[CERT-daily] Tageszusammenfassung - Montag 1-12-2014
Daily end-of-shift report
team at cert.at
Mon Dec 1 18:11:42 CET 2014
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 28-11-2014 18:00 − Montag 01-12-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** [Update] (Keine) Sicherheitsheitslücke in Ciscos H.264-Modul für Firefox ***
---------------------------------------------
Cisco hat eine Sicherheitswarnung wegen seines jüngst für Firefox bereitgestellten Video-Codecs herausgegeben. [update]Allerdings soll dies nicht die im aktuellen Webbrowser verwendete Version betreffen.[/update]
---------------------------------------------
http://www.heise.de/security/meldung/Update-Keine-Sicherheitsheitsluecke-in-Ciscos-H-264-Modul-fuer-Firefox-2468153.html
*** EVIL researchers dupe EVERY 32 bit GPG print ***
---------------------------------------------
Keys fall in four seconds Researchers have found collision attacks for 32 bit GPG keys leaving the superseded technology well and truly dead.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/12/01/evil_researchers_dupe_every_32bit_gpg_print/
*** Critical denial of service vulnerability in OpenVPN servers ***
---------------------------------------------
A critical denial of service security vulnerability affecting OpenVPN servers was recently brought to our attention. A fixed version of OpenVPN (2.3.6) will be released today/tomorrow (1st Dec 2014) at around 18:00 UTC.
---------------------------------------------
https://forums.openvpn.net/topic17625.html
*** FIN4: Stealing Insider Information for an Advantage in Stock Trading? ***
---------------------------------------------
FireEye tracks a threat group that we call “FIN4,” whose intrusions seem to have a different objective: to obtain an edge in stock trading. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html
*** ENISA survey: New Directions in securing personal Data ***
---------------------------------------------
Under the growing interest in the areas of personal data protection and cryptography, ENISA has launched a project with the objective to detect the existing technological gaps in the fields.
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/enisa-survey-new-directions-in-securing-personal-data
*** Flushing out the Crypto Rats - Finding "Bad Encryption" on your Network, (Mon, Dec 1st) ***
---------------------------------------------
Just when folks get around to implementing SSL, we need to retire SSL! Not a week goes buy that a client isnt asking me about SSL (or more usually TLS) vulnerabilities or finding issue son their network. In a recent case, my client had just finished a datacenter / PCI audit, and had one of his servers come up as using SSL 2.0, which of course has been deprecated since 1996 - the auditors recommendation was to update to SSL 3.0 (bad recommendation, keep reading on). When he then updated to SSL...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19009&rss
*** AGbot DDoS Attacks Internet VNC Servers ***
---------------------------------------------
Last week, our FortiGuard Labs Threat Intelligence system was able to capture a DDoS attack targeting internet VNC servers. The attack was raised by a brand new IrcBot, which we are detecting as W32/AGbot.AB!tr. Let's now dig into the details of this attack.
---------------------------------------------
http://blog.fortinet.com/post/agbot-ddos-attacks-internet-vnc-servers
*** Researchers identify POS malware targeting ticket machines, electronic kiosks ***
---------------------------------------------
Electronic kiosks and ticketing systems are being targeted by a new type of point-of-sale (POS) threat known as "d4re|dev1|," which acts as an advanced backdoor with remote administration and has RAM scraping and keylogging features, according to IntelCrawler.
---------------------------------------------
http://www.scmagazine.com/researchers-identify-pos-malware-targeting-ticket-machines-electronic-kiosks/article/385558/
*** Early version of new POS malware family spotted ***
---------------------------------------------
A security researcher came across what appears to be a new family of point-of-sale malware that few antivirus programs were detecting. Nick Hoffman, a reverse engineer, wrote the Getmypass malware shares traits that are similar to other so-called RAM scrapers, which collect unencrypted payment card data held in a payment system's memory.
---------------------------------------------
http://www.cio.com/article/2853274/early-version-of-new-pos-malware-family-spotted.html
*** Sandbox Escape Bug in Adobe Reader Disclosed ***
---------------------------------------------
Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google's Project Zero and reported to Adobe, which made a change to Reader that made it...
---------------------------------------------
http://threatpost.com/sandbox-escape-bug-in-adobe-reader-disclosed/109637
*** Using Shodan from the Command-Line ***
---------------------------------------------
Have you ever needed to write a quick script to download data from Shodan? Or setup a cronjob to check what Shodan found on your network recently? How about getting a list of IPs out of the Shodan API? For the times where you'd like to have easy script-friendly access to Shodan there's now a new command-line tool appropriately called shodan.
---------------------------------------------
http://shodanio.wordpress.com/2014/12/01/using-shodan-from-the-command-line/
*** l+f: Türsteuerung mit Hintertür ***
---------------------------------------------
Beim Türsteuerungsmodul Entrypass N5200 ist der Name Programm: Rein kommt jeder - zumindest wenn er nicht durch die Tür sondern übers Netz kommt.
---------------------------------------------
http://www.heise.de/security/meldung/l-f-Tuersteuerung-mit-Hintertuer-2470024.html
*** Dridex Phishing Campaign uses Malicious Word Documents, (Mon, Dec 1st) ***
---------------------------------------------
This is a guest diary submitted by Brad Duncan. During the past few months, Botnet-based campaigns have sent waves of phishing emails associated with Dridex. Today, well examine a wave that occurred approximately 3 weeks ago. The emails contained malicious Word documents, and with macros enabled, these documents infected Windows computers with Dridex malware. Various people have posted about Dridex [1] [2], and some sites like Dynamoos blog [3] and TechHelpList [4] often report on these and
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19011&rss
*** Malware: Gefälschte Telekom-Rechnungen mit vollständigen Kundennamen ***
---------------------------------------------
Die seit November 2014 kursierenden Mails mit Malware in Form von Dateianhängen an vermeintlichen Rechnungen der Telekom haben eine neue Qualität erreicht. Die Empfänger werden darin nun mit ihrem Vor- und Nachnamen angesprochen.
---------------------------------------------
http://www.golem.de/news/malware-gefaelschte-telekom-rechnungen-mit-vollstaendigen-kundennamen-1412-110884-rss.html
*** Clubbing Seals - Exploring the Ecosystem of Third-party Security Seals ***
---------------------------------------------
Is this website secure? Well, it just contains statically generated content and holds no personal information, so most likely it is. But how would you be able to tell whether it actually is secure? This problem is exactly what security seal providers are trying to tackle. These seal providers offer a service which allows website owners to show their customers that their website is secure, and therefore safe to use. This works as follows:...
---------------------------------------------
https://vagosec.org/2014/11/clubbing-seals/
*** Raiffeisen warnt vor Trojaner beim Online-Banking ***
---------------------------------------------
Keine "Test-Überweisungen" durchführen
---------------------------------------------
http://derstandard.at/2000008856256
*** DSA-3081 libvncserver ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3081
*** DSA-3080 openjdk-7 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3080
*** DSA-3083 mutt ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3083
*** DSA-3082 flac ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3082
*** Security Notice-Statement on Multiple Vulnerabilities in Huawei P2 Smartphone ***
---------------------------------------------
Nov 29, 2014 17:47
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-400614.htm
*** Vuln: LibYAML and Perl YAML-LibYAML Module scanner.c Remote Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/71349
*** Bugtraq: CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534124
More information about the Daily
mailing list