[CERT-daily] Tageszusammenfassung - Dienstag 21-10-2014

Daily end-of-shift report team at cert.at
Tue Oct 21 18:10:27 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 20-10-2014 18:00 − Dienstag 21-10-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Apple Multiple Security Updates, (Mon, Oct 20th) ***
---------------------------------------------
Apple released security update today for iOS 8 and Apple TV 7. iOS 8.1 (APPLE-SA-2014-10-20-1 iOS 8.1) is now available for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later, to addresses the following: Bluetooth CVE-2014-4448 House Arrest CVE-2014-4448 iCloud Data Access CVE-2014-4449 Keyboards CVE-2014-4450 Secure Transport CVE-2014-3566 Apple TV 7.0.1 (APPLE-SA-2014-10-20-2 Apple TV 7.0.1) is now available for Apple TV 3rd generation and later, to address the...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18857&rss




*** Palo Alto Networks boxes spray firewall creds across the net ***
---------------------------------------------
Crummy configurations to blame, Moore hardening offered as remedy Misconfigured user identities for Palo Alto Networks firewalls are leaking onto the public web potentially exposing customer services including VPN and webmail, says security luminary HD Moore.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/10/21/palo_alto_customers_spray_net_with_firewall_creds/




*** Download-Sicherheit: Blackberry muss App-Store nachbessern ***
---------------------------------------------
Wegen fehlender Sicherung der Downloads aus Blackberry World, dem offiziellen App Store für alle Blackberry-10-Modelle, hätte ein Angreifer ganz leicht Schadsoftware auf die Geräte schmuggeln können.
---------------------------------------------
http://www.heise.de/security/meldung/Download-Sicherheit-Blackberry-muss-App-Store-nachbessern-2428839.html




*** CSAM Month of False Positives: Ghosts in the Pentest Report, (Tue, Oct 21st) ***
---------------------------------------------
As part of most vulnerability assessments and penetration tests against a website, we almost always run some kind of scanner. Burp (commercial) and ZAP (free from OWASP) are two commonly used scanners. Once youve done a few website assessments, you start to get a feel for what pages and fields are likely candidates for exploit. But especially if its a vulnerability assessment, where youre trying to cover as many issues as possible (and exploits might even be out of scope), its always a safe bet
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18861&rss




*** Delivering Malicious Android Apps Hidden In Image Files ***
---------------------------------------------
An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/mKMqgWAvhIM/story01.htm




*** Google Adds Hardware Security Key For Account Protection ***
---------------------------------------------
Google is introducing an improved two-factor authentication system for Gmail and its other services that uses a tiny hardware token that will only work on legitimate Google sites. The new Security Key system is meant to help defeat attacks that rely on highly plausible fake sites that are designed to capture users' credentials. Attackers often go...
---------------------------------------------
http://threatpost.com/google-adds-hardware-security-key-for-account-protection/108943




*** R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities ***
---------------------------------------------
In the summer of 2014, Rapid7 Labs started scanning the public Internet for NAT-PMP as part of Project Sonar.  NAT-PMP is a protocol implemented by many SOHO-class routers and networking devices that allows firewall and routing rules to be manipulated to enable internal, assumed trusted users behind a NAT device to allow external users to access internal TCP and UDP services for things like Apple's Back to My Mac and file/media sharing services.
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/10/21/r7-2014-17-nat-pmp-implementation-and-configuration-vulnerabilities




*** Denial-of-service attacks - short but strong ***
---------------------------------------------
DDoS amplification attacks continue to increase as attackers experiment with new protocols.   Summary:    DDoS amplification attacks continue to increase as attackers experiment with new protocols.  read more
---------------------------------------------
http://www.symantec.com/connect/blogs/denial-service-attacks-short-strong




*** [R1] SSLv3 Protocol Vulnerability Affects Tenable Products (POODLE) ***
---------------------------------------------
October 19, 2014
---------------------------------------------
http://www.tenable.com/security/tns-2014-09




*** Vuln: Zend Framework CVE-2014-8088 Authentication Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/70378




*** DSA-3054 mysql-5.5 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3054




*** Asterisk SSL 3.0 Protocol Downgrade Flaw Lets Remote Users Decrypt SSL Traffic ***
---------------------------------------------
http://www.securitytracker.com/id/1031078




*** HP Security Bulletins ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533732
http://www.securityfocus.com/archive/1/533733
http://www.securityfocus.com/archive/1/533736
http://www.securityfocus.com/archive/1/533737
http://www.securityfocus.com/archive/1/533738
http://www.securityfocus.com/archive/1/533739
http://www.securityfocus.com/archive/1/533740
http://www.securityfocus.com/archive/1/533742
http://www.securityfocus.com/archive/1/533754


More information about the Daily mailing list