[CERT-daily] Tageszusammenfassung - Donnerstag 17-09-2015

Daily end-of-shift report team at cert.at
Thu Sep 17 18:02:50 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 16-09-2015 18:00 − Donnerstag 17-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** A Brief Introduction to #totalhash ***
---------------------------------------------
#totalhash is Team Cymru's malware analysis database, providing static and dynamic analysis of malware samples free for non-commercial use. Haven't tried #totalhash yet? Here's a brief video with a few highlights on how to upload samples, search our database, and go down the rabbit hole ..
---------------------------------------------
https://blog.team-cymru.org/2015/09/a-brief-introduction-to-totalhash/




*** Bugtraq: [security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536478




*** Stagefrightened? ***
---------------------------------------------
There's been a lot of attention recently around a number of vulnerabilities in Android's libstagefright. There's been a lot of confusion about the remote exploitability of the issues, especially on modern devices. In this blog post we will demonstrate an exploit for one of the libstagefright vulnerabilities ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/09/stagefrightened.html




*** ZDI-15-444: Symantec Web Gateway Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-444/




*** ZDI-15-443: Symantec Web Gateway Arbitrary PHP File Upload Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability, however it can be bypassed via reflected cross-site scripting.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-443/




*** ZDI-15-445: (0Day) Avira Management Console Update Manager Service HTTP Header Use-After-Free Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avira Management Console. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-445/




*** CMS Updater - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2015-150 ***
---------------------------------------------
The module does not sufficiently protect the settings page allowing any user with the permission "access administration pages" to change settings.
---------------------------------------------
https://www.drupal.org/node/2569599




*** Drupal 7 driver for SQL Server and SQL Azure - Moderately Critical - SQL Injection - SA-CONTRIB-2015-148 ***
---------------------------------------------
Certain characters aren't properly escaped by the Drupal database API. A malicious user may be able to access restricted information by performing a specially-crafted search.
---------------------------------------------
https://www.drupal.org/node/2569577




*** Who's Behind Bluetooth Skimming in Mexico? ***
---------------------------------------------
In the previous two stories, I documented the damage wrought by an organized crime gang in Mexico that has been systematically bribing ATM technicians to install Bluetooth skimming components that allow thieves to steal card and PIN data wirelessly. What follows is a look at a mysterious new ATM company in Mexico that sources say may be tied to the skimming activity.
---------------------------------------------
http://krebsonsecurity.com/2015/09/whos-behind-bluetooth-skimming-in-mexico/




*** iTunes 12.3: Mehr Sicherheit, weniger Fehler und ein grosser Download ***
---------------------------------------------
Zusammen mit iOS 9 hat Apple auch eine neue Version von iTunes freigegeben. Apple beseitigte insbesondere unter Windows Sicherheitslücken, die sogar das Abgreifen von verschlüsselten Zugangsdaten im Netzwerk erlaubten. Zudem erhöht Apple die Sicherheit bei der Verwendung von Apple IDs. 
---------------------------------------------
http://www.golem.de/news/itunes-12-3-mehr-sicherheit-weniger-fehler-und-ein-grosser-download-1509-116367.html




*** Behind the scenes at BruCON, a European hacker conference ***
---------------------------------------------
Setting up a local conference seems to be a popular way for infosec pros that havent got the time or means to travel to bring the people they want to meet and the knowledge they want to attain ..
---------------------------------------------
http://www.net-security.org/secworld.php?id=18863




*** Seven years of malware linked to Russian state-backed cyber espionage ***
---------------------------------------------
F-Secure report details "The Dukes" malware family and its Russian connections. For the past seven years, a cyber-espionage group operating out of Russia ..
---------------------------------------------
http://arstechnica.com/security/2015/09/seven-years-of-malware-linked-to-russian-state-backed-cyberespionage/




*** Throwback Thursday: Virus Writer and Distributors Attributable Viruses ***
---------------------------------------------
This Throwback Thursday, we turn the clock back to July 1990, when VB looked at virus origins and some of the rare cases of attributable viruses.This week saw the confession of a former teenage virus writer: the author of the Leprosy ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/09_17.xml




*** Studie: In den USA droht ein Wahlmaschinen-Debakel ***
---------------------------------------------
on den 50 US-Staaten werden 43 im kommenden Jahr besonders fehleranfällige Wahlcomputer einsetzen, die mindestens zehn Jahre alt sind, heißt es in einer Analyse der New York University. Dies berge große Risiken.
---------------------------------------------
http://heise.de/-2820268




*** MMD-0042-2015 - Polymorphic in ELF malware: Linux/Xor.DDOS ***
---------------------------------------------
The threat of Linux/XOR.DDoS, a China-made ELF backdoor ddoser malware, its still on going. I received a good question from (I assumed from a victim of infection) asked about why the found malware is not the same as what was firstly executed ELF malware binary. This writing is short and covering ..
---------------------------------------------
http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-polymorphic-in-elf.html




*** HTTP Evasions Explained - Part 2 - Deflate Compression ***
---------------------------------------------
This is the second article in a series which will explain the evasions done by HTTP Evader. It covers the failure of several firewalls to support content some compressions supported by all or most browsers, notable the deflate compression. In short, it is possible to bypass the malware inspection of several firewalls by simply sending a response compressed by deflate:
---------------------------------------------
http://noxxi.de/research/http-evader-explained-2-deflate.html




More information about the Daily mailing list