[CERT-daily] Tageszusammenfassung - Mittwoch 22-10-2014

Wed Oct 22 18:11:31 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 21-10-2014 18:00 − Mittwoch 22-10-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Security Advisory 3010060 released ***
---------------------------------------------
Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file. As part of this Security Advisory, we have included an easy, one-click Fix it solution to address the known cyberattack. Please review the...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/10/21/security-advisory-3010060-released.aspx


*** Android NFC hack allow users to have free rides in public transportation ***
---------------------------------------------
More and more people keep talking about the feature of payments via NFC. The problem in this particular case is that somebody reversed the "Tarjeta BIP!" cards and found a means to re-charge them for free.
---------------------------------------------
http://securelist.com/blog/virus-watch/67283/android-nfc-hack-allow-users-to-have-free-rides-in-public-transportation/


*** SSL-Verschlüsselung: Noch viel Arbeit für Mail-Provider und Banken ***
---------------------------------------------
heise Security hat getestet und festgestellt, dass einige Mail-Provider bereits auf die jüngsten Angriffe auf Verschlüsselung reagiert haben - aber längst nicht alle. Schlimmer noch sieht es bei den Servern für das Online-Banking via HBCI aus.
---------------------------------------------
http://www.heise.de/security/meldung/SSL-Verschluesselung-Noch-viel-Arbeit-fuer-Mail-Provider-und-Banken-2429414.html


*** Malvertising Payload Targets Home Routers ***
---------------------------------------------
A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario the attackers embedded iFrames to do the heavy lifting, the short fall with this method is they require a website to inject the iFrame. As is often the case, tacticsRead More
---------------------------------------------
http://blog.sucuri.net/2014/10/malvertising-payload-targets-home-routers.html


*** Gezielte Angriffe über Onlinewerbung ***
---------------------------------------------
Datendiebe haben offenbar mit manipulierter Onlinewerbung Rüstungs- und Luftfahrtkonzerne angegriffen. Die Werbung konnte über das so genannte Real Time Bidding gezielt platziert werden.
---------------------------------------------
http://www.golem.de/news/phishing-gezielte-angriffe-ueber-onlinewerbung-1410-110014-rss.html


*** Netzangriffe: DDoS-Botnetz weitet sich ungebremst aus ***
---------------------------------------------
Ein kürzlich entdecktes Botnetz für DDoS-Angriffe breitet sich nach Angaben von Experten ungehemmt aus. Inzwischen seien auch Windows-Server gefährdet. Der Zweck der darüber gefahrenen Angriffe bleibt aber unklar.
---------------------------------------------
http://www.golem.de/news/netzangriffe-ddos-botnetz-weitet-sich-ungebremst-aus-1410-110024-rss.html


*** Hostile Subdomain Takeover using Heroku/Github/Desk + more ***
---------------------------------------------
Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service providers and multiple domains are affected. Find out if you are one of them by using our quick tool, or go through your DNS-entries and remove all which are active and unused OR pointing to External Services which you do not use anymore.
---------------------------------------------
http://blog.detectify.com/post/100600514143/hostile-subdomain-takeover-using-heroku-github-desk


*** TYPO3 CMS 4.5.37, 4.7.20, 6.1.12 and 6.2.6 released ***
---------------------------------------------
IMPORTANT: These versions include important security fixes to the TYPO3 core. A security announcement has just been released: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/
---------------------------------------------
https://typo3.org/news/article/typo3-cms-4537-4720-6112-and-626-released/


*** Security_Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products ***
---------------------------------------------
Oct 21, 2014 20:23
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-376152.htm


*** IBM Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere MQ, IBM WebSphere MQ Internet Pass-Thru and IBM Mobile Messaging and M2M Client Pack (CVE-2014-3566) ***
---------------------------------------------
SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere MQ.  CVE(s): CVE-2014-3566  Affected product(s) and affected version(s):  The vulnerability affects all versions and releases of IBM WebSphere MQ, IBM WebSphere MQ Internet Pass-Thru and IBM Mobile Messaging and M2M Client Pack.   ---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_websphere_mq_ibm_websphere_mq_internet_pass_thru_and_ibm_mobile_messaging_and_m2m_client_pack_cve_2014_3566?lang=en_us


*** Bugtraq: FreeBSD Security Advisories ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533773
http://www.securityfocus.com/archive/1/533772
http://www.securityfocus.com/archive/1/533771
http://www.securityfocus.com/archive/1/533770


*** Bugtraq: File Manager v4.2.10 iOS - Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533778


*** Files Document & PDF Reader for iOS Ordner Erstellen code execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/97698