[CERT-daily] Tageszusammenfassung - Montag 12-10-2015

Mon Oct 12 18:07:19 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 09-10-2015 18:00 − Montag 12-10-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** GnuPG (GPG) 2.1.9 release announced, (Sun, Oct 11th) ***
---------------------------------------------
The GnuPG group has announced the release of GPG version 2.1.9, which addresses a number of technical issues within the components of the code. The update of any encryption component should be carefully planned, as the impact is often not fully understood until some data cannot be accessed because of encryption issues. If you are running a version of GPG older than version 2.1, i strongly recommend taking a look at the changes...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20235&rss


*** Cloud DDoS Mitigation Services Can Be Easily Bypassed ***
---------------------------------------------
An anonymous reader writes: A recent research paper shows that most Cloud-Based Security Providers are ineffective in protecting websites from DDoS attacks, mainly because they cannot entirely hide the origin websites IP address from attackers. As five security researchers from Belgium and the U.S. are claiming, there are eight methods through which these mitigation services can be bypassed. The techniques of obtaining a websites origin IP address rely on hackers searching through historical...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kzYQm-Sz02k/cloud-ddos-mitigation-services-can-be-easily-bypassed


*** Sicherheitslücke in TeamSpeak-Desktop-Client 3.0.18 ***
---------------------------------------------
Die besonders bei Gamern populäre Voice-Chat-Software TeamSpeak erlaubt Angreifern, Dateien auf Client-PCs hochzuladen. Server-Betreiber sollen alte Clients aussperren.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Sicherheitsluecke-in-TeamSpeak-Desktop-Client-3-0-18-2842486.html?wt_mc=rss.ho.beitrag.rdf


*** HP perfomance monitor can climb through Windows ***
---------------------------------------------
Crimp nasty privilege escalation bug by running it in Linux instead says Rapid7 Rapid7 is advising HP SiteScope users to run the tool on Linux rather than Windows servers because of a nasty privilege escalation vulnerability.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/10/11/hp_says_get_sitescope_off_windows/


*** European Aviation Safety Agency - Airplane hacking is reality ***
---------------------------------------------
European Aviation Safety Agency European Aviation confirmed the concerns about the Airplane hacking. Hackers could easily infiltrate critical systems. On October 8, 2015, the director of the European Aviation Safety Agency, Patrick Ky revealed he has hired consultant, which is also a commercial pilot, who was able to exploit vulnerabilities in the Aircraft Communications Addressing...
---------------------------------------------
http://securityaffairs.co/wordpress/40975/hacking/easa-airplane-hacking.html


*** A Study in Bots: DiamondFox ***
---------------------------------------------
DiamondFox is a multipurpose botnet with capabilities ranging from credential stealing to theft of credit card information from point of sale systems. This capable malware is being distributed in a number of hacker forums, allowing it to be operated by attackers with extremely limited capabilities to operate it. Fortunately for malware researchers, DiamondFox fails to protect itself in various ways.
---------------------------------------------
http://blog.cylance.com/a-study-in-bots-diamondfox


*** TLS Fingerprinting (Smarter Defending & Stealthier Attacking) ***
---------------------------------------------
Previously, I have been able to demonstrate that certain clients could be differentiated from other network traffic. Specifically, that meant discriminating SuperFish, PrivDog, and GeniusBox from mainstream browsers when making HTTPS connections, and generating IDS signatures based on these findings to assist network administrators in being able to identify problematic hosts without requiring access to either endpoint. I have now expanded this technique to improve the accuracy of the...
---------------------------------------------
https://blog.squarelemon.com/tls-fingerprinting/


*** Kaspersky Internet Security: Network Attack Blocker Design Flaw ***
---------------------------------------------
A component of Kaspersky Internet Security that's enabled by default is called the "Network Attack Blocker", described as "protects the computer against dangerous network activity". I examined the implementation, and determined that it's actually a simple stateless packet filter with a pattern-matching signature system. It has no concept of flow reassembly or protocol decoding, which require stateful packet inspection. When the software detects an attack, it adds...
---------------------------------------------
https://code.google.com/p/google-security-research/issues/detail?id=564


*** USB Killer 2.0 - How to easily burn a PC with a USB device ***
---------------------------------------------
In March I presented the PoC of a computer-frying Killer USB pendrive designed by the Russian researcher, now the USB Killer 2.0 is arrived! Do you remember the killer USB? In March I presented the proof-of-concept computer-frying Killer USB pendrive designed by the Russian researcher with the pseudonym "Dark Purple". Dark Purple works for a company that develops and manufactures electronic components,...
---------------------------------------------
http://securityaffairs.co/wordpress/40984/hacking/usb-killer-2-0.html


*** Thousands of Zhone SOHO routers can be easily hijacked ***
---------------------------------------------
Two days before he is scheduled to give a talk about discovering and exploiting 0-day vulnerabilities in SOHO routers firmware, security researcher Lyon Yang has released details about a number of vu...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/94i2m6_inBI/secworld.php


*** DFN-CERT-2015-1574: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1574/


*** Bugtraq: ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536662