[CERT-daily] Tageszusammenfassung - Montag 18-04-2016

Mon Apr 18 18:05:09 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 15-04-2016 18:00 − Montag 18-04-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Bugtraq: [SECURITY] [DSA 3550-1] openssh security update ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538099


*** Out-of-date apps put 3 million servers at risk of crypto ransomware infections ***
---------------------------------------------
1,600 schools, governments, and aviation companies already backdoored.
---------------------------------------------
http://arstechnica.com/security/2016/04/3-million-servers-are-sitting-ducks-for-crypto-ransomware-infection/


*** Chrome extensions will soon have to tell you what data they collect ***
---------------------------------------------
Google is about to make it harder for Chrome extensions to collect your browsing data without letting you know about it, according to a new policy announced Friday.Starting in mid-July, developers releasing Chrome extensions ..
---------------------------------------------
http://www.cio.com/article/3057259/chrome-extensions-will-soon-have-to-tell-you-what-data-they-collect.html


*** How to Write Phishing Templates That Work ***
---------------------------------------------
Phish Me Once Phishing isn't hard. Despite all the frightening news reports about ransomware and millions of stolen dollars and identities, people still happily click ..
---------------------------------------------
http://resources.infosecinstitute.com/how-to-write-phishing-templates-that-work/


*** ZDI-16-244: Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Vertica. Authentication is not required to exploit this vulnerability.
---------------------------------------------
www.zerodayinitiative.com/advisories/ZDI-16-244/


*** ZDI-16-243: Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-243/


*** Splunk Enterprise Multiple Flaws Let Remote Users Bypass Security and Deny Service and Remote Authenticated Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1035578


*** 'Blackhole' Exploit Kit Author Gets 7 Years ***
---------------------------------------------
A Moscow court this week convicted and sentenced seven hackers for breaking into countless online bank accounts -- including "Paunch," the nickname used by the author of the infamous "Blackhole" exploit kit. Once an extremely ..
---------------------------------------------
http://krebsonsecurity.com/2016/04/blackhole-exploit-kit-author-gets-8-years/


*** DSA-3551 fuseiso - security update ***
---------------------------------------------
It was discovered that fuseiso, a user-space implementation of theISO 9660 file system based on FUSE, contains several vulnerabilities.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3551


*** leenk.me <= 2.5.0 - XSS and CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8457


*** DSA-3552 tomcat7 - security update ***
---------------------------------------------
Multiple security vulnerabilities have been discovered in the Tomcatservlet and JSP engine, which may result in information disclosure,the bypass of CSRF protections and bypass of the SecurityManager.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3552


*** FAQ WD <= 1.0.14 - Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8455


*** e-search <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8458


*** Hacking Team hacker explains how he did it ***
---------------------------------------------
Some nine moths ago, a hacker that calls himself Phineas Fisher managed to breach the systems and networks of Hacking Team, the (in)famous Italian company that provides offensive intrusion and surveillance software to ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/04/18/hacking-team-hacker-explains/


*** Abhörsicherheit: Web.de sichert Mail-Transport zusätzlich per DANE ab ***
---------------------------------------------
Der Schritt ist bedeutsam, weil Web.de nicht nur einer der großen deutschen Freemail-Dienste ist, sondern, weil der Mutterkonzern United Internet auch zur Initiative "E-Mail made in Germany" gehört – um die es zuletzt freilich still geworden ist.
---------------------------------------------
http://heise.de/-3175333


*** Remote code execution, git, and OS X ***
---------------------------------------------
Sometimes I think about all of those pictures which show a bunch of people in startups. They have their office space, which might be big, or it might be small, but they tend to have Macs. Lots of Macs. A lot of them also use git to ..
---------------------------------------------
https://rachelbythebay.com/w/2016/04/17/unprotected/


*** Oracle Critical Patch Update Pre-Release Announcement - April 2016 ***
---------------------------------------------
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for April 2016, which will be released on Tuesday, April 19, 2016. While this Pre-Release Announcement is as accurate ..
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html


*** Idiot millennials are saving credit card PINs on their mobile phones ***
---------------------------------------------
Cleartext passwords are bad, kids, mmmkay? More than one in five 18-24 year olds (21 per cent) store PINs for credit or debit cards on their smartphones, tablets or laptops, according to research conducted by Equifax in conjunction with Gorkana.
---------------------------------------------
www.theregister.co.uk/2016/04/18/storing_passwords_smartphone_bad_mkay/


*** Implementation of a Virtual IDS Device in Passive Mode ***
---------------------------------------------
The arrival of server, desktop and network virtualization has brought along enormous flexibility in configuration options and a huge drop in installation and operating costs of IT networks. Due ..
---------------------------------------------
http://resources.infosecinstitute.com/implementation-of-a-virtual-ids-device-in-passive-mode/


*** Academic network Janet clobbered with DDoS attacks - again ***
---------------------------------------------
Funny how it always gets targeted at the end of term... Blightys government-funded educational network Janet has once again been hit by a cyber attack, with a fresh ..
---------------------------------------------
www.theregister.co.uk/2016/04/18/janet_clobbered_with_ddos_attacks_again/


*** Oberösterreichische Firma bei Traktorenkauf auf Internetbetrüger reingefallen ***
---------------------------------------------
40.000 Euro Schaden - Homepage von englischem Anbieter "gefakt"
---------------------------------------------
http://derstandard.at/2000035121122