[CERT-daily] Tageszusammenfassung - Mittwoch 2-09-2015

Daily end-of-shift report team at cert.at
Wed Sep 2 18:16:35 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 01-09-2015 18:00 − Mittwoch 02-09-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Demystifying File and Folder Permissions ***
---------------------------------------------
If you have poked around a server before you have probably encountered file permissions. In fact, all computer file systems offer permissions based on the same core ideas. The file permissions in Linux, Mac, and Windows computers are very similar to the file and folder permissions in Apache, Nginx, and IIS servers. You can right-clickRead More The post Demystifying File and Folder Permissions appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2015/09/demystifying-file-and-folder-permissions.html




*** Whats the situation this week for Neutrino and Angler EK?, (Wed, Sep 2nd) ***
---------------------------------------------
Introduction Last month in mid-August 2015, an actor using Angler exploit kit (EK) switched to Neutrino EK [1]. A few days later, we found that actor using Angler again [2]. This week, were back to seeingNeutrino EK from the same actor. Neutrino EK from this actor is sending TeslaCrypt 2.0 as the payload. We also saw another actor use Angler EK to pushBedep during the same timeframe. Todays diary looks at two infection chains from Tuesday 2015-09-01, one for Angler EK and another for Neutrino.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20101&rss




*** Verschlüsselung: Microsoft, Google und Mozilla schalten RC4 2016 ab ***
---------------------------------------------
Es ist ein überfälliger Schritt: Microsoft, Google und Mozilla haben angekündigt, den unsicheren Verschlüsselungsalgorithmus RC4 ab 2016 in ihren Produkten endgültig nicht mehr zu verwenden. Ein konkretes Datum nennt bislang jedoch nur Mozilla.
---------------------------------------------
http://www.golem.de/news/verschluesselung-microsoft-google-und-mozilla-schalten-rc4-2016-ab-1509-116075-rss.html




*** Per Web und USB-Stick: Smart-TVs vielfältig angreifbar ***
---------------------------------------------
Mit vergleichsweise simplen Methoden haben Sicherheitsforscher App-Nutzerdaten von Medienabspielern und Smart TVs ausgelesen. Dabei konnten sie auch die Kamera aktivieren und bis auf die Root-Ebene vordringen.
---------------------------------------------
http://heise.de/-2797227




*** Router-Lücken: Belkin N600 DB macht es den Hackern einfach ***
---------------------------------------------
Die Beschreibung der Lücken in Belkins Heimrouter liest sich wie ein Handbuch mit Negativbeispielen der Firmware-Programmierung. Angreifer können die Nutzer des Routers unter anderem auf beliebige Webseiten umleiten. Abhilfe gibt es nicht.
---------------------------------------------
http://heise.de/-2800853




*** IBM: CoreBot malware - simple but dangerous info stealer ***
---------------------------------------------
IBMs X-Force research team has uncovered a new piece of data-swiping malware whose modular design allows it to be quickly altered and made even more dangerous.
---------------------------------------------
http://www.scmagazine.com/x-force-team-uncovers-data-swiping-malware/article/436064/




*** Factoring RSA Keys With TLS Perfect Forward Secrecy ***
---------------------------------------------
What is being disclosed today? Back in 1996, Arjen Lenstra described an attack against an optimization (called the Chinese Remainder Theorem optimization, or RSA-CRT for short). If a fault happened during the computation of a signature (using the RSA-CRT optimization),...
---------------------------------------------
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/




*** Adware-Installer erschleicht Zugriff auf den Mac-Schlüsselbund ***
---------------------------------------------
Ein neuer Adware-Installer nutzt nach Angabe von Sicherheitsforschern einen simplen Trick, um sich ohne weiteres Zutun des Nutzers Zugang zum Schlüsselbund von OS X einzuräumen.
---------------------------------------------
http://heise.de/-2802238




*** Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40748




*** VU#903500: Seagate 36C wireless hard-drive contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#903500 Seagate 36C wireless hard-drive contains multiple vulnerabilities Original Release date: 01 Sep 2015 | Last revised: 01 Sep 2015   Overview The Seagate 36C wireless hard-drive contains multiple vulnerabilities.  Description CWE-798: Use of Hard-coded Credentials - CVE-2015-2874 The Seagate 36C wireless hard-drive provides undocumented Telnet services accessible by using the default credentials of root as username and the default password.CWE-425: Direct Request
---------------------------------------------
http://www.kb.cert.org/vuls/id/903500




*** ZDI-15-408: Hewlett-Packard LoadRunner Controller Scenario File Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability could allow attackers to execute arbitrary code on vulnerable installations of HP LoadRunner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-408/




*** Siemens RUGGEDCOM ROS IP Forwarding Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for an IP forwarding vulnerability in older versions of Siemens RUGGEDCOM ROS.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-244-01




*** Edimax BR6228nS/BR6228nC - Multiple vulnerabilities ***
---------------------------------------------
Topic: Edimax BR6228nS/BR6228nC - Multiple vulnerabilities Risk: Medium Text:# Title: Edimax BR6228nS/BR6228nC - Multiple vulnerabilities # Date: 01.09.15 # Vendor: edimax.com # Firmware version: 1.22 ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015090013




*** Security Advisory - No Authentication Vulnerability on the Serial Port of the UAP2105 ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-452865.htm




*** [HTB23269]: Cross-Site Request Forgery in Cerb ***
---------------------------------------------
Product: Cerb v7.0.3Vulnerability Type: Cross-Site Request Forgery [CWE-352]Risk level: Medium Creater: Webgroup Media LLCAdvisory Publication: August 12, 2015 [without technical details]Public Disclosure: September 2, 2015 CVE Reference: CVE-2015-6545 CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Vulnerability Details: High-Tech Bridge Security Research Lab discovered CSRF vulnerability in Cerb platform, which can be exploited to perform Cross-Site Request Forgery attacks against
---------------------------------------------
https://www.htbridge.com/advisory/HTB23269




*** DFN-CERT-2015-1353: Xen: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1353/




*** Bugtraq: ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536377




*** SiS Windows VGA Display Manager Multiple Privilege Escalation ***
---------------------------------------------
Topic: SiS Windows VGA Display Manager Multiple Privilege Escalation Risk: Medium Text:KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation Title: SiS Windows VGA Display Manager Mult...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015090019




*** XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation ***
---------------------------------------------
Topic: XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Risk: Medium Text:KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation Title: XGI Windows VGA Display Manag...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015090018




*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS (CVE-2015-2613) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005343

*** IBM Security Bulletin: HTTP Request smuggling vulnerability may affect IBM HTTP Server (CVE-2015-3183) ***
http://www.ibm.com/support/docview.wss?uid=swg21963361

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience ***
http://www.ibm.com/support/docview.wss?uid=swg21960713

*** IBM Security Bulletin: IBM WebSphere MQ 7.0.1 potential denial of service (CVE-2015-2013) ***
http://www.ibm.com/support/docview.wss?uid=swg21962479

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects TS3100/TS3200 (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005368&myns=s034&mynp=OCSTCMML7&mynp=OCHW211&mync=E&cm_sp=s034-_-OCSTCMML7-OCHW211-_-E

*** IBM Security Bulletin: IBM Maximo Asset Management could allow a local attacker to obtain information due to the autocomplete feature on password input fields (CVE-2015-1933) ***
http://www.ibm.com/support/docview.wss?uid=swg21965080

*** IBM Security Bulletin: Default Password Requirements are weak on new installations of IBM Maximo Asset Management (CVE-2015-1934) ***
http://www.ibm.com/support/docview.wss?uid=swg21964855

*** Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098599


More information about the Daily mailing list