[CERT-daily] Tageszusammenfassung - Freitag 5-02-2016

Fri Feb 5 18:04:47 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 04-02-2016 18:00 − Freitag 05-02-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** WP-Invoice <= 4.1.0 - Multiple Vulnerabilities ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8378


*** User Meta Manager <= 3.4.6 - Authenticated Blind SQL Injection ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8380


*** User Meta Manager <= 3.4.6 - Privilege Escalation ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8379


*** Racing MIDI messages in Chrome ***
---------------------------------------------
This is a guest blog post by Oliver Chang from the Chrome Security team.This post is about an exceptionally bad use after free bug in Chrome's browser process that affected Linux, Chrome OS and OS X. What makes this bug interesting is the fact that it could be directly triggered from the web without ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/02/racing-midi-messages-in-chrome.html


*** DSA-3466 krb5 - security update ***
---------------------------------------------
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3466


*** Neutrino Exploit Kit Not Responding - Bug or Feature? ***
---------------------------------------------
A couple of weeks ago we were looking at some exploit kits in one of our lab environments and noticed a decline in the number of Neutrino instances were seeing. This sent us on yet another journey to investigate Neutrino ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Neutrino-Exploit-Kit-Not-Responding-%e2%80%93-Bug-or-Feature-/


*** Chrome picks up bonus security features on Windows 10 ***
---------------------------------------------
The Windows 10 November update (version 1511, build 10586) included a handful of new security features to provide protection against some security issues that have kept on popping up in Windows for a number of years. Google yesterday added source ..
---------------------------------------------
http://arstechnica.com/information-technology/2016/02/chrome-picks-up-bonus-security-features-on-windows-10/


*** A trip through the spam filters: more malspam with zip attachments containing .js files ***
---------------------------------------------
I was discussing malicious spam (malspam) with a fellow security professional earlier this week. He was examining malspam with zip attachments containing .js files. This is something Ive covered previously in ISC ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20697


*** Verschlüsselungs-Trojaner TeslaCrypt 2 geknackt; Kriminelle rüsten nach ***
---------------------------------------------
Opfer des berüchtigten Verschlüsselungs-Trojaners TeslaCrypt können aufatmen: Das kostenlose Tool TeslaDecoder kann zumindest die Dateien der Version 2 entschlüsseln. Doch die Betrüger schlafen nicht: Aktuell kursiert schon Version 3.
---------------------------------------------
http://heise.de/-3092667


*** Eset NOD32 Antivirus 9 gefährdet https-Verschlüsselung ***
---------------------------------------------
Eset NOD32 Antivirus 9 installiert einen SSL-Filter, der sich in die Verschlüsselung einklinkt. Wie heise Security entdeckte, akzeptiert er dabei unter Umständen gefälschte Zertifikate; ein Update des Herstellers beseitigt den Fehler.
---------------------------------------------
http://heise.de/-3095024


*** Dridex: Botnet verteilt Virenscanner ***
---------------------------------------------
Gelingt es Cyberkriminellen, ihre Malware auf fremden Rechnern einzuschleusen, nutzen sie dies mitunter aus, um sie zum Teil eines Botnets zu machen. Über ihre Server steuern sie die kompromittierten Computer und nutzen ihre ..
---------------------------------------------
http://derstandard.at/2000030450321


*** The Malware Museum @ Internet Archive ***
---------------------------------------------
Here's what submitting a virus sample looked like back in the days of 5" floppy disks. And now you can see classic viruses in action at The Malware Museum. Do you feel like emulating old malware inside a MS-DOS Virtual Machine inside ..
---------------------------------------------
https://labsblog.f-secure.com/2016/02/05/the-malware-museum-internet-archive/


*** Positive Research Center ***
---------------------------------------------
In December 2015, I found a critical vulnerability in one of PayPal business websites (manager.paypal.com). It allowed me to execute arbitrary shell commands on PayPal web servers via unsafe Java object deserialization and to access production databases. I immediately reported this bug to PayPal security team, and it was fixed promptly.
---------------------------------------------
http://blog.ptsecurity.com/2016/02/paypal-remote-code-execution.html