[CERT-daily] Tageszusammenfassung - Dienstag 18-11-2014

Daily end-of-shift report team at cert.at
Tue Nov 18 18:19:40 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 17-11-2014 18:00 − Dienstag 18-11-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Out-of-band release for Security Bulletin MS14-068 ***
---------------------------------------------
On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows. We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/11/18/out-of-band-release-for-security-bulletin-ms14-068.aspx




*** VB2014 paper: Optimized mal-ops. Hack the ad network like a boss ***
---------------------------------------------
Why buying ad space makes perfect sense for those wanting to spread malware.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Optimized mal-ops. Hack the ad network like a boss by Bromium researchers Vadim Kotov and Rahul Kashyap.Malicious advertisements (malvertising) go back more than a decade, yet in recent months we have seen a surge in these attacks, including the Kyle and Stan campaign, which...
---------------------------------------------
http://www.virusbtn.com/blog/2014/11_18.xml?rss




*** l+f: Lücken bei BitTorrent Sync ***
---------------------------------------------
Ein Security-Audit hat eine Reihe kleinerer und größerer Lücken im Filesharing-Dienst gefunden.
---------------------------------------------
http://www.heise.de/security/meldung/l-f-Luecken-bei-BitTorrent-Sync-2459851.html




*** Matsnu Botnet DGA Discovers Power of Words ***
---------------------------------------------
The Matsnu botnet has deployed a new domain generation algorithm that builds domain names from a list of nouns and verbs. The plain English phrases help the DGA elude detection.
---------------------------------------------
http://threatpost.com/matsnu-botnet-dga-discovers-power-of-words/109426




*** Cisco Releases Security Analytics Framework to Open Source ***
---------------------------------------------
Ciscos OpenSOC, a security analytics framework, has been released to open source.
---------------------------------------------
http://threatpost.com/cisco-releases-security-analytics-framework-to-open-source/109415




*** The NSAs Efforts to Ban Cryptographic Research in the 1970s ***
---------------------------------------------
New article on the NSAs efforts to control academic cryptographic research in the 1970s. It includes new interviews with public-key cryptography inventor Martin Hellman and then NSA-director Bobby Inman....
---------------------------------------------
https://www.schneier.com/blog/archives/2014/11/the_nsas_effort.html




*** Flashpack Exploit Kit Used in Free Ads, Leads to Malware Delivery Mechanism ***
---------------------------------------------
In the entry FlashPack Exploit Leads to New Family of Malware, we tackled the Flashpack exploit kit and how it uses three URLs namely (http://{malicious domain}/[a-z]{3}[0-9]{10,12}/loxotrap.php, http://{malicious domain}/[0-9,a-z]{6,10}/load0515p6jse9.php, http://{malicious domain}/[a-z]{3}[0-9]{10,12}/ldcigar.php) as its landing site. We monitored the abovementioned URLs and found out that the FlashPack exploit kit is now using free ads to distribute malware such as...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-FQFl818dVo/




*** IT threat evolution Q3 2014 ***
---------------------------------------------
Kaspersky Lab products detected and neutralized a total of 1,325,106,041 threats in the third quarter of 2014. Our solutions blocked 696,977 attacks that attempted to launch malware capable of stealing money from online banking accounts. Were detected 74,489 new malicious mobile programs, including 7010 mobile banking Trojans.
---------------------------------------------
http://securelist.com/analysis/quarterly-malware-reports/67637/it-threat-evolution-q3-2014/




*** Microsofts SChannel-Fix wird zum Problem-Patch ***
---------------------------------------------
Microsoft hat bestätigt, dass der Patch für die Krypto-Funktion von Windows auf Servern zu Problemen führt. Es soll sowohl SQL Server als auch IIS beeinträchtigen. Das Update wird aber nach wie vor verteilt.
---------------------------------------------
http://www.heise.de/security/meldung/Microsofts-SChannel-Fix-wird-zum-Problem-Patch-2459375.html




*** Cisco IOS DLSw Information Disclosure Vulnerability ***
---------------------------------------------
CVE-2014-7992
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7992




*** Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
CVE-2014-7996
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7996




*** Vuln: Check Point Security Gateway Multiple Denial of Service Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/67993




*** Rails Action Pack Bug Lets Remote Users Determine if Specified Files Exist on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1031217




*** Moodle Bugs Permit Cross-Site Scripting, Cross-Site Request Forgery, and Information Disclosure Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1031215




*** Tcpdump Multiple Flaws Let Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031235




*** Xen Security Advisory 110 (CVE-2014-8595) - Missing privilege level checks in x86 emulation of far branches ***
---------------------------------------------
The emulation of far branch instructions (CALL, JMP, and RETF in Intel assembly syntax, LCALL, LJMP, and LRET in AT&T assembly syntax) incompletely performs privilege checks.
---------------------------------------------
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00001.html




*** Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls ***
---------------------------------------------
MMU update operations targeting page tables are intended to be used on PV guests only. The lack of a respective check made it possible for such operations to access certain function pointers which remain NULL when the target guest is using Hardware Assisted Paging (HAP).
---------------------------------------------
http://lists.xen.org/archives/html/xen-announce/2014-11/msg00002.html




*** Apple Security Advisories ***
---------------------------------------------
APPLE-SA-2014-11-17-1 iOS 8.1.1
APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1
APPLE-SA-2014-11-17-3 Apple TV 7.0.2
---------------------------------------------
http://support.apple.com/kb/HT1222




*** IBM Security Bulletins related to a Vulnerability in SSLv3 (POODLE) ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_tivoli_netcool_service_quality_manager_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_websphere_transformation_extender_secure_adapter_collection_vulnerabilities_rsa_bsafe_c_cve_2014_4191_cve_2014_4192_and_sslv3_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_automation_framework_security_advisory_cve_2014_3566?lang=en_us




*** Other IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_ibm_db2_for_linux_unix_and_windows_affects_ibm_puredata_system_for_transactions_cve_2014_6159?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smartcloud_orchestrator_keystone_v2_trusts_privilege_escalation_through_user_supplied_project_id_cve_2014_3520?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_smartcloud_orchestrator_keystone_privilege_escalation_through_trust_chained_delegation_cve_2014_3476?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_ibm_business_process_manager_bpm_documentstore_administration_cve_2014_0107_cve_2014_4763?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_openssl_affect_ibm_tivoli_composite_application_manager_for_transactions_cve_2014_3513_cve_2014_3567?lang=en_us


More information about the Daily mailing list