[CERT-daily] Tageszusammenfassung - Montag 8-09-2014

Mon Sep 8 18:09:33 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 05-09-2014 18:00 − Montag 08-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Apple IDs targeted by Kelihos botnet phishing campaign ***
---------------------------------------------
Botnet targets Apple customers, launching phishing email campaign to lure victims into disclosing their Apple IDs and passwords.  Days after numerous celebrities were found to have their iCloud accounts compromised, a major botnet has turned its attention to Apple customers, launching a phishing email campaign ..
---------------------------------------------
http://www.symantec.com/connect/blogs/apple-ids-targeted-kelihos-botnet-phishing-campaign


*** USB firmware: An upcoming threat for home and enterprise users ***
---------------------------------------------
Every year, thousands of hackers and security researchers from around the world descend on Las Vegas to attend the annual Black Hat security conference. The conference boasts top notch security presentations from industry leaders - often centered on breaking computer security. Although many of the presentations are on breaking things, most of the ..
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/09/02/usb-firmware-an-upcoming-threat-for-home-and-enterprise-users.aspx


*** Stupid Spammer Tricks - Reversing Characters ***
---------------------------------------------
Spammers engaged in phishing attacks constantly try to get their emails past spam filters. They try many different tactics, and these can include taking advantage of HTML coding characteristics. These HTML tricks can make the email look normal when rendered in a mail client, but the actual ..
---------------------------------------------
http://blog.spiderlabs.com/2014/09/stupid-spammer-tricks-reversing-characters.html


*** Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted ***
---------------------------------------------
Mozilla has deprecated 1024-bit RSA certificate authority certificates in Firefox 32 and Thunderbird. While there are pluses to the move such as a requirement for longer, stronger keys, at least 107,000 websites will no longer be trusted by Mozilla. Data from HD Moores Project Sonar, which ..
---------------------------------------------
http://it.slashdot.org/story/14/09/05/2120246/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted


*** Cisco Integrated Management Controller SSH Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3348


*** Nuclear Exploit Kit and Flash CVE-2014-0515 ***
---------------------------------------------
For this blog, wed like to walk you through a recent attack involving Nuclear Exploit Kit (EK) that we analyzed. It was found leveraging CVE-2014-0515, a buffer overflow in Adobe Flash Player discovered in April 2014. Nuclear Exploit kit ..
---------------------------------------------
http://research.zscaler.com/2014/09/nuclear-exploit-kit-and-flash-cve-2014.html


*** WPS-Sicherheitslücke: Wahrscheinlich wenige Router betroffen ***
---------------------------------------------
Auf Anfrage von heise Netze haben sich einige Hersteller von in Deutschland verbreiteten Routern zur Sicherheitslücke in WPS-PIN geäussert, bei der sich die Zugangsnummer offline errechnen lässt.
---------------------------------------------
http://www.heise.de/security/meldung/WPS-Sicherheitsluecke-Wahrscheinlich-wenige-Router-betroffen-2356535.html


*** Popular Photo Sharing Website Likes.com Vulnerable To Multiple Critical Flaws ***
---------------------------------------------
Likes.com, one of the emerging social networking site and popular image browsing platform, is found vulnerable to several critical vulnerabilities that could allow an attacker to completely delete users' account in just one click. Likes.com is a social networking website that helps you to connect ..
---------------------------------------------
http://thehackernews.com/2014/09/popular-photo-sharing-website.html


*** Demasking Google Users With a Timing Attack ***
---------------------------------------------
A 3rd party site can determine if a website viewer has access to a particular Google Drive document. ... How it works: The attack is straightforward. A malicious page repeatedly instantiates an image whose source points at the URL of a Google Drive document. If that document is viewable by the ..
---------------------------------------------
http://blog.andrewcantino.com/blog/2014/09/04/demasking-google-users-with-a-timing-attack/


*** Bugtraq: [security bulletin] HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Execution of Arbitrary Code and Denial of Service (DoS) and Other Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533370


*** iCloud: Apple verschickt neue Warnhinweise ***
---------------------------------------------
Nach den aus iCloud-Accounts entwendeten Promi-Nacktfotos hat Apple damit begonnen, neue Benachrichtigungen zu versenden, wenn auf den Cloud-Dienst zugegriffen wird. Weitere Schutzfunktionen sind angekündigt.
---------------------------------------------
http://www.heise.de/security/meldung/iCloud-Apple-verschickt-neue-Warnhinweise-2369771.html