[CERT-daily] Tageszusammenfassung - Freitag 12-02-2016

Daily end-of-shift report team at cert.at
Fri Feb 12 18:07:25 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 11-02-2016 18:00 − Freitag 12-02-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** SC Congress: "flakey kettles and dolls that swear at you" ***
---------------------------------------------
Ken Munro, managing director of Pen Test Partners, showed the SC Congress just how easy it is to crack a whole range of IoT nonsense
---------------------------------------------
http://www.scmagazine.com/sc-congress-flakey-kettles-and-dolls-that-swear-at-you/article/473437/




*** Determining Physical Location on the Internet ***
---------------------------------------------
Interesting research: "CPV: Delay-based Location Verification for the Internet": Abstract: The number of location-aware services over the Internet continues growing. Some of these require the clients geographic location for security-sensitive applications. Examples include location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing geolocation techniques, e.g.,...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/02/determining_phy.html




*** New Trojan threatens users' bank accounts ***
---------------------------------------------
February 12, 2016 Banking Trojans are considered to be one of the most dangerous threats. Not only they have a complex architecture but they are also capable to perform a wide variety of functions. Yet, some attackers do not disdain to contrive rather primitive malicious programs such as, for example, Trojan.Proxy2.102, which was examined by Doctor Web specialists. Trojan.Proxy2.102 steals money from victims' bank accounts using the following method. Once launched, it installs a root...
---------------------------------------------
http://news.drweb.com/show/?i=9840&lng=en&c=9




*** Vermehrte Scans und Workarounds zu Ciscos ASA-Lücke ***
---------------------------------------------
Die Angreifer sammeln offenbar bereits aktiv Informationen zu möglicherweise verwundbaren Systemen, während die Verteidiger noch mit den Tücken des Updates kämpfen.
---------------------------------------------
http://heise.de/-3100443




*** Download.com and Others Bundle Superfish-Style HTTPS Breaking Adware ***
---------------------------------------------
It's a scary time to be a Windows user. Lenovo was bundling HTTPS-hijacking Superfish adware, Comodo ships with an even worse security hole called PrivDog, and dozens of other apps like LavaSoft are doing the same. It's really bad, but if you want your encrypted web sessions to be hijacked just head to CNET Downloads or any freeware site, because they are all bundling HTTPS-breaking adware now.
---------------------------------------------
http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-style-https-breaking-adware/




*** How to Avoid Potentially Unwanted Programs ***
---------------------------------------------
We've come up with a PUPs cheat sheet that businesses can use to train IT staff and users. A little PUPs awareness, if you will. Read on to learn more about how you get PUPs, Categories:  Online SecurityTags: avoidpotentially unwanted programsPUP(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/online-security/2016/02/how-to-avoid-potentially-unwanted-programs/




*** How to use the traffic light protocol - TLP ***
---------------------------------------------
The TLP or Traffic Light Protocol is a set of designations designed to help sharing of sensitive information. It has been widely adopted in the CSIRT and security community. The originator of the information labels the information with one of four colours. These colours indicate what further dissemination, if any, can be undertaken by the recipient. Note that the colours only mark the level of dissemination, not the sensitivity level (although they often align).
---------------------------------------------
https://www.vanimpe.eu/2015/08/21/use-traffic-light-protocol-tlp/




*** D-Link DSL-2750B Remote Command Execution ***
---------------------------------------------
Topic: D-Link DSL-2750B Remote Command Execution Risk: High Text:After some playing around Ive noticed something interesting during login phase: by sending wrong credentials, user is redirec...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020128




*** Sophos UTM 9 Cross Site Scripting ***
---------------------------------------------
Topic: Sophos UTM 9 Cross Site Scripting Risk: Low Text: -- Vendor: -- Sophos (https://www.sophos.com) -- Affected Products/Versions: -- Produc...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020117




*** ASUS Router Administrative Interface Exposure ***
---------------------------------------------
Topic: ASUS Router Administrative Interface Exposure Risk: Low Text:Asus wireless routers running ASUSWRT firmware (in other words, anything with an RT- in the model name) have a design flaw in w...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020116




*** ZCM 11.3.x - Fix for CVE-2015-5970 ZCM ZENworks ChangePassword XPath Injection Information Disclosure Vulnerability - See TID 7017240 ***
---------------------------------------------
Abstract: Vulnerability overview: CVE-2015-5970 An XPath injection exists in the ChangePassword RPC method implementation. By combining this with an entity reference to a file on the appliance, an attacker can exfiltrate arbitrary text files from the vulnerable device.This issue has been found and reported by cpnrodzc7 working with HPs Zero Day Initiative (ZDI-CAN-3136). Patch overview: This patch contains the necessary files and installation information to correct the below issue on ZCM 11.3.x
---------------------------------------------
https://download.novell.com/Download?buildid=vt0EO0DgaX8~




*** ZCM 11.4.x - Fix for CVE-2015-5970 ZCM ZENworks ChangePassword XPath Injection Information Disclosure Vulnerability - See TID 7017240 ***
---------------------------------------------
Abstract: Vulnerability overview: CVE-2015-5970 An XPath injection exists in the ChangePassword RPC method implementation. By combining this with an entity reference to a file on the appliance, an attacker can exfiltrate arbitrary text files from the vulnerable device.This issue has been found and reported by cpnrodzc7 working with HPs Zero Day Initiative (ZDI-CAN-3136). Patch overview: This patch contains the necessary files and installation information to correct the below issue on ZCM 11.4.x
---------------------------------------------
https://download.novell.com/Download?buildid=SOM6P0NdZ5U~




*** PostgreSQL Bugs Let Remote Users Deny Service and Let Remote Authenticated Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1035005




*** DFN-CERT-2016-0260: Mozilla Firefox, Firefox ESR: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0260/




*** DFN-CERT-2016-0263: Cacti: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0263/


More information about the Daily mailing list