[CERT-daily] Tageszusammenfassung - Mittwoch 30-07-2014

Wed Jul 30 18:09:10 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 29-07-2014 18:00 − Mittwoch 30-07-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** 22 Jump Street, Transformers Are Top Movie Lures for Summer ***
---------------------------------------------
Summertime has become synonymous with blockbuster movies. Unfortunately, these movies have become a go-to social engineering lure used by cybercriminals. Just like in previous years, Trend Micro engineers searched for possible threats related to movies released during the summer. This year, 22 Jump Street was the top movie used for social ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/22-jump-street-transformers-are-top-movie-lures-for-summer/


*** Google Android Certificate Chain Validation Flaw Lets Applications Gain Elevated Privileges ***
---------------------------------------------
The software does not properly validate an application's certificate chain. An application can supply a specially crafted application identity certificate to impersonate a privileged application and gain access to vendor-specific device administration extensions.
---------------------------------------------
http://www.securitytracker.com/id/1030654


*** Erpressungs-Trojaner CTB-Locker verschlüsselt sicher und verwischt Spuren ***
---------------------------------------------
Wenn man diesem Schädling zum Opfer fällt, gibt es wenig Hoffnung für die eigenen Daten. Diese sind mit State-of-the-Art-Verschlüsselung gesichert und der Trojaner kommuniziert nur verschlüsselt über das Tor-Netz mit seinen Kontrollservern.
---------------------------------------------
http://www.heise.de/security/meldung/Erpressungs-Trojaner-CTB-Locker-verschluesselt-sicher-und-verwischt-Spuren-2277805.html


*** Symantec Endpoint Protection 0day ***
---------------------------------------------
In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.
---------------------------------------------
http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/


*** Scan Shows Possible Heartbleed Fix Failures ***
---------------------------------------------
Of more than 1,600 Global 2000 firms, only 3% of their public-facing servers have been fully and properly locked down from the Heartbleed vulnerability that was first revealed ..
---------------------------------------------
http://www.darkreading.com/vulnerabilities---threats/vulnerability-management/scan-shows-possible-heartbleed-fix-failures-/d/d-id/1297649


*** Tor security advisory: "relay early" traffic confirmation attack ***
---------------------------------------------
On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.
---------------------------------------------
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack


*** Internet of Things: Kreditkartennummern und das Passwort 1234 ***
---------------------------------------------
Hersteller von vernetzten Geräten gehen sorglos mit deren Sicherheit um. Kaputte Webinterfaces, überflüssige Kreditkarteninformationen und zu einfache Passwörter wie 1234 machen viele Geräte angreifbar.
---------------------------------------------
http://www.golem.de/news/internet-of-things-kreditkartennummern-und-das-passwort-1234-1407-108230-rss.html


*** Multiple vulnerabilities in Kunena Forum Extension for Joomla ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532933
http://www.securityfocus.com/archive/1/532932


*** Multiple vulnerabilities in SAP products ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94932
http://xforce.iss.net/xforce/xfdb/94931
http://xforce.iss.net/xforce/xfdb/94930
http://xforce.iss.net/xforce/xfdb/94922
http://xforce.iss.net/xforce/xfdb/94923
http://xforce.iss.net/xforce/xfdb/94921