[CERT-daily] Tageszusammenfassung - Dienstag 11-11-2014

Tue Nov 11 18:05:48 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 10-11-2014 18:00 − Dienstag 11-11-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability ***
---------------------------------------------
A vulnerability in the Remote Mobile Access Subsystem in Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to supply a crafted Transport Layer Security (TLS) certificate that may be accepted by the affected device. The vulnerability is due to improper validation of the SAN field of a TLS certificate. An attacker could exploit this vulnerability by impersonating a VCS core device and supplying a certificate signed by a certificate authority trusted by the Cisco Unified CM that contains crafted values in the SAN field.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991


*** Lessons Learn from attacks on Kippo honeypots, (Mon, Nov 10th) ***
---------------------------------------------
A number of my fellow Handlers have discussed Kippo, a SSH honeypot that can record adversarial behaviour, be it human or machine. Normal behaviour against my set of Kippo honeypots is randomly predictable; a mixture of known bad IP ranges, researchers or from behind TOR scanning and probing, would be attackers manually entering information from their jump boxes ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18935


*** Hackerangriff auf US-Post ***
---------------------------------------------
Der staatliche US Postal Service ist Opfer eines Hackerangriffs geworden. Dabei hätten die Angreifer möglicherweise Zugriff auf persönliche Daten von mehr als 800.000 Beschäftigten sowie von Kunden erhalten, die den Kundendienst per Mail oder Telefon kontaktiert hätten, teilte das Unternehmen ..
---------------------------------------------
http://derstandard.at/2000007973390


*** iOS: Schwachstelle erlaubt Installation manipulierter Apps ***
---------------------------------------------
Zum zweiten Mal innerhalb weniger Tage entdeckten Datenexperten eine potenzielle Angriffsmethode für Malware in Apples mobilem Betriebssystem iOS. Die IT-Sicherheitsfirma Fireeye warnt vor einer Infizierung von iPhones oder iPads mit einer Methode namens Masque Attack, die auch ohne Jailbreak funktioniert. Dabei ..
---------------------------------------------
http://www.golem.de/news/ios-schwachstelle-erlaubt-installation-manipulierter-apps-1411-110448-rss.html


*** Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong's Pro-Democracy Movement ***
---------------------------------------------
As the pro-democracy movement in Hong Kong has continued, we've been watching for indications of confrontation taking place in cyberspace. Protests began in September and have continued to escalate. In recent weeks, attackers have launched ..
---------------------------------------------
http://www.fireeye.com/blog/technical/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html


*** Old-time phishing scams are working just fine, Google finds ***
---------------------------------------------
A new Google study has found that the true masterpieces of phishing are successful 45% of the time. Its just another example of how phishers may be old dogs, but they can sure learn new tricks.
---------------------------------------------
http://nakedsecurity.sophos.com/2014/11/11/old-time-phishing-scams-are-working-just-fine-google-finds/


*** Stuxnet: Zero Victims ***
---------------------------------------------
We collected Stuxnet files for two years. After analyzing more than 2,000 of these files, we were able to identify the organizations that were the first victims of the worms different variants in 2009 and 2010. Perhaps an analysis of their activity can explain why they became "patients zero" (the original, or zero, victims).
---------------------------------------------
http://securelist.com/analysis/publications/67483/stuxnet-zero-victims/


*** Important EMET 5.1 Update. Apply before Patches today, (Tue, Nov 11th) ***
---------------------------------------------
Microsoft yesterday release EMET 5.1 . One particular sentence in Microsofts blog post suggests that you should apply this update (if you are using EMET) BEFORE you apply the Interent Explorer patch Microsoft is going to release in a couple of hours:  ">If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18939