[CERT-daily] Tageszusammenfassung - Freitag 10-04-2015

Daily end-of-shift report team at cert.at
Fri Apr 10 18:45:21 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 09-04-2015 18:00 − Freitag 10-04-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Beebone: FBI und Europol legen Wurm-Netz lahm ***
---------------------------------------------
Das interessante am ausgeschalteten Beebone-Botnetz ist der Schädling dahinter: Es handelt sich um einen Downloader, der anderen Unrat nachlädt, sich selber weiter verbreitet und dabei ständig mutiert.
---------------------------------------------
http://heise.de/-2598111




*** How To Create a Website Backup Strategy ***
---------------------------------------------
We've all heard it million times before - backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-utilized precautions we can take to protect our vital data. Why are backups so important Put simply, a good set of backups can save your website when absolutely everythingRead More
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/II8TR_qV6OA/how-to-create-a-website-backup-strategy.html




*** 122 online forums compromised to redirect visitors to Fiesta exploit kit ***
---------------------------------------------
Over a hundred forum websites have been compromised and injected with code that redirects users to sites hosting the Fiesta exploit kit, Cyphort researchers have found. These are not highly popular...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/4VryRaL3aoc/malware_news.php




*** Don't Be Fodder for China's "Great Cannon" ***
---------------------------------------------
China has been actively diverting unencrypted Web traffic destined for its top online search service -- Baidu.com -- so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/-n1M-QyvCoA/




*** Cisco and Level 3 team up to squash brute force server hijackers ***
---------------------------------------------
#DownWithSSHPsychos Cisco and service provider Level 3 have teamed up take down netblocks linked to brute-force hack kingpins SSHPsychos, severely degrading (but not destroying) the groups potential to hack servers in the process.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/10/sshpsychos_botnet_takedown/




*** In eigener Sache: Wartungsarbeiten 16. 4. 2015 ***
---------------------------------------------
In eigener Sache: Wartungsarbeiten 16.4.2015 | 10. April 2015 | Am Donnerstag, 16. April 2015, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies kann zu kurzen Service-Ausfällen führen (jeweils im Bereich weniger Minuten). Es gehen dabei keine Daten (zb Emails) verloren, es kann sich nur die Bearbeitung etwas verzögern. In dringenden Fällen können sie uns wie gewohnt telefonisch unter +43 1 505 64 16 78 erreichen.
---------------------------------------------
http://www.cert.at/services/blog/20150410112411-1466.html




*** Cisco Aggregate Services Router 9000 ASR9K Security Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38292




*** Red Hat JBoss XML External Entity Expansion Flaw Lets Remote Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1032017




*** VMSA-2015-0003.1 ***
---------------------------------------------
VMware product updates address critical information disclosure issue in JRE
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0003.html




*** f5 Security Advisories ***
---------------------------------------------
*** Security Advisory: FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16380.html?ref=rss

*** Security Advisory: Linux kernel vulnerability CVE-2014-9683 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16381.html?ref=rss

*** Security Advisory: OpenSSL vulnerability CVE-2012-2110 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/200/sol16285.html?ref=rss

*** Security Advisory: Linux file utility vulnerabilities CVE-2014-8116 / CVE-2014-8117 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16347.html?ref=rss

*** Security Advisory: GnuPG vulnerability CVE-2013-4576 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16396.html?ref=rss

*** Security Advisory: Linux RPM vulnerability CVE-2013-6435 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16383.html?ref=rss

*** Security Advisory: Multiple MySQL vulnerabilities ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16389.html?ref=rss

*** Security Advisory: NTP vulnerability CVE-2014-9297 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16392.html?ref=rss

*** Security Advisory: Python vulnerability CVE-2006-4980 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16398.html?ref=rss

*** Security Advisory: Multiple MySQL vulnerabilities ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16385.html?ref=rss

*** Security Advisory: NTP vulnerability CVE-2014-9298 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16393.html?ref=rss

*** Security Advisory: Apache Tomcat vulnerability CVE-2014-0227 ***
https://support.f5.com:443/kb/en-us/solutions/public/16000/300/sol16344.html?ref=rss




*** DFN-CERT-2015-0483 - F5 Networks BIG-IP Protocol Security Module (PSM), F5 Networks BIG-IP Systeme: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ***
---------------------------------------------
08.04.2015
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0483/




*** DFN-CERT-2015-0318 - IBM Java, IBM Notes, IBM Domino: Mehrere Schwachstellen ermöglichen die Übernahme der Systemkontrolle ***
---------------------------------------------
10.03.2015
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-0318/




*** Security_Advisory-Xen Vulnerabilities on Huawei FusionSphere products ***
---------------------------------------------
Apr 10, 2015 10:12
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm




*** [2015-04-10] Unauthenticated Local File Disclosure in multiple TP-LINK products ***
---------------------------------------------
Attackers can read sensitive configuration files without prior authentication on multiple TP-LINK devices. These files e.g. include the administrator credentials and the WPA passphrase.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt


More information about the Daily mailing list