[CERT-daily] Tageszusammenfassung - Freitag 29-05-2015

Daily end-of-shift report team at cert.at
Fri May 29 18:18:48 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 28-05-2015 18:00 − Freitag 29-05-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** The Empire Strikes Back Apple - how your Mac firmware security is completely broken ***
---------------------------------------------
[...] What is that hole after all? Is Dark Jedi hard to achieve on Macs? No, it's extremely easy because Apple does all the dirty work for you. What the hell am I talking about? Well, Apple's S3 suspend-resume implementation is so f*cked up that they will leave the flash protections unlocked after a suspend-resume cycle.
---------------------------------------------
https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/




*** HITB Amsterdam Wrap-Up Day #1 ***
---------------------------------------------
The HITB crew is back in the beautiful city of Amsterdam for a new edition of their security conference. Here is my wrap-up for the first day! The opening keynote was assigned to Marcia Hofmann who worked for the EFF (the Electronic Frontier Foundation). Her keynote title was: "Fighting for Internet Security in the New Crypto Wars". EFF always fight for more privacy and she reviewed the history of encryption and...
---------------------------------------------
http://blog.rootshell.be/2015/05/28/hitb-amsterdam-wrap-up-day-1-2/




*** Sicherheitslücken: Fehler in der Browser-Logik ***
---------------------------------------------
Mit relativ simplen Methoden ist es dem 18-jährigen Webentwickler Bas Venis gelungen, schwerwiegende Sicherheitslücken im Chrome-Browser und im Flash-Plugin aufzudecken. Er ruft andere dazu auf, nach Bugs in der Logik von Browsern zu suchen.
---------------------------------------------
http://www.golem.de/news/sicherheitsluecken-fehler-in-der-browser-logik-1505-114343-rss.html




*** Tor: Hidden Services leichter zu deanonymisieren ***
---------------------------------------------
Das Tor-Protokoll erlaubt es Angreifern relativ einfach, die Kontrolle über die Verzeichnisserver sogenannter Hidden Services zu erlangen. Dadurch ist die Deanonymisierung von Traffic deutlich einfacher als beim Zugriff auf normale Webseiten.
---------------------------------------------
http://www.golem.de/news/tor-hidden-services-leichter-zu-deanonymisieren-1505-114347.html




*** Crypto flaws in Blockchain Android app sent Bitcoins to the wrong address ***
---------------------------------------------
A comedy of programming errors could prove catastrophic for affected users.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/9dMUjIT6yyo/




*** ZyXEL schützt seine Router vor NetUSB-Lücke ***
---------------------------------------------
Mit Sicherheits-Updates schließt der Netzwerkausrüster ZyXEL die kritische NetUSB-Lücke in allen betroffenen Modellen.
---------------------------------------------
http://heise.de/-2671364




*** Lessons learned from Flame, three years later ***
---------------------------------------------
Three years ago, on May 28th 2012, we announced the discovery of a malware known as Flame. Since that, we reported on many other advanced malware platform. Looking back at the discovery of Flame, here are some lessons we learned.
---------------------------------------------
http://securelist.com/blog/opinions/70149/lessons-learned-from-flame-three-years-later/




*** Phishing Gang is Audacious Manipulator ***
---------------------------------------------
Cybercriminals who specialize in phishing -- or tricking people into giving up usernames and passwords at fake bank and ecommerce sites -- arent generally considered the most sophisticated crooks, but occasionally they do exhibit creativity and chutzpah. Thats most definitely the case with a phishing gang that calls itself the "Manipulaters Team", whose Web site boasts that it specializes in brand research and development.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/qKqrwDK8oQ8/




*** A Drafty House: Analysis of the Current Use of AWS EC2 Security Groups ***
---------------------------------------------
After a very confusing set of results from a survey we ran and exploring the new world of threat detection and incident response in AWS, we decided to go out and do a little research to see how the world was faring with the new security features in Amazon AWS. In short, we can safely say there is a good chunk of the EC2 users who left their front door open (actually with this analogy they also left their back door, side window, and garage open). Our analysis showed that users are:  Using...
---------------------------------------------
https://feeds.feedblitz.com/~/93538286/0/alienvault-blogs~A-Drafty-House-Analysis-of-the-Current-Use-of-AWS-EC-Security-Groups




*** Stegosploit hides malicious code in images, this is the future of online attacks ***
---------------------------------------------
Stegosploit is the technique developed by the security researcher Saumil Shah that allows an attacker to embed executable JavaScript code within an image. The security researcher Saumil Shah from Net Square security has presented at Hack In The Box conference in Amsterdam his Stegosploit project which allows an attacker to embed executable JavaScript code within an...
---------------------------------------------
http://securityaffairs.co/wordpress/37302/hacking/stegosploit-malware-images.html




*** Statistics on botnet-assisted DDoS attacks in Q1 2015 ***
---------------------------------------------
One popular DDoS scenario is a botnet-assisted attack. In Q1 2015, 23,095 botnet-assisted DDoS attacks were reported. These statistics refer to those botnets which were detected and analyzed by Kaspersky Lab.
---------------------------------------------
http://securelist.com/blog/research/70071/statistics-on-botnet-assisted-ddos-attacks-in-q1-2015/




*** Linux Kernel __driver_rfc4106_decrypt() Buffer Overflow May Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1032416




*** Pivotal Cloud Foundry directory traversal ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/103449




*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us




*** IBM Cognos Business Intelligence Developer 10.2.1 (backURL) Open Redirect ***
---------------------------------------------
Input passed via the backURL GET parameter in /p2pd/servlet/dispatch is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5244.php




*** DSA-3274 virtualbox - security update ***
---------------------------------------------
Jason Geffner discovered a buffer overflow in the emulated floppydisk drive, resulting in potential privilege escalation.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3274




*** IDS RTU 850 Directory Traversal Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a directory traversal vulnerability in IDS RTU 850C.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-148-01




*** Security Notice - Statement on Security Researchers Revealing Security Issues on Huawei Products in HITB SecConf ***
---------------------------------------------
May 29, 2015 17:47
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-436642.htm




*** Security Notice-Statement on the Wooyun-disclosed XSS Vulnerability in Huawei Smartphone Browser ***
---------------------------------------------
May 29, 2015 17:43
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-436633.htm




*** SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=36740




*** HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information.
---------------------------------------------
https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=1432904051426.876444892.199480143&docId=emr_na-c04676133




*** HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
---------------------------------------------
https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=1432904065175.876444892.199480143&docId=emr_na-c04576624




*** HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
---------------------------------------------
https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=1432904087214.876444892.199480143&docId=emr_na-c04574073




*** HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
---------------------------------------------
https://h20566.www2.hp.com/hpsc/doc/public/display?ac.admitted=1432904104641.876444892.199480143&docId=emr_na-c04571454


More information about the Daily mailing list