[CERT-daily] Tageszusammenfassung - Freitag 28-11-2014

Fri Nov 28 18:05:13 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 27-11-2014 18:00 − Freitag 28-11-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Syrian Electronic Army attack leads to malvertising, (Thu, Nov 27th) ***
---------------------------------------------
A number of online services were impacted by what has been referred to by multiple sources as a redirection attack by Syrian Electronic Army (SEA) emanating from the Gigya CDN. Gigya explained the issue as follows: Gigya explained that earlier today at 06:45 EST, it noticed sporadic failures with access to our service. The organization than found a breach at its domain registrar, with the hackers modifying DNS entries and pointing them away from Gigyas CDN domain, instead redirecting to their...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19001&rss


*** Worlds best threat detection pwned by HOBBIT ***
---------------------------------------------
Forget nation-states, BAB0 is the stuff of savvy crims Some of the worlds best threat detection platforms have been bypassed by custom malware in a demonstration of the fallibility of single defence security.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/28/malware_crushes_advanced_threat_systems_study/


*** ENISA publishes the first framework on how to evaluate National Cyber Security Strategies ***
---------------------------------------------
ENISA issues today an Evaluation Framework on National Cyber Security Strategies (NCSS) addressed to policy experts and government officials who design, implement and evaluate an NCSS policy. This work is strongly aligned with the EU Cyber Security Strategy (EU CSS) and aims to assist Member States in developing capabilities in the area of NCSS.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/enisa-publishes-the-first-framework-on-how-to-evaluate-national-cyber-security-strategies


*** CryptoPHP: Hinterlistiger Schadcode hat zehntausende Server infiziert ***
---------------------------------------------
Der Schädling versteckt sich in raubkopierten Themes und Plug-ins für die Content-Management-Systeme Drupal, WordPress und Joomla. Einmal infiziert, wird der Server Teil eines Botnetzes, das Such-Rankings manipuliert. Zum Schaden der eigenen Seite.
---------------------------------------------
http://www.heise.de/newsticker/meldung/CryptoPHP-Hinterlistiger-Schadcode-hat-zehntausende-Server-infiziert-2467962.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Kritische Updates für Siemens-Industriesteuerungen ***
---------------------------------------------
Ein Update soll kritisches Sicherheitslücken in der Software Simatic WinCC schließen, die als Kontrollzentrum für die Überwachung und Steuerung industrieller Anlagen zum Einsatz kommt. Allerdings gibt es das Update noch nicht für alle Versionen.
---------------------------------------------
http://www.heise.de/security/meldung/Kritische-Updates-fuer-Siemens-Industriesteuerungen-2468032.html


*** Economic Failures of HTTPS Encryption ***
---------------------------------------------
Interesting paper: "Security Collapse of the HTTPS Market." From the conclusion: Recent breaches at CAs have exposed several systemic vulnerabilities and market failures inherent in the current HTTPS authentication model: the security of the entire ecosystem suffers if any of the hundreds of CAs is compromised (weakest link); browsers are unable to revoke trust in major CAs ("too big to...
---------------------------------------------
https://www.schneier.com/blog/archives/2014/11/economic_failur.html


*** Fehler in H.264-Plugin könnte Firefox-Nutzer betreffen ***
---------------------------------------------
[...] In dem dazugehörigen Bugreport bei Mozilla schreibt der Cisco-Angestellte Ethan Hugg, dass der Fehler in keiner Version des bisher für Firefox bereitgestellten OpenH.264-Moduls vorhanden ist. Noch führen die Mozilla-Hacker den Fehler allerdings nicht als offiziell behoben. 

Nachtrag vom 28. November 2014, 13:10 Uhr
Laut Cisco sind Firefox-Nutzer nicht betroffen, wir haben den Artikel entsprechend angepasst.
---------------------------------------------
http://www.golem.de/news/cisco-fehler-in-h-264-plugin-betrifft-alle-firefox-nutzer-1411-110829.html


*** Bugtraq: Defense in depth -- the Microsoft way (part 22): no DEP in Windows filesystem (and ASLR barely used) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534109