[CERT-daily] Tageszusammenfassung - Donnerstag 21-07-2016

Thu Jul 21 18:05:22 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 20-07-2016 18:00 − Donnerstag 21-07-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Cisco Unified Computing System Performance Manager Input Validation Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands.The vulnerability is due to insufficient input validation performed on parameters ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf


*** SoakSoak Botnets Now Pushing Neutrino Exploit Kit and CryptXXX Ransomware ***
---------------------------------------------
Research spot SoakSoak botnets spreading the Neutrino Exploit Kit that in turn infect the unsuspecting with the CryptXXX ransomware.
---------------------------------------------
http://threatpost.com/soaksoak-botnets-now-pushing-neutrino-exploit-kit-and-cryptxxx-ransomware/119379/


*** Everyones favorite infosec biz - Blue Coat - must cough up $40m to rival in patent rip-off row ***
---------------------------------------------
>From SSL cert blowup to busted infringement appeal Blue Coat has lost its appeal challenging a nearly $40m patent infringement lawsuit brought by rival security company ..
---------------------------------------------
www.theregister.co.uk/2016/07/20/blue_coat_finjan_lawsuit/


*** Tor Could Protect Your Smart Fridge From Spies and Hackers ***
---------------------------------------------
There's a growing fear that the exploding internet of things - from baby cams to pacemakers - could be a goldmine for spies and criminal hackers alike. Tor could help protect them.The post Tor Could Protect Your Smart Fridge From Spies and Hackers appeared first on The Intercept.
---------------------------------------------
https://theintercept.com/2016/07/20/tor-could-protect-your-smart-fridge-from-spies-and-hackers/


*** Facebook malware - the missing piece ***
---------------------------------------------
Recently we revealed that a threat actors exploited social networks to spread a Trojan that captures a victim's entire browser traffic. Approximately 10,000 Facebook users with Windows PCs were hit by malicious friend notifications. In this article we will explain the security issue and attack.
---------------------------------------------
http://securelist.com/blog/research/75476/facebook-malware-the-missing-piece/


*** Firefox blockiert bald Flash-Inhalte ***
---------------------------------------------
Ab Version 48 folgt ein strengerer Umgang mit der sterbenden Web-Technologie
---------------------------------------------
http://derstandard.at/2000041512429


*** Dell SonicWALL GSM comes with hidden default account ***
---------------------------------------------
While developing new audit modules for the company's vulnerability scanning technology, Digital Defense researchers found six vulnerabilities in Dell's SonicWALL Global Management System, four of them deemed critical. SonicWALL GMS is a central control, ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/07/21/dell-sonicwall-gsm-backdoor/


*** Kritischer Fehler: Wichtiges Update für Mac-Netzwerkkontrolleur Little Snitch ***
---------------------------------------------
Ein Bug ermöglicht einem Angreifer, den Netzwerkfilter der Mac-Software zu überlisten – die neu veröffentlichte Version soll das Problem ausräumen. Little Snitch überwacht ausgehende Netzwerkverbindungen in Mac OS X.
---------------------------------------------
http://heise.de/-3275508


*** Ciscos Unified Computing System anfällig für Schad-Code ***
---------------------------------------------
Im Unified Computing System Performance Manager klafft eine kritische Sicherheitslücke. Admins sollten die verfügbare abgesicherte Version zügig installieren. 
---------------------------------------------
http://heise.de/-3275609


*** Canadian Man Behind Popular 'Orcus RAT' ***
---------------------------------------------
Far too many otherwise intelligent and talented software developers these days apparently think they can get away with writing, selling and supporting malicious software and then couching their commerce ..
---------------------------------------------
http://krebsonsecurity.com/2016/07/canadian-man-is-author-of-popular-orcus-rat/