[CERT-daily] Tageszusammenfassung - Freitag 21-11-2014

Fri Nov 21 18:13:50 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 20-11-2014 18:00 − Freitag 21-11-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Rich Telemetry for Cyber Incident Response and Malicious Code Analysis on Microsoft Windows ***
---------------------------------------------
5..4..3..2..1..launch Earlier this week we launched the first product from the research and development efforts of the NCC Group Security Labs team. NCC Group Security Labs is a combined centre within NCC Group which brings together experts from Security Technical Assurance, Security Research, Cyber Defence Operations and Security Software Development to work on innovative software solutions for real-world cyber security problems. The Problem The world of Cyber Defence Operations involves, in...
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/11/rich-telemetry-for-cyber-incident-response-and-malicious-code-analysis-on-microsoft-windows/


*** Securing Personal Data: ENISA guidelines on Cryptographic solutions ***
---------------------------------------------
ENISA is launching two reports today. The “Algorithms, key size and parameters” report of 2014 is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions for personal data protection within commercial organisations or governmental services for citizens. The “Study on cryptographic protocols” provides an implementation perspective, covering guidelines regarding protocols required to protect commercial online communications containing personal data.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/securing-personal-data-enisa-guidelines-on-cryptographic-solutions


*** Weekly Metasploit Wrapup: Exploiting Mobile Security Software ***
---------------------------------------------
Exploiting Security Software: Android Edition
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/11/21/weekly-metasploit-wrapup


*** VB2014 paper: Sweeping the IP space: the hunt for evil on the Internet ***
---------------------------------------------
Dhia Mahjoub explains how the topology of the AS graph can be used to uncover hotspots of maliciousness.Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added Sweeping the IP space: the hunt for evil on the Internet by OpenDNS researcher Dhia Mahjoub.The Internet is often described as a network of networks. These individual networks are called Autonomous Systems (AS): collections of IPv4 and IPv6 network...
---------------------------------------------
http://www.virusbtn.com/blog/2014/11_21.xml?rss


*** WordPress 4.0.1 Update Patches Critical XSS Vulnerability ***
---------------------------------------------
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.
---------------------------------------------
http://threatpost.com/wordpress-4-0-1-update-patches-critical-xss-vulnerability/109519


*** The Internet of Things (IoT) will fail if security has no context ***
---------------------------------------------
The Internet of Things requires a new way of thinking and acting, one that will protect a business and help it grow.
---------------------------------------------
http://www.scmagazine.com/the-internet-of-things-iot-will-fail-if-security-has-no-context/article/384547/


*** Detekt - Free Anti-Malware Tool To Detect Govt. Surveillance Malware ***
---------------------------------------------
Human rights experts and Privacy International have launched a free tool allowing users to scan their computers for surveillance spyware, typically used by governments and other organizations to spy on human rights activists and journalists around the world. This free-of-charge anti-surveillance tool, called Detekt, is an open source software app released in partnership with Human rights...
---------------------------------------------
http://thehackernews.com/2014/11/detekt-free-anti-malware-tool-to-detect_20.html


*** Most Targeted Attacks Exploit Privileged Accounts ***
---------------------------------------------
Most targeted attacks exploit privileged account access according to a new report commissioned by the security firm CyberArk.
---------------------------------------------
http://threatpost.com/most-targeted-attacks-exploit-privileged-accounts/109514


*** Security Advisory - High severity - WP-Statistics WordPress Plugin ***
---------------------------------------------
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which executes on the administration panel. Patched Version: 8.3.1 If you're using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall product, we discovered...
---------------------------------------------
http://blog.sucuri.net/2014/11/security-advisory-high-severity-wp-statistics-wordpress-plugin.html


*** Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities ***
---------------------------------------------
Description Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities OpenSSL session ticket memory leak (SPL-91947, CVE-2014-3567) TLS protocol enhancements related to POODLE (SPL-92062,CVE-2014-3566) Persistent cross-site scripting (XSS) via Dashboard (SPL-89216, CVE-2014-5466) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product...
---------------------------------------------
http://www.splunk.com/view/SP-CAAANST


*** GNU C Library wordexp() command execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98852


*** PCRE pcre_exec.c buffer overflow ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98854


*** Multiple Huawei HiLink products cross-site request forgery ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/98858


*** Asterisk DB Dialplan Function Lets Remote Authenticated Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1031251


*** Asterisk CONFBRIDGE Lets Remote Authenticated Users Execute Arbitrary System Commands ***
---------------------------------------------
http://www.securitytracker.com/id/1031250


*** Asterisk ConfBridge State Transition Error Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031247


*** Asterisk PJSIP Channel Driver Flaw in res_pjsip_refer Module Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031249


*** Asterisk PJSIP Channel Driver Race Condition Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031248


*** Asterisk PJSIP ACL Bug Lets Remote Users Bypass Access Controls ***
---------------------------------------------
http://www.securitytracker.com/id/1031246


*** HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities ***
---------------------------------------------
Version:1 (rev.1) - 20 June 2014 Initial release 
Version:2 (rev.2) - 20 November 2014 Removed iMC Platform Products, 5900 virtual switch, and Router 8800 products. Further analysis revealed that those products as not vulnerable. Added additional products.
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04347622


*** ZDI-14-385: Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-385/