[CERT-daily] Tageszusammenfassung - Donnerstag 14-08-2014

Thu Aug 14 18:08:12 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 13-08-2014 18:00 − Donnerstag 14-08-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Safari: Apple behebt diverse Sicherheitslücken ***
---------------------------------------------
Der Hersteller hat in der Nacht zum Donnerstag seinen hauseigenen Browser für verschiedene Betriebssysteme aktualisiert. Für Entwickler stellte Apple außerdem eine weitere Vorschauversion von OS X 10.9.5 bereit.
---------------------------------------------
http://www.heise.de/security/meldung/Safari-Apple-behebt-diverse-Sicherheitsluecken-2292200.html


*** Vulnerability in Spotify Android App May Lead to Phishing ***
---------------------------------------------
We have discovered a vulnerability that affects versions of the Spotify app for Android older than 1.1.1. If exploited, the vulnerability can allow bad guys to control what is being displayed on the app interface. This vulnerability can be potentially abused by cybercriminals to launch phishing attacks that may result to information loss or theft.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ZJMVGX3NMwk/


*** Portal: Tor für mobile Router ***
---------------------------------------------
Anonymes Surfen mit Tor ist noch sicherer, wenn die Software nicht auf dem eigenen Rechner läuft. Die Software Portal integriert Tor in der Firmware Openwrt und lässt sich so auf ausgewählten mobilen Routern nutzen.
---------------------------------------------
http://www.golem.de/news/portal-tor-fuer-mobile-router-1408-108575-rss.html


*** Tiny Malware PoC: Malware Without IAT, DATA OR Resource Section ***
---------------------------------------------
Have you ever wondered about having an EXE without any entry in IAT (Import Address Table) at all? Well, I knew that its possible, but never saw an actual exe file without IAT entry. So I developed an application which is 1,536 bytes and still does basic annoying malware things.
---------------------------------------------
http://www.codeandsec.com/PoC-Tiny-Malware-Without-IAT-DATA-Or-Resource-Section


*** SAMHAIN v3.1.2 Released ***
---------------------------------------------
The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially different operating systems, providingcentralized logging and maintenance, although it can also be used as standalone application on a single host.
---------------------------------------------
http://www.toolswatch.org/2014/08/samhain-v3-1-2-released/


*** ZeroLocker ***
---------------------------------------------
Recently in the news we saw FireEye and Fox-IT provide the ability to decrypt files encrypted by older crpytolocker variants. They used the command and control servers seized by the FBI during operation Tovar. Since they have access to those RSA keys they essentially have the password required for every single file encrypted by a Cryptolocker variant that used Evgeniy Bogachev's botnet.
---------------------------------------------
http://www.webroot.com/blog/2014/08/14/zero-locker/


*** JSA10643 - 2014-08 Security Bulletin: Juniper Secure Analytics (JSA)/Security Threat Response Manager (STRM): Multiple vulnerabilities resolved by third party software upgrades. ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10643&actp=RSS


*** JSA10642 - 2014-08 Security Bulletin: Network and Security Manager NSM: Multiple vulnerabilities ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10642&actp=RSS


*** Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting ***
---------------------------------------------
Topic: Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting Risk: Medium Text:<!-- Exploit for Disqus for Wordpress admin stored CSRF+XSS up to v2.7.5 Blog post explainer: https://www.nikcub.com/posts/...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014080064


*** Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information ***
---------------------------------------------
http://www.securitytracker.com/id/1030732


*** SSA-310688 (Last Update 2014-08-14): Denial-of-Service Vulnerability in SIMATIC S7-1500 CPU ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-310688.pdf


*** SSA-234763 (Last Update 2014-08-14): OpenSSL Vulnerabilities in Siemens Industrial Products ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234763.pdf


Next End-of-Shift report on 2014-08-18