[CERT-daily] Tageszusammenfassung - Donnerstag 11-12-2014

Thu Dec 11 18:04:56 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 10-12-2014 18:00 − Donnerstag 11-12-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Critical vulnerability affecting HD FLV Player ***
---------------------------------------------
We've been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched on Joomla! and WordPress, leaving the custom website version vulnerable. Furthermore, websites ..
---------------------------------------------
http://blog.sucuri.net/2014/12/critical-vulnerability-in-joomla-hd-flv-player-plugin.html


*** Underground black market: Thriving trade in stolen data, malware, and attack services ***
---------------------------------------------
The underground market is still booming after recent major data breaches. The price of stolen email accounts has dropped substantially, but the value of ..
---------------------------------------------
http://www.symantec.com/connect/blogs/underground-black-market-thriving-trade-stolen-data-malware-and-attack-services


*** Odd new ssh scanning, possibly for D-Link devices, (Wed, Dec 10th) ***
---------------------------------------------
I noticed it in my own logs overnight and also had a couple of readers (both named Paul) report some odd new ssh scanning overnight. The scanning involves many sites, likely a botnet, attempting to ssh in as 3 users, D-Link, admin, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19055


*** Microsoft Enables Removal of SSL 3.0 Fallback In IE ***
---------------------------------------------
Microsoft has given Windows admins the option to remove the SSL 3.0 fallback from Internet Explorer. By disabling SSL 3.0, IE is no longer vulnerable to POODLE attacks.
---------------------------------------------
http://threatpost.com/microsoft-enables-removal-of-ssl-3-0-fallback-in-ie/109821


*** FreeBSD Buffer Overflow in libc stdio Lets Local Users Deny Service or Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1031343


*** FreeBSD file(1) and libmagic(3) File Processing Flaws Let Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031344


*** WordPress Uninstall <= 1.1 - WordPress Deletion via CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7715


*** Mysterious Turla Linux backdoor also for Solaris? ***
---------------------------------------------
There has been numerous reports about the mysterious Linux backdoor connected to Turla, an APT family. The malware has some pretty interesting features, the most interesting being its ability to sniff the network interface. More specifically, it ..
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002775.html


*** Regin ***
---------------------------------------------
Wir haben in der Woche ab dem 24. November 2014 zum Thema Regin regelmässige Status-Updates an die GovCERT Constituency (in unserer Rolle als GovCERT Austria), die potentiell betroffenen Sektoren (im Rahmen des ATC) und den CERT-Verbund verschickt.Dieser Blogpost stellt unsere Timeline ..
---------------------------------------------
http://www.cert.at/services/blog/20141211105745-1339.html


*** Patch-Debakel: Microsoft zieht erneut Update zurück ***
---------------------------------------------
Nach einem fehlerhaften Rollup-Update für Exchange musste Microsoft nun auch einen Patch für die Root-Zertifikate in Windows zurückziehen. Probleme mit Updates und Patches hatte Microsoft in letzter Zeit des öfteren.
---------------------------------------------
http://www.heise.de/security/meldung/Patch-Debakel-Microsoft-zieht-erneut-Update-zurueck-2487143.html


*** Cyber-Spionage: Auf Roter Oktober folgt Cloud Atlas ***
---------------------------------------------
Eine neue Angriffswelle mit gezielten Attacken droht: Cloud Atlas soll die nächste digitale Spionagekampagne sein. Die Malware sei eine aktualisierte Variante von Roter Oktober, sagen IT-Sicherheitsexperten.
---------------------------------------------
http://www.golem.de/news/cyber-spionage-auf-roter-oktober-folgt-cloud-atlas-1412-111120-rss.html