[CERT-daily] Tageszusammenfassung - Mittwoch 8-04-2015
Daily end-of-shift report
team at cert.at
Wed Apr 8 18:13:29 CEST 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 07-04-2015 18:00 − Mittwoch 08-04-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Gmail Problems Due to Expired Certificate (April 6, 2015) ***
---------------------------------------------
Because Google allowed a servers security certificate to expire, Gmail users experienced problems for several hours on April 4.......
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/17/27/302
*** Aw snap! How hideous HTML can crash Chrome tabs in one click ***
---------------------------------------------
Watch out for drive-by browser bombs - for now, at least A bug in the most recent version of the Chrome allows miscreants to crash browser tabs simply by embedding a link with a malformed URL in the HTML of a page.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/07/chrome_awsnap_vuln/
*** Drive-by-login attack identified and used in lieu of spear phishing campaigns ***
---------------------------------------------
A new attack, drive-by-logins, allows attackers to target specific victims on sites they trust.
---------------------------------------------
http://www.scmagazine.com/high-tech-bridge-identifies-new-attack-method-possibly-used-by-apts/article/407805/
*** Nuclear Exploit-Kit mit Google Ads ausgeliefert ***
---------------------------------------------
Googles Werbebanner lieferten für mehrere Stunden ein gefährliches Exploit-Kit aus, das die Rechner vieler nichtsahnender Opfer mit Schadcode infiziert haben könnte.
---------------------------------------------
http://heise.de/-2596908
*** Most top corporates still Heartbleeding over the internet ***
---------------------------------------------
Australia crowned global head-in-sand champion A depressing 76 percent of the top 2000 global organisations have public facing systems still exposed to Heartbleed, researchers say.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/08/still_bleeding_one_year_laterheartbleed_2015_research/
*** Your home automation things are a security nightmare ***
---------------------------------------------
Veracode tests leave lazy devs red-faced Its not just home broadband routers that have hopeless security: according to security outfit Veracode, cloudy home automation outfits also need to hang their collective heads in shame.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/08/your_home_automation_things_are_a_security_nightmare/
*** Why cybersecurity is vital during the vendor selection process ***
---------------------------------------------
You likely have a list of criteria to check through during the hiring process of a vendor, but if you havent added cybersecurity standards to that list, you should.
---------------------------------------------
http://www.scmagazine.com/why-cybersecurity-is-vital-during-the-vendor-selection-process/article/405711/
*** l+f: Updated euer WordPress oder ISIS kommt! ***
---------------------------------------------
Das FBI schlägt Alarm: Sympathisanten des Islamischen Staates hacken haufenweise WordPress-Seiten.
---------------------------------------------
http://heise.de/-2596912
*** Guide outlines specifications of smart card-based PACS ***
---------------------------------------------
Smart cards are increasingly accepted as the credential of choice for securely authenticating identity, determining appropriate levels of information access and controlling physical access. To furt...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18179
*** A flawed ransomware encryptor ***
---------------------------------------------
Last autumn, we discovered the first sample of an interesting new encryptor, TorLocker. The Trojan encrypts all files with AES-256 + RSA-2048 and uses the Tor network to contact its "owners".
---------------------------------------------
http://securelist.com/blog/research/69481/a-flawed-ransomware-encryptor/
*** New Tor version fixes issues that can crash hidden services and clients ***
---------------------------------------------
Two new versions of the Tor anonymity software have been released on Tuesday, with fixes for two security issues that can be exploited to crash hidden services and clients visiting them. The first ...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18180
*** Don't judge the risk by the logo ***
---------------------------------------------
It's been almost a year since the OpenSSL Heartbleed vulnerability, a flaw which started a trend of the branded vulnerability, changing the way security vulnerabilities affecting open-source software are being reported and perceived. Vulnerabilities are found and fixed all the...
---------------------------------------------
https://securityblog.redhat.com/2015/04/08/dont-judge-the-risk-by-the-logo/
*** NTP Project ntpd reference implementation contains multiple vulnerabilities ***
---------------------------------------------
NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks.
---------------------------------------------
https://www.kb.cert.org/vuls/id/374268
*** Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products ***
---------------------------------------------
cisco-sa-20150408-ntpd
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
*** Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability ***
---------------------------------------------
cisco-sa-20150408-cxfp
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp
*** Multiple Vulnerabilities in Cisco ASA Software ***
---------------------------------------------
cisco-sa-20150408-asa
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa
*** HPSBHF03310 rev.1 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code ***
---------------------------------------------
Potential security vulnerabilities have been identified with certain HP Thin Clients running Windows Embedded Standard 7 (WES7) and Windows Embedded Standard 2009 (WES09) and all versions of HP Easy Deploy. The vulnerabilities could be exploited remotely to allow elevation of privilege and execution of code.
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04629160
*** SSA-487246 (Last Update 2015-04-08): Vulnerabilities in SIMATIC HMI Devices ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf
*** FreeBSD IPv6 Router Advertisement Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1032043
*** DSA-3214 mailman - security update ***
---------------------------------------------
A path traversal vulnerability was discovered in Mailman, the mailinglist manager. Installations using a transport script (such aspostfix-to-mailman.py) to interface with their MTA instead of staticaliases were vulnerable to a path traversal attack. To successfullyexploit this, an attacker needs write access on the local file system.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3214
More information about the Daily
mailing list