[CERT-daily] Tageszusammenfassung - Dienstag 21-04-2015

Tue Apr 21 18:09:54 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 20-04-2015 18:00 − Dienstag 21-04-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** JavaScript CPU cache snooper tells crooks EVERYTHING you do online ***
---------------------------------------------
New research sends browser kingpins scurrying for fixes Four Cornell University boffins reckon they can spy on keystrokes and mouse clicks in a web browser tab by snooping on the PCs processor caches.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/04/21/cache_creeps_can_spy_on_web_histories_for_80_of_net_users/


*** New fileless malware found in the wild ***
---------------------------------------------
Since the discovery of the Poweliks fileless Trojan in August 2014, researchers have been expecting other similar malware to pop up. The wait over: Phasebot malware, which also has fileless infecti...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/fLPIj0uz1VY/malware_news.php


*** Cross-Site-Scripting: Zahlreiche Wordpress-Plugins verwenden Funktion fehlerhaft ***
---------------------------------------------
Eine schlecht dokumentierte Funktion der Wordpress-API ist von zahlreichen populären Plugins fehlerhaft verwendet worden. Der Fehler führt zu Cross-Site-Scripting-Lücken: Betroffen sind unter anderem das Jetpack-Plugin, die Plugins von Yoast und das All-in-one-SEO-Plugin.
---------------------------------------------
http://www.golem.de/news/cross-site-scripting-zahlreiche-wordpress-plugins-verwenden-funktion-fehlerhaft-1504-113636-rss.html


*** 2nd workshop on National Cyber Security Strategies: 13th May ***
---------------------------------------------
ENISA and the Latvian Ministry of Defence are hosting on the 13th of May 2015, the 2nd workshop on National Cyber Security Strategies in Riga, during the Presidency of the Council of the European Union.
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/2nd-workshop-on-national-cyber-security-strategies-13th-may


*** Fehlerhafte Netzwerkbibliothek macht iOS-Apps angreifbar ***
---------------------------------------------
Durch einen Bug in der Bibliothek AFNetwork kann man die verschlüsselten Verbindungen zahlreicher Apps angreifen, die sie einsetzen. Eine Online-Datenbank verrät, welche Apps betroffen waren oder sind.
---------------------------------------------
http://heise.de/-2615960


*** WordPress 4.1.2 Security Release ***
---------------------------------------------
WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
---------------------------------------------
https://wordpress.org/news/2015/04/wordpress-4-1-2/


*** Security Advisory: glibc vulnerability CVE-2013-7424 ***
---------------------------------------------
(SOL16472)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/400/sol16472.html?ref=rss


*** VU#260780: NetNanny uses a shared private key and root CA ***
---------------------------------------------
Vulnerability Note VU#260780 NetNanny uses a shared private key and root CA Original Release date: 20 Apr 2015 | Last revised: 20 Apr 2015   Overview NetNanny uses a shared private key and root Certificate Authority (CA), making systems broadly vulnerable to HTTPS spoofing.  Description NetNanny installs a Man-in-the-Middle (MITM) proxy as well as a new trusted root CA certificate. The certificate used by NetNanny is shared among all installations of NetNanny. Furthermore, the private key used
---------------------------------------------
http://www.kb.cert.org/vuls/id/260780


*** Cisco Unified MeetingPlace Custom Prompts languageShortName Parameter Arbitrary Code Execution Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38455


*** Cisco Unified MeetingPlace Administrative Web Interface Reflected Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38459


*** HPSBMU03321 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04636829


*** HPSBGN03305 rev.1 - HP Business Service Management (BSM) products running SSLv3, Remote Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Business Service Management (BSM), SiteScope, Business Service Management (BSM) Integration Adaptor, Operations Manager for Windows, Unix and Linux, Reporter, Operation Agent Virtual Appliance, Performance Manager, Virtualization Performance Viewer, Operations Agent, BSM Connector and Service Health Reporter running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04626982