[CERT-daily] Tageszusammenfassung - Freitag 12-12-2014

Fri Dec 12 18:16:41 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 11-12-2014 18:00 − Freitag 12-12-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Otmar Lendl

*** Archie and Astrum: New Players in the Exploit Kit Market ***
---------------------------------------------
Thu, 11 Dec 2014 17:10:55 +0200
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002776.html


*** Researcher: Lax Crossdomain Policy Puts Yahoo Mail At Risk ***
---------------------------------------------
A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk.
---------------------------------------------
http://threatpost.com/researcher-lax-crossdomain-policy-puts-yahoo-mail-at-risk/109849


*** DSA-3098 graphviz - security update ***
---------------------------------------------
Joshua Rogers discovered a format string vulnerability in the yyerrorfunction in lib/cgraph/scan.l in Graphviz, a rich set of graph drawingtools. An attacker could use this flaw to cause graphviz to crash orpossibly execute arbitrary code.
---------------------------------------------
https://www.debian.org/security/2014/dsa-3098


*** ZDI-14-424: Honeywell OPOS Suite HWOPOSScale.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/8tlo_ZfI4BE/


*** ZDI-14-423: Honeywell OPOS Suite HWOPOSSCANNER.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ZDVuupIJS6Q/


*** ZDI-14-422: ManageEngine NetFlow Analyzer CollectorConfInfoServlet COLLECTOR_ID Directory Traversal Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/sBfZBCsAKl4/


*** ZDI-14-421: ManageEngine Password Manager Pro UploadAccountActivities filename Directory Traversal Denial of Service Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine Password Manager Pro. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/agLsqjzz9u4/


*** ZDI-14-420: ManageEngine Desktop Central MSP NativeAppServlet UDID JSON Object Code Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/YGf1aa88_QM/


*** Targeted Phishing Against GoDaddy Customers ***
---------------------------------------------
I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it's missing a name. When you get them from a bank you don't even deal with that's a pretty good clue. However, when the phishing is well doneRead More
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/uan3MNQ2J9g/targeted-phishing-against-godaddy-customers.html


*** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update B) ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02A Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02B


*** Wire transfer spam spreads Upatre ***
---------------------------------------------
The Microsoft Malware Protection Center (MMPC) is currently monitoring a spam email campaign that is using a wire transfer claim to spread Trojan:Win32/Upatre. It is important to note that customers running up-to-date Microsoft security software are protected from this threat. Additionally, customers with Microsoft Active Protection Service Community (MAPS) enabled also benefit from our cloud protection service. Upatre typically uses spam email campaigns to spread and then downloads other
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx


*** Digitaler Anschlag: Cyber-Attacke soll Ölpipeline zerstört haben ***
---------------------------------------------
Ein Cyber-Angriff soll 2008 die Explosion einer Ölpipeline in der Türkei verursacht haben, wie anonyme Quellen berichten. Es gibt dafür aber nur Indizien. (Cyberwar, Virus)
---------------------------------------------
http://www.golem.de/news/digitaler-anschlag-cyber-attacke-soll-oelpipeline-zerstoert-haben-1412-111128-rss.html


*** Cross-Signed Certificates Crashes Android ***
---------------------------------------------
We have discovered a vulnerability in Android that affects how cross-signed certificates are handled. No current Android release correctly handles these certificates, which are created when two certificates are signed with a looped certificate chain (certificate A signs certificate B; certificate B signs certificate A). We've already notified Google about this vulnerability, and there is no fix
Post from: Trendlabs Security Intelligence Blog - by Trend MicroCross-Signed
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/K85aQffE_W0/


*** Microsoft: Neues Zertifikats-Update, noch ein zurückgezogener Patch ***
---------------------------------------------
Microsoft hat ein neues Zertifikats-Update für Windows 7 und Server 2008 ausgeliefert, das die Update-Probleme beheben soll. In der Zwischenzeit musste allerdings der dritte Patch in wenigen Tagen zurückgezogen werden, da er Silverlight zerschossen hatte.
---------------------------------------------
http://www.heise.de/security/meldung/Microsoft-Neues-Zertifikats-Update-noch-ein-zurueckgezogener-Patch-2488906.html


*** Office für Mac 2011: Microsoft beseitigt kritische Schwachstelle ***
---------------------------------------------
Das Update für die OS-X-Version der Büro-Suite soll eine Sicherheitslücke in Word beseitigen, die das Einschleusen und Ausführen von Schadcode erlaubt. Auch ein kleineres Problem wird behoben.
---------------------------------------------
http://www.heise.de/security/meldung/Office-fuer-Mac-2011-Microsoft-beseitigt-kritische-Schwachstelle-2489046.html


*** Microsoft pulls Patch Tuesday fix - "Outlook can't connect to Exchange" ***
---------------------------------------------
Part of Patch Tuesday is now only partly available as Microsoft recalls its already-delayed Exchange 2010 update. Paul Ducklin takes a look...
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/pyrMdTGYdYo/


*** DFN-CERT-2014-1647/">MantisBT: Mehrere Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes ***
---------------------------------------------
12.12.2014
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2014-1647/


*** OphionLocker: Joining in the Ransomware Race ***
---------------------------------------------
Fri, 12 Dec 2014 16:32:35 +0200
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002777.html


*** SSL-Lücke: Der POODLE beißt Windows Phone 7 ***
---------------------------------------------
Windows Phone 7 kann Mails nur mit dem uralten SSL-Protokoll Version 3 abholen. Das wird aber von vielen Mailservern wegen der POODLE-Lücke nicht mehr angeboten. Auf Abhilfe können Nutzer wohl nicht hoffen. (Windows Phone, E-Mail)
---------------------------------------------
http://www.golem.de/news/ssl-luecke-der-poodle-beisst-windows-phone-7-1412-111153-rss.html