[CERT-daily] Tageszusammenfassung - Mittwoch 11-11-2015

Wed Nov 11 18:13:32 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 10-11-2015 18:00 − Mittwoch 11-11-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** November 2015 Security Update Release Summary ***
---------------------------------------------
Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released.  More information about this month's security updates and advisories can be found in the Security TechNet Library.   MSRC Team
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2015/11/10/november-2015-security-update-release-summary.aspx


*** MSRT November 2015: Detection updates ***
---------------------------------------------
The Microsoft Malicious Software Removal Tool (MSRT) is updated monthly with new malware detections - so far this year we have added 29 malware families. This month we are updating our detections for some of the malware families already included in the tool. We choose the malware families we add to the MSRT each month using several criteria. One of the most common reasons is the prevalence of a family in the malware ecosystem. For example, in recent months we focused on...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/11/10/msrt-november-2015-detection-updates.aspx


*** Patchday: Adobe pflegt den Flash-Patienten ***
---------------------------------------------
Flash liegt mal wieder auf dem OP-Tisch und wird geflickt. Nutzer sollten ihren Flash-Patienten zügig behandeln, denn die Lücken gelten als kritisch. Exploits sollen aber noch nicht kursieren.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Patchday-Adobe-pflegt-den-Flash-Patienten-2916509.html?wt_mc=rss.ho.beitrag.rdf


*** What You Should Know about Triangulation Fraud and eBay ***
---------------------------------------------
The increasing phenomenon of triangulation fraud on eBay has led to a published analysis on behalf of the company, as to how buyers should get informed and what they should pay attention to. Over the past few months, a new phenomenon has risen and its proportions have been growing exponentially. It seems that, even if...
---------------------------------------------
http://securityaffairs.co/wordpress/41891/cyber-crime/triangulation-fraud-and-ebay.html


*** Symantec Endpoint Protection: Alte Sicherheitslücke bricht wieder auf ***
---------------------------------------------
Eine totgeglaubte Schwachstelle ist wieder da, da ein älterer Patch nur Teile des Problems angegangen ist. Das aktuelle Update für Symantecs Endpoint Protection soll es nun richten und noch weitere Schwachstellen abdichten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Symantec-Endpoint-Protection-Alte-Sicherheitsluecke-bricht-wieder-auf-2917002.html?wt_mc=rss.ho.beitrag.rdf


*** What Happens to Hacked Social Media Accounts ***
---------------------------------------------
This article is going to look at a few reasons why a social media account is hacked. The goal is for you to understand why you will want to better protect your account, regardless of whether or not you see yourself as "important".
---------------------------------------------
http://www.tripwire.com/state-of-security/security-awareness/what-happens-to-hacked-social-media-accounts/


*** InstaAgent: Passwort-sammelnder Instagram-Client fliegt aus App Store und Google Play ***
---------------------------------------------
Die App, die Nutzern verschiedene Zusatzinformationen zu ihrem Profil bei Facebooks populärem Foto-Dienst verspricht, sendete offenbar Instagram-Benutzernamen und Passwort im Klartext an einen Dritt-Server.
---------------------------------------------
http://heise.de/-2917792


*** GasPot Integrated Into Conpot, Contributing to Open Source ICS Research ***
---------------------------------------------
In August of this year, we presented at Blackhat our paper titled The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems. GasPot was a honeypot designed to mimic the behavior of the Guardian AST gas-tank-monitoring system. It was designed to look like no other existing honeypot, with each instance being unique to make fingerprinting by attackers impossible. These were deployed within networks located in various countries, to give us a complete picture of the attacks...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/4jNwbTj60bk/


*** Questions are the answeres - How to avoid becoming the blamed victim ***
---------------------------------------------
"You have to ask questions", I say. Questions before, during, and after a breach. If you ask the right questions at the right time, you'll be able to make better decisions than the knee-jerk ones you've been making.
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/questions-are-the-answers


*** TA15-314A: Web Shells - Threat Awareness and Guidance ***
---------------------------------------------
Original release date: November 10, 2015 Systems Affected Web servers that allow web shells Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert outlines the threat and provides prevention, detection, and mitigation strategies.Consistent use of web shells by Advanced Persistent Threat (APT) and criminal groups has led to significant cyber incidents.This...
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA15-313A


*** Bugtraq: [security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536877


*** Huawei HG630a / HG630a-50 Default SSH Admin Password ***
---------------------------------------------
Topic: Huawei HG630a / HG630a-50 Default SSH Admin Password Risk: High Text:# Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems # Date: 10.11.2015 # Exploit Author: M...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015110087


*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - Input Validation Vulnerability in Huawei VP9660 Products ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461216.htm
---------------------------------------------
*** Security Advisory - Directory Traversal Vulnerability in Huawei AR Router ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461676.htm
---------------------------------------------
*** Security Advisory - DoS Vulnerability in Huawei U2990 and U2980 ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461219.htm
---------------------------------------------
*** Security Advisory - DoS Vulnerability in Huawei eSpace 8950 IP Phone ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461217.htm
---------------------------------------------
*** Security Advisory - DoS Vulnerability in Huawei eSpace 7900 IP Phone ***
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-461213.htm
---------------------------------------------


*** ZDI-15-549: AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/eDK-If3dTI8/


*** ZDI-15-548: AlienVault Unified Security Management Local Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/TpChWMSd5n0/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577) ***
http://www.ibm.com/support/docview.wss?uid=swg21962659
---------------------------------------------
*** IBM Security Bulletin: IBM Forms Server could be affected by a denial of service attack (CVE-2013-4517) ***
http://www.ibm.com/support/docview.wss?uid=swg21962659
---------------------------------------------
*** IBM Security Bulletin: Fix Available for Denial of Service Vulnerability in IBM WebSphere Portal (CVE-2015-7419) ***
http://www.ibm.com/support/docview.wss?uid=swg21969906
---------------------------------------------
*** IBM Security Bulletin: Additional Password Disclosure via application tracing in FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-7404 ***
http://www.ibm.com/support/docview.wss?uid=swg21969514
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in libuser affect Power Hardware Management Console (CVE-2015-3245 CVE-2015-3246) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1020961
---------------------------------------------
*** IBM Security Bulletin: IBM Cúram Social Program Management is vulnerable to a SQL injection attack ***
http://www.ibm.com/support/docview.wss?uid=swg21967851
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector and IBM CommonStore for Lotus Domino (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21969654
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ ***
http://www.ibm.com/support/docview.wss?uid=swg21970103
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Expeditor (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21959292
---------------------------------------------
*** Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director Storage Control ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098822
---------------------------------------------
*** IBM Security Bulletin: IBM FileNet eForms is affected by vulnerabilities in Apache HttpComponents(CVE-2012-6153 and CVE-2014-3577) ***
http://www.ibm.com/support/docview.wss?uid=swg21970090
---------------------------------------------