[CERT-daily] Tageszusammenfassung - Dienstag 9-02-2016

Tue Feb 9 18:11:50 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 08-02-2016 18:00 − Dienstag 09-02-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Gate To Nuclear EK Uses Fake CloudFlare DDoS Check ***
---------------------------------------------
This rogue CloudFlare page hides a malicious payload. Categories:  ExploitKits Tags: cloudflareEKNuclear(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/exploitkits/2016/02/gate-to-nuclear-ek-uses-fake-cloudflare-ddos-check/


*** Patching Complex Web Vulnerabilities Using ModSecurity WAF ***
---------------------------------------------
In this blog post we will demonstrate complicated examples of common web application vulnerabilities, and see how they can be mitigated with ModSecurity WAF.
---------------------------------------------
https://www.htbridge.com/blog/patching-complex-web-vulnerabilities-using-modsecurity-waf.html


*** Its 2016 and a font file can own your computer ***
---------------------------------------------
Libgraphite font library buggy and vulnerable in Firefox, Thunderbird, WordPad and more says Talos Cisco-owned Talos has announced a bunch of font library bugs present in apps running on Windows and Linux, affecting client and-server-side machines.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/02/09/libgraphite_font_library_buggy_and_vulnerable_says_talos/


*** Power Grid Honeypot Puts Face on Attacks ***
---------------------------------------------
Researchers from MalCrawler built a honeypot mimicking an electronic management system at the heart of a power grid, exposing attackers' behavior once they have access to critical infrastructure systems.
---------------------------------------------
http://threatpost.com/power-grid-honeypot-puts-face-on-attacks/116217/


*** Russian hackers used malware to manipulate the Dollar/Ruble exchange rate ***
---------------------------------------------
Russian-language hackers have managed to break into Russian regional bank Energobank, infect its systems, and gain unsanctioned access to its trading system terminals, which allowed them to manipulat...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=3201


*** How to Hack the Power Grid Through Home Air Conditioners ***
---------------------------------------------
Researchers show how hackers can manipulate the remote on-off device installed on some air conditioners to cause a blackout.
---------------------------------------------
http://www.wired.com/2016/02/how-to-hack-the-power-grid-through-home-air-conditioners/


*** (Not only) Oracle Java Windows installer vulnerable ***
---------------------------------------------
Oracle hat einen Out-of-Band Patch für Java 6, 7 und 8 für Windows veröffentlicht, mit dem eine Sicherheitslücke im Installationsprozess geschlossen wird. Es sind dazu bereits zahlreiche Medienberichte erschienen, in denen allerdings häufig die Tatsache ausser acht gelassen wird, dass es sich hier nicht um eine Java-spezifische Schwachstelle handelt. Das Problem - Stichwort "Binary Planting" -...
---------------------------------------------
http://www.cert.at/services/blog/20160209102305-1678.html


*** Security Bulletins Posted ***
---------------------------------------------
Security Bulletins for Adobe Photoshop and Bridge (APSB16-03), Flash Player (APSB16-04), Adobe Experience Manager (APSB16-05) and Adobe Connect (APSB16-07) have been published. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. This...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1315


*** DSA-3472 wordpress - security update ***
---------------------------------------------
Two vulnerabilities were discovered in wordpress, a web blogging tool.The Common Vulnerabilities and Exposures project identifies thefollowing problems:
---------------------------------------------
https://www.debian.org/security/2016/dsa-3472


*** DSA-3471 qemu - security update ***
---------------------------------------------
Several vulnerabilities were discovered in qemu, a full virtualizationsolution on x86 hardware.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3471


*** DSA-3470 qemu-kvm - security update ***
---------------------------------------------
Several vulnerabilities were discovered in qemu-kvm, a fullvirtualization solution on x86 hardware.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3470


*** DSA-3469 qemu - security update ***
---------------------------------------------
Several vulnerabilities were discovered in qemu, a full virtualizationsolution on x86 hardware.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3469


*** USN-2880-2: Firefox regression ***
---------------------------------------------
Ubuntu Security Notice USN-2880-28th February, 2016firefox regressionA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryUSN-2880-1 introduced a regression in Firefox.Software description firefox - Mozilla Open Source web browser  DetailsUSN-2880-1 fixed vulnerabilities in Firefox. This update introduced aregression which caused Firefox to crash on startup with some configurations.This update fixes the problem.We apologize
---------------------------------------------
http://www.ubuntu.com/usn/usn-2880-2/