[CERT-daily] Tageszusammenfassung - Freitag 19-12-2014

Fri Dec 19 18:13:24 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 18-12-2014 18:00 − Freitag 19-12-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Misfortune Cookie crumbles router security: 12 MILLION+ in hijack risk ***
---------------------------------------------
Homes, businesses menaced by vulnerable software exposed to the internet Infosec biz Check Point says it has discovered a critical software vulnerability that allows hackers to hijack home and small business broadband routers across the web.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/12/18/misfortune_cookie/


*** Metasploit Weekly Wrapup: Get the 411 ***
---------------------------------------------
This week, we released Metasploit version 4.11 to the world -- feel free to download it here if you're the sort that prefers the binary install over the somewhat Byzantine procedure for setting up a development environment. Which you should be, because the binary installers (for Windows and Linux) have all the dependencies baked in and you don't have to monkey around with much to get going. The two major features with this release center around reorganizing the bruteforce workflow to make things more sensible and usable for larger-scale password audits, and much better visualization on figuring out where the weak link is/was in the organization under test when stolen credentials were used to extend control.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/12/18/metasploit-weekly-wrapup


*** Vulnerability announced: update your Git clients ***
---------------------------------------------
A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem.
---------------------------------------------
https://github.com/blog/1938-vulnerability-announced-update-your-git-clients


*** How Cybercriminals Dodge Email Authentication ***
---------------------------------------------
Email authentication and validation is one method that is used to help bring down the levels of spam and phishing by identifying senders so that malicious emails can be identified and discarded. Two frameworks are in common usage today; these are SPF and DKIM. SPF (Sender Policy Framework): Defined in RFC 7208, SPF provides a...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/27Kj0gN8uNo/


*** Smart grid security certification in Europe: Challenges and Recommendations ***
---------------------------------------------
ENISA issues today a report on Smart grid security certification in Europe targeted at EU Member States (MS), the Commission, certification bodies and the private sector; with information on several certification approaches across the EU and other MS and EFTA countries. It describes the specific European situation, and discusses the advantages and challenges towards a more harmonised certification practice.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/smart-grid-security-certification-in-europe-challenges-and-recommendations


*** USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds ***
---------------------------------------------
Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it's a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in...
---------------------------------------------
http://threatpost.com/usbdriveby-device-can-install-backdoor-override-dns-settings-in-seconds/109976


*** TA14-352A: Server Message Block (SMB) Worm Tool ***
---------------------------------------------
Unknown cyber-threat actors have been identified employing sophisticated malware, and Indicators of Compromise (IOC) have been provided to mitigate this threat.
---------------------------------------------
http://www.exploitthis.com/2014/12/ta14-352a-server-message-block-smb-worm-tool.html


*** Save the date: ENISA Workshop on EU Threat Landscape ***
---------------------------------------------
24th February 2015, Hotel Metropole, Brussels
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/save-the-date-enisa-workshop-on-eu-threat-landscape


*** SS7 Vulnerabilities ***
---------------------------------------------
There are security vulnerability in the phone-call routing protocol called SS7. The flaws discovered by the German researchers are actually functions built into SS7 for other purposes -- such as keeping calls connected as users speed down highways, switching from cell tower to cell tower -- that hackers can repurpose for surveillance because of the lax security on the network....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/12/ss7_vulnerabili.html


*** Information-stealing Vawtrak malware evolves, becomes more evasive ***
---------------------------------------------
SophosLabs has recently observed some cunning changes made by the authors of the dangerous banking malware Vawtrak. James Wyke explains.
---------------------------------------------
https://nakedsecurity.sophos.com/2014/12/19/information-stealing-vawtrak-malware-evolves-becomes-more-evasive/


*** Emerson Patches Series of Flaws in Controllers Used in Oil and Gas Pipelines ***
---------------------------------------------
Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an...
---------------------------------------------
http://threatpost.com/emerson-patches-series-of-flaws-in-controllers-used-in-oil-and-gas-pipelines/109985


*** Novell - Patches for GroupWise and eDirectory ***
---------------------------------------------
https://download.novell.com/Download?buildid=tveSooKDw3Q~
https://download.novell.com/Download?buildid=mdWLZGP0Glk~
https://download.novell.com/Download?buildid=gHTDteZoK34~
https://download.novell.com/Download?buildid=3dJODsdcDKE~


*** Subversion mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031403


*** Subversion mod_dav_svn REPORT Request Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031402


*** Honeywell Experion PKS Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in Honeywell's Experion Process Knowledge System (EPKS) application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-352-01


*** Innominate mGuard Privilege Escalation Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a privilege escalation vulnerability affecting all mGuard devices.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-352-02


*** Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update C) ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02B Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 11, 2014, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-329-02C


*** Emerson ROC800 Multiple Vulnerabilities (Update B) ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-13-259-01B


*** [2014-12-19] XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor ***
---------------------------------------------
Two vulnerabilities in the NetIQ eDirectory iMonitor allow an attacker to take over a user session and potentially leak sensitive data. An attacker could compromise an administrative account and e.g. tamper a centralized user database.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt


*** Live Forms <= 1.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7728