[CERT-daily] Tageszusammenfassung - Freitag 18-09-2015

Fri Sep 18 18:02:58 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 17-09-2015 18:00 − Freitag 18-09-2015 17:55
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Important security notice regarding signing key and distribution of Red Hat Ceph Storage on Ubuntu and CentOS ***
---------------------------------------------
Last week, Red Hat investigated an intrusion on the sites of both the Ceph community project (ceph.com) and Inktank (download.inktank.com), which were hosted on a computer system outside of Red Hat infrastructure. download.inktank.com provided ..
---------------------------------------------
https://securityblog.redhat.com/2015/09/17/important-security-notice-regarding-signing-key-and-distribution-of-red-hat-ceph-storage-on-ubuntu-and-centos/


*** Analyzing Proxy Based Spam Networks ***
---------------------------------------------
We are no strangers to Blackhat SEO techniques, we've actually spent a great deal of time working and sharing various bits of information related to Blackhat SEO techniques over the years. What we haven't shared, however, is the idea of Proxy-based Spam Networks (PSN). It's not because it wasn't interesting, it's ..
---------------------------------------------
https://blog.sucuri.net/2015/09/analyzing-proxy-based-spam-networks.html


*** Cisco Prime Network Registrar Privilege Escalation Vulnerability ***
---------------------------------------------
A vulnerability in the default configuration of the Cisco Prime Network Registrar (CPNR) virtual appliance (OVA) which could allow an authenticated, local attacker to gain root privileges.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41041


*** WordPress Malware - Active VisitorTracker Campaign ***
---------------------------------------------
We are seeing a large number of WordPress sites compromised with the 'visitorTracker_isMob' malware code. This campaign started 15 days ago, but only in the last few days have we started to see it gain traction; really affecting a large number of ..
---------------------------------------------
https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html


*** WP Shop <= 3.4.3.18 - Cross-Site Scripting (XSS) & CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8192


*** Researchers seek ransomware samples for their generic solution ***
---------------------------------------------
VB2015 presentation to include demonstration of technique against recent samples.The scary hack thats on the rise is how Wireds Kim Zetter described ransomware in an overview article posted yesterday. Indeed, encrypting your files and demanding a ransom to decrypt them has become a very lucrative cybercriminal ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/09_18.xml


*** Router Security / SYNful Knock ***
---------------------------------------------
Wir bekamen Anfragen zum Thema SYNful Knock. Uns war das keine Warnung wert, daher fasst dieser Blogpost unseren Standpunkt zusammen:Management Summary Der SYNful Knock Angriff ist keine neue Kategorie von Bedrohungen. Es gibt ..
---------------------------------------------
http://www.cert.at/services/blog/20150918112023-1598.html


*** Sicherheitslücke: D-Link vergisst private Code-Signing-Schlüssel im Quellcode ***
---------------------------------------------
Dem Hardwarehersteller D-Link ist ein peinlicher Fehler unterlaufen. Im Quellcode der Firmware für eine Überwachungskamera vergaßen die Entwickler private Code-Signing-Schlüssel. Der Hersteller hat bereits reagiert. 
---------------------------------------------
http://www.golem.de/news/peinlich-d-link-vergisst-private-code-signing-schluessel-im-quellcode-1509-116386.html


*** Pwnage Per Port - 22/open/tcp//ssh ***
---------------------------------------------
Hello and welcome to the first installment of Pwnage Per Port! Today we will be discussing the oh-so-important SSH service which runs (most commonly) on TCP port 22. Not sure what Pwnage Per Port is? Head on over here for a quick rundown on what you can expect!
---------------------------------------------
http://l.avala.mp/blog/pwnage-per-port-22opentcpssh/


*** Triaging PowerShell Exploitation with Rekall ***
---------------------------------------------
David recently published his article Spotting the Adversary so I figured Id continue the trend and focus on Blue Team tactics in this post.
---------------------------------------------
http://www.redblue.team/2015/09/triaging-powershell-exploitation-with.html


*** Cisco ASA Software Version Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in the SSL VPN code of Cisco ASA Software could allow an unauthenticated, remote attacker to obtain information about the Cisco ASA Software version. This information could be used for reconnaissance attacks.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=35946


*** Kritische Sicherheitslücke: Bug in Bugzilla ***
---------------------------------------------
Die Bugverwaltung von Firefox gibt schon zum zweiten Mal im September vertrauliche Daten preis - doch diesmal sind auch andere Projekte betroffen. Ein Patch steht bereit.
---------------------------------------------
http://www.golem.de/news/kritische-sicherheitsluecke-bug-in-bugzilla-1509-116393.html