open to hackers ***
---------------------------------------------
SAP Security experts discovered a number of unpatched vulnerabilities and weaknesses in Oracle PeopleSoft that could be exploited to obtain admin passwords. The SAP security experts, Alexander Polyakov and Alexey Tyurin, revealed that Oracle ..
---------------------------------------------
http://securityaffairs.co/wordpress/37270/hacking/oracle-peoplesoft-vulnerabilities.html


*** Bugtraq: [SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices ***
---------------------------------------------
http://www.securityfocus.com/archive/1/535626


*** IDS, IPS and UTM - What's the Difference? ***
---------------------------------------------
In our last webcast, we learned about lingering and general confusion over these crazy acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive definitions, ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/ids-ips-and-utm-whats-the-difference