[CERT-daily] Tageszusammenfassung - Mittwoch 3-02-2016

Wed Feb 3 18:06:25 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 02-02-2016 18:00 − Mittwoch 03-02-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** WordPress 4.4.2 Security and Maintenance Release ***
---------------------------------------------
https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/


*** Cisco WebEx Meetings Server Multiple Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. 
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-wms


*** Sauter moduWeb Vision Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for three vulnerabilities in Sauter's moduWeb Vision application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01


*** GE SNMP/Web Interface Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for two vulnerabilities in the GE SNMP/Web Interface adapter.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02


*** DMA Locker: New Ransomware, But No Reason To Panic ***
---------------------------------------------
A new piece of ransomware which looks a little clumsy.
---------------------------------------------
https://blog.malwarebytes.org/news/2016/02/draft-dma-locker-a-new-ransomware-but-no-reason-to-panic/


*** Enhanced Mitigation Experience Toolkit (EMET) version 5.5 is now available ***
---------------------------------------------
The Enhanced Mitigation Experience Toolkit (EMET) benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by anticipating, diverting, ..
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2016/02/02/enhanced-mitigation-experience-toolkit-emet-version-5-5-is-now-available.aspx


*** DSA-3465 openjdk-6 - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3465


*** Bypassing Bitrix WAF via tiny regexp error ***
---------------------------------------------
Bitrix24 is one of the first and most secure cross-platform corporate software with integrated WAF and RASP. Lets see how we can bypass them.
---------------------------------------------
https://www.htbridge.com/blog/bypassing-bitrix-web-application-firewall-via-tiny-regexp-error.html


*** Smartphone-Security: Root-Backdoor macht Mediatek-Smartphones angreifbar ***
---------------------------------------------
Eine Debug-Funktion für Vergleichstests im chinesischen Markt führt dazu, dass zahlreiche Smartphones mit Mediatek-Chipsatz verwundbar sind. Angreifer können eine lokale Root-Shell aktivieren. Auch Geräte auf dem deutschen Markt könnten betroffen sein. 
---------------------------------------------
http://www.golem.de/news/smartphone-security-root-backdoor-macht-mediatek-smartphones-angreifbar-1602-118888-rss.html


*** l+f: Neuland, USA ***
---------------------------------------------
Das Milliardenprojekt F-35 verzögert sich um mindestens ein Jahr, weil Techniker aus Sicherheitsgründen nicht auf eine Datenbank zugreifen können.
---------------------------------------------
http://heise.de/-3092005


*** MMD-0051-2016 - Debunking a tiny ELF remote backdoor (shellcode shellshock part 2) ***
---------------------------------------------
In September 2014 during the shellshock exploitation was in the rush I analyzed a case (MMD-0027-2014) of an ELF dropped payload via shellshock attack, with the details can be read in-->[here] Today I found an interesting ELF x32 sample that was reported several hours back, the infection vector is also ShellShock, the ..
---------------------------------------------
http://blog.malwaremustdie.org/2016/02/mmd-0051-2016-debungking-tiny-elf.html


*** Comodo: "Sicherer" Browser mit groben Sicherheitsdefiziten ***
---------------------------------------------
Google warnt vor der Verwendung - Hebelt Same Origin Policy des Browsers
---------------------------------------------
http://derstandard.at/2000030313692


*** Thunderstrike 2: Sicherheitsforscher arbeiten inzwischen für Apple ***
---------------------------------------------
Der Mac-Hersteller hat eine Sicherheitsfirma übernommen, die an der Entwicklung von "Thunderstrike 2" beteiligt war. Die Forscher zeigten Schwachstellen, die das Einschleusen eines Schädlings auf Firmware-Ebene ermöglichen – nicht nur auf Macs.
---------------------------------------------
http://heise.de/-3092644


*** Phishing-Angriff: Nutzer sollen Amazon-Zertifikat installieren ***
---------------------------------------------
Phishing-Angriffe gehören zu den nervigen Alltäglichkeiten von Internetnutzern. Eine spezielle Masche versucht jetzt, Android-Nutzer zur Installation eines angeblichen Sicherheitszertifikates zu bewegen. Komisch, dass das Zertifikat die Endung .apk aufweist. 
---------------------------------------------
http://www.golem.de/news/phishing-angriff-nutzer-sollen-amazon-zertifikat-installieren-1602-118900.html


*** Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability ***
---------------------------------------------
A vulnerability in the ICMP implementation in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch could allow an unauthenticated, remote attacker to cause the switch to reload, resulting in a denial of service (DoS) condition.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci


*** Cisco Application Policy Infrastructure Controller Access Control Vulnerability ***
---------------------------------------------
A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges.  
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic


*** Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability ***
---------------------------------------------
A vulnerability in the role-based access control of Cisco ASA-CX and Cisco Prime Security Manager (PRSM) could allow an authenticated, remote attacker to change the password of any user on the system.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm


*** Bypass Windows AppLocker ***
---------------------------------------------
AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that allows you to specify which users or groups can run particular applications in your organization based on unique identities of files. If you use AppLocker, you can create rules to allow or deny applications from running.
---------------------------------------------
http://en.wooyun.io/2016/01/28/Bypass-Windows-AppLocker.html