[CERT-daily] Tageszusammenfassung - Freitag 29-01-2016

Fri Jan 29 18:15:54 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 28-01-2016 18:00 − Freitag 29-01-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Elaborate iCloud Phish Used To Activate Stolen iPhones ***
---------------------------------------------
Lost your iphone? Beware of messages claiming it was found.Categories:  Phishing(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/phishing/2016/01/elaborate-icloud-phish-used-to-activate-stolen-iphones-2/


*** New Attacks Linked to C0d0so0 Group ***
---------------------------------------------
While recently researching unknown malware and attack campaigns using the AutoFocus threat intelligence platform, Unit 42 discovered new activity that appears related to an adversary group previously called "C0d0so0" or "Codoso". This group is well...
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/


*** Ein Schlüssel fürs ungesicherte Smart Home ***
---------------------------------------------
Experten warnen vor unsicheren Eigenheim-Lösungen, die mit dem Internet verbunden sind. Konsumenten sollten von den Herstellern mehr Sicherheit einfordern.
---------------------------------------------
http://futurezone.at/digital-life/ein-schluessel-fuers-ungesicherte-smart-home/177.111.264


*** Trojan targeted dozens of games on Google Play ***
---------------------------------------------
January 28, 2016 Doctor Web security researchers detected the Android.Xiny.19.origin Trojan that targeted dozens of games published on the Google Play store. The Trojan is designed to download, install, and run programs upon receiving a command from cybercriminals. Besides, it can display annoying advertisements. The Trojan was incorporated into more than 60 games that were then distributed via Google Play in the names of more than 30 game developers, including Conexagon Studio, Fun Color...
---------------------------------------------
http://news.drweb.com/show/?i=9803&lng=en&c=9


*** OpenSSL-Lücke: Die Sache mit den sicheren Primzahlen ***
---------------------------------------------
OpenSSL hat mit einem Sicherheitsupdate eine Sicherheitslücke im Diffie-Hellman-Schlüsselaustausch behoben, deren Risiko als "hoch" eingestuft wird. Allerdings dürfte kaum jemand von der Lücke praktisch betroffen sein.
---------------------------------------------
http://www.golem.de/news/openssl-luecke-die-sache-mit-den-sicheren-primzahlen-1601-118812-rss.html


*** Auto mit bösartigem Lied gekapert ***
---------------------------------------------
Ein Sicherheitsforscher, der bereits 2010 eine kritische Lücke in einem Automobil-System entdeckte, hat nun erklärt, wie sie funktioniert: mit Schadcode, der in einem Song versteckt wurde. Auch heute sind ähnliche Angriffe noch immer denkbar.
---------------------------------------------
http://heise.de/-3087160


*** 27% of all malware variants in history were created in 2015 ***
---------------------------------------------
Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year.That averages out to around 230,000 new malware samples a day, said Luis Corrons, technical director of Pandas PandaLabs unit. Or 27 percent of all malware ever created.Trojans continued to account for the main bulk of malware, at 51.45 percent, followed by viruses at 22.79 percent, worms at 13.22 percent, potentially...
---------------------------------------------
http://www.cio.com/article/3027621/cyber-attacks-espionage/27-of-all-malware-variants-in-history-were-created-in-2015.html


*** From Linux to Windows - New Family of Cross-Platform Desktop Backdoors Discovered ***
---------------------------------------------
Background Recently we came across a new family of cross-platform backdoors for desktop environments. First we got the Linux variant, and with information extracted from its binary, we were able to find the variant for Windows desktops, too. Not only...
---------------------------------------------
http://securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/


*** Guest talk: "Hidden GEMs: Automated Discovery of Access Control Vulnerabilities in Graphical User Interfaces" ***
---------------------------------------------
February 02, 2016 - 11:00 am - 12:00 pm SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/guest-talk-hidden-gems-automated-discovery-of-access-control-vulnerabilities-in-graphical-user-interfaces/


*** Security Advisory: Linux kernel vulnerability CVE-2015-7509 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/73/sol73189318.html?ref=rss


*** DSA-3459 mysql-5.5 - security update ***
---------------------------------------------
Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by upgrading MySQL to the new upstreamversion 5.5.47. Please see the MySQL 5.5 Release Notes and OraclesCritical Patch Update advisory for further details:
---------------------------------------------
https://www.debian.org/security/2016/dsa-3459


*** Westermo Industrial Switch Hard-coded Certificate Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a hard-coded certificate vulnerability in Westermo's industrial switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-028-01


*** JBoss Data Virtualization Object Deserialization FlawLets Remote Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1034815


*** Cisco Small Business 500 Series Switches Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs


*** Cisco Unity Connection User Search Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc


*** Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl


*** nginx DNS Processing Flaws Let Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1034869


*** Bugtraq: ProjectSend multiple vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537402


*** Telegram (API) Cross Site Request Forgery ***
---------------------------------------------
Topic: Telegram (API) Cross Site Request Forgery Risk: Medium Text:Document Title: Telegram (API) - Cross Site Request Forgery Vulnerabilities References (Source): == http:/...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016010208


*** HP Security Bulletins ***
---------------------------------------------
*** HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution ***
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04953244
---------------------------------------------
*** HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS) ***
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04952480
---------------------------------------------
*** HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS) ***
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04952488
---------------------------------------------
*** HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification ***
https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
---------------------------------------------
*** Bugtraq: [security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS) ***
http://www.securityfocus.com/archive/1/537401
---------------------------------------------
*** Bugtraq: [security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities ***
http://www.securityfocus.com/archive/1/537400
---------------------------------------------


*** Novell Patches ***
---------------------------------------------
*** IDM 4.5 Engine & Remote Loader Service Pack 3 4.5.3 ***
https://download.novell.com/Download?buildid=Rjs_0SapjGg~
---------------------------------------------
*** IDM 4.5 Identity Applications 4.5.3 ***
https://download.novell.com/Download?buildid=N63wVOwZf_s~
---------------------------------------------
*** NetIQ Identity Manager Service Pack 3 - Designer 4.5.3 ***
https://download.novell.com/Download?buildid=QgHXVOxv310~
---------------------------------------------
*** iManager 2.7 Support Pack 7 - Patch 6 for Windows ***
https://download.novell.com/Download?buildid=RYH_EkORvU4~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 7 for Linux ***
https://download.novell.com/Download?buildid=l6ulyqWxDv8~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 7 for Windows ***
https://download.novell.com/Download?buildid=HTund35qCFk~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 7 (non-root) for Linux ***
https://download.novell.com/Download?buildid=Drw3BqUXIo4~
---------------------------------------------
*** iManager 2.7 Support Pack 7 - Patch 6 for Linux ***
https://download.novell.com/Download?buildid=E9m024HXLHw~
---------------------------------------------