[CERT-daily] Tageszusammenfassung - Dienstag 22-09-2015

Tue Sep 22 18:05:02 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 21-09-2015 18:00 − Dienstag 22-09-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Leaked D-Link security key allows hackers to disguise malware as legit ***
---------------------------------------------
A leak of a major technology companys security key has been discovered, allowing hackers to convince Windows that their malware is legit.
...
While the key expired in early September, that still means that potential cyber-criminals had six months with which to sign their malware with D-Link's leaked key and bypass Microsoft Windows security measures by masquerading as a trusted piece of software.
---------------------------------------------
http://www.scmagazine.com/leaked-d-link-security-key-allows-hackers-to-disguise-malware-as-legit/article/439815/


*** Apple watchOS2 Includes Host of Code-Execution Patches ***
---------------------------------------------
Apple watchOS2 arrived with a host of security patches, including fixes for more than a dozen code-execution bugs.
---------------------------------------------
http://threatpost.com/apple-watchos2-includes-host-of-code-execution-patches/114754/


*** How Exploit Kit Operators are Misusing Diffie-Hellman Key Exchange ***
---------------------------------------------
Feedback from the Trend Micro Smart Protection Network has allowed us to discover that the notorious Angler and Nuclear exploit kits have included the latest Flash vulnerability (CVE-2015-5560) in their regular update. This means that systems with Adobe Flash Player 18.0.0.209 and earlier are vulnerable; however users running the latest version of Flash (18.0.0.232) are not affected.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XRj7PRLQnjU/


*** Swiss Advertising network compromised and distributing a Trojan ***
---------------------------------------------
On September 11, 2015, MELANI / GovCERT.ch got informed by security researcher Kafeine about a popular advertising network in Switzerland that obviously got compromised by cybercriminals, leading to an exploit kit called Niteris. ... While investigating the incident, we noticed that the Exploit Kit that was injected into the Ad network was only serving malware when the visitor had a German or French User-Agent (HTTP Header Accept-Language).
---------------------------------------------
http://www.govcert.admin.ch/blog/13/swiss-advertising-network-compromised-and-distributing-a-trojan


*** Xen Security Advisory 142 - libxl fails to honour readonly flag on disks with qemu-xen ***
---------------------------------------------
Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl to pass this information to qemu-xen (the upstream-based qemu); and indeed there is no way in qemu to make a disk read-only. ... Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images.
---------------------------------------------
http://lists.xenproject.org/archives/html/xen-announce/2015-09/msg00003.html


*** NCSC publishes revised ICT security guidelines for web applications ***
---------------------------------------------
In February 2012 the National Cyber Security Centre (NCSC) published the ICT security guidelines for web applications, a guide to developing, administering and providing web applications and the associated infrastructure more securely. The guidelines are broadly applicable to ICT solutions based on web applications.
---------------------------------------------
https://www.ncsc.nl/english/current-topics/news/ncsc-publishes-revised-ict-security-guidelines-for-web-applications.html


*** Cisco Spark Mobile Application Man-in-the-Middle Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Spark mobile application could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41127


*** HOW TO: Setting up Encrypted Communications Channels in Oracle Database ***
---------------------------------------------
In this article, I will explain how to set up an encrypted communications channel in Oracle Database. This is the third in a series of blog posts Ive published about encryption as it relates to databases. 
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/HOW-TO--Setting-up-Encrypted-Communications-Channels-in-Oracle-Database/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Workload Scheduler (CVE-2015-0478 and others) ***
http://www.ibm.com/support/docview.wss?uid=swg21966551
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Algorithmics One Core, Algo Risk Application, and Counterparty Credit Risk (CVE-2015-2808) ***
http://www.ibm.com/support/docview.wss?uid=swg21965555
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg21966274
---------------------------------------------
*** IBM Security Bulletin: Cross-Site Scripting vulnerabilities affect IBM Emptoris Strategic Supply Management Platform, Emptoris ***
http://www.ibm.com/support/docview.wss?uid=swg21966754
---------------------------------------------
*** IBM Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Cast Iron ***
http://www.ibm.com/support/docview.wss?uid=swg21967077
---------------------------------------------
*** IBM Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect IBM Algorithmics One Core, Algo Risk Application, and Counterparty Credit Risk (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21965554
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2015-1831) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005335
---------------------------------------------
*** Security Bulletin: Venom vulnerability affects IBM Flex System Manager (FSM) (CVE-2015-3456) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098681
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, CVE-2015-0204) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005334