[CERT-daily] Tageszusammenfassung - Mittwoch 12-03-2014

Wed Mar 12 18:07:40 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 11-03-2014 18:00 − Mittwoch 12-03-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** When ASLR makes the difference ***
---------------------------------------------
We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation (ASLR) in modern software because it's a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation. In today's blog, we'll go through ASLR one more time to show in practice how it can be valuable to mitigate two real exploits seen in the wild and to suggest solutions for programs...
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2014/03/11/when-aslr-makes-the-difference.aspx


*** Zeus-in-the-mobile variant uses security firms name to gain victims trust ***
---------------------------------------------
Android users are tricked into installing a spurious "security" app, which allows fraudsters to bypass one-time password authentication for online banking.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/uCKACIRIxoI/


*** BB10s dated crypto lets snoops squeeze the juice from your BlackBerry ***
---------------------------------------------
BEAST will attack your sensitive web traffic, warns poster BlackBerry BB10 OS uses dated protocols that leave users at risk to known cryptographic attacks, according to a security researcher.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/03/12/bb10_dated_crypto/


*** WhatsApp erweitert Einstellungen zur Privatsphäre und bleibt trotzdem unsicher ***
---------------------------------------------
Der Schutz der Privatsphäre bleibt in WhatsApp löchrig: Zwar können andere Nutzer durch das neueste Update nicht mehr sehen, wann man zuletzt im Chat online war, aber die Chats können wohl komplett durch andere Android-Apps ausgelesen werden.
---------------------------------------------
http://www.heise.de/security/meldung/WhatsApp-erweitert-Einstellungen-zur-Privatsphaere-und-bleibt-trotzdem-unsicher-2140499.html


*** iOS 7.1: Innenraumortung iBeacon schwerer abzustellen ***
---------------------------------------------
Nach dem Update auf Apples jüngsten Mobilbetriebssystem reicht es nicht aus, eine Anwendung, die das Indoor-Tracking nutzt, zu schließen - selbst nach einem Geräteneustart funkt iBeacon fleißig weiter.
---------------------------------------------
http://www.heise.de/security/meldung/iOS-7-1-Innenraumortung-iBeacon-schwerer-abzustellen-2140610.html


*** Is it the ISPs Fault if Your Home Broadband Router Gets Hacked? ***
---------------------------------------------
As consumers we have a right to be huffy at our ISPs when something goes wrong. But is the Internet provider still to blame if, as in the recent cases of AAISP and now PlusNet, your home broadband router ends up being hijacked by a DNS redirection exploit?
---------------------------------------------
http://www.ispreview.co.uk/index.php/2014/03/isps-fault-home-broadband-router-gets-hacked.html


*** Blog: Agent.btz: a source of inspiration? ***
---------------------------------------------
The past few days has seen an extensive discussion within the IT security industry about a cyberespionage campaign called Turla, aka Snake and Uroburos, which, according to G-DATA experts, may have been created by Russian special services.
---------------------------------------------
http://www.securelist.com/en/blog/8191/Agent_btz_a_source_of_inspiration


*** Yokogawa CENTUM CS 3000 Vulnerabilities ***
---------------------------------------------
Juan Vazquez of Rapid7 Inc.,a and independent researcher Julian Vilas Diaz have identified several buffer overflow vulnerabilities and released proof-of-concept (exploit) code for the Yokogawa CENTUM CS 3000 application. CERT/CC, NCCIC/ICS-CERT, and JPCERT have coordinated with Rapid7 and Yokogawa to mitigate these vulnerabilities.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01


*** SSA-456423 (Last Update 2014-03-12): Vulnerabilities in SIMATIC S7-1500 CPU ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf


*** VMSA-2014-0002 ***
---------------------------------------------
VMware vSphere updates to third party libraries
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0002.html


*** Apple Safari OSX code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/91654


*** WordPress WP SlimStat Plugin URL Script Insertion Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/57305


*** Bugtraq: CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/531418


*** Vuln: MediaWiki text Prameter HTML Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/65906


*** Vuln: MediaWiki CVE-2014-2242 Cross Site Scripting Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/65910


*** [webapps] - ZyXEL Router P-660HN-T1A - Login Bypass ***
---------------------------------------------
http://www.exploit-db.com/exploits/32204