[CERT-daily] Tageszusammenfassung - Montag 14-03-2016

Mon Mar 14 18:07:40 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 11-03-2016 18:00 − Montag 14-03-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** VU#713312: DTE Energy Insight app vulnerable to information exposure ***
---------------------------------------------
The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers.
---------------------------------------------
http://www.kb.cert.org/vuls/id/713312


*** Mehr als zwei Jahre alter Java-Security-Patch von Oracle immer noch verwundbar ***
---------------------------------------------
Geht es nach dem Sicherheitsexperten Adam Gowdiak hat Oracle vor mehr als zwei Jahren eine Sicherheitslücke falsch bewertet und zudem bei dem Patch gepfuscht, der den Fehler eigentlich hätte beseitigen sollen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Mehr-als-zwei-Jahre-alter-Java-Security-Patch-von-Oracle-immer-noch-verwundbar-3133437.html


*** The Source of All Major Android Banking Trojans Just Got Updated To V2 ***
---------------------------------------------
An anonymous reader writes: Apparently, during the past months it has started coming to the surface the fact that most top-tier Android malware was actually related, coming from a common malware variant called GM Bot, and sold for only ..
---------------------------------------------
http://news.slashdot.org/story/16/03/12/1556259/the-source-of-all-major-android-banking-trojans-just-got-updated-to-v2


*** Google Chrome Extension Caught Stealing Bitcoin From Users ***
---------------------------------------------
An anonymous reader writes: Bitcoin exchange portal Bitstamp is warning users of a Google Chrome extension that steals their Bitcoin when making a transfer. According to Bitstamp, this extension contains malicious code that is redirecting ..
---------------------------------------------
http://news.slashdot.org/story/16/03/12/2328254/google-chrome-extension-caught-stealing-bitcoin-from-users


*** Armada Collective is back, extorting Financial Intuitions in Switzerland ***
---------------------------------------------
These extortion emails usually originate from free email service providers (such as Gmail or Openmail) and are being sent to the info@ email address of the targeted financial institution. Unlike the extortion attempts conducted by Armada Collective in September 2015, we are not aware of ..
---------------------------------------------
http://www.govcert.admin.ch/blog/19/armada-collective-is-back-extorting-financial-intuitions-in-switzerland


*** Auto vulnerability scanners turn up mostly false positives ***
---------------------------------------------
Automated vulnerability scanners turn up mostly false positives, but even the wild goose chase that results can be cheaper for businesses than manual processes, according to NCC Group security engineer Clint Gibler.
---------------------------------------------
http://www.theregister.co.uk/2016/03/14/cheap_auto_vulnerability_scanners_can_have_a_16000_opex_tag/


*** SSA-833048 (Last Update 2016-03-14): Vulnerability in SIMATIC S7-1200 CPUs prior to V4 ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-833048.pdf


*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects TS4500 (CVE-2015-7547) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1005695


*** IBM Security Bulletin: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1023395


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21975835


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry (CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1023378


Botnets Plague the Web. This AI Is Out to Stop Them
---------------------------------------------
A group of Israeli researchers believe they are the first to have discovered a way to locate botnets and identify who is behind them, by planting honeypots that gather information about attacks carried out by the network, and analyzing that data with machine learning programs.
---------------------------------------------
https://motherboard.vice.com/read/botnets-plague-the-web-this-ai-is-out-to-stop-them


*** Broken 2013 Java Patch Leads to Sandbox Bypass ***
---------------------------------------------
A patch for a critical 2013 Java vulnerability is incomplete, and exposes Java servers and clients to a sandbox bypass, researchers at Security Explorations of Poland said.
---------------------------------------------
http://threatpost.com/broken-2013-java-patch-leads-to-sandbox-bypass/116757/