[CERT-daily] Tageszusammenfassung - Mittwoch 22-04-2015

Wed Apr 22 18:14:26 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 21-04-2015 18:00 − Mittwoch 22-04-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** How attackers exploit end-users psychology ***
---------------------------------------------
At RSA Conference 2015, Proofpoint released the results of its annual study that details the ways attackers exploit end-users psychology to circumvent IT security. Last year was the year attacke...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/tTatKVMFrgE/secworld.php


*** How to hack Avaya phones with a simple text editor ***
---------------------------------------------
At RSA conference 2015 a researcher demonstrated that Avaya's Ethernet office phones can be compromised with just a simple text editor. At the RSA conference 2015 in San Francisco, Dr Ang Cui from Columbia University PhD and Red Ballon Security cofounder announced that Avaya's Ethernet office phones can be compromised with just a simple text...
---------------------------------------------
http://securityaffairs.co/wordpress/36187/hacking/how-to-hack-avaya-phone.html


*** 2 out of 3 IT pros put systems at risk by making undocumented changes ***
---------------------------------------------
The Netwrix 2015 State of IT Changes Survey of more than 700 IT professionals across 40 industries found that 70% of companies forget about documenting changes, up from 57% last year. Most surprisingl...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/4YM1XhU4vq4/secworld.php


*** The CozyDuke APT ***
---------------------------------------------
CozyDuke (aka CozyBear, CozyCar or "Office Monkeys") is a threat actor that became increasingly active in the 2nd half of 2014 and hit a variety of targets. The White House and Department of State are two of the most spectacular...
---------------------------------------------
http://securelist.com/blog/research/69731/the-cozyduke-apt/


*** CozyDuke, TLP: White ***
---------------------------------------------
This whitepaper provides an overview of CozyDuke, a set of tools used by one or more malicious actors for performing targeted attacks against high profile organizations, such as governmental organizations and other entities that work closely with these institutions.
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002804.html


*** "No iOS Zone" - A New Vulnerability Allows DoS Attacks on iOS Devices ***
---------------------------------------------
In today's RSA Conference presentation, (Tuesday, April 21, 2015 | 3:30 PM - 4:20 PM | West | Room: 2001) Adi Sharabani, CEO and my fellow co-founder at Skycure, and I covered the lifecycle of vulnerabilities and vendor pitfalls. We also shared some details about a vulnerability our team recently identified in iOS 8 - a vulnerability that we are currently working with Apple to fix.
---------------------------------------------
https://www.skycure.com/blog/ios-shield-allows-dos-attacks-on-ios-devices/


*** Regular expressions and recommended practices ***
---------------------------------------------
Whenever a security person crosses a vulnerability report, one of the the first steps is to ensure that the reported problem is actually a vulnerability. Usually, the issue falls into well known and studied categories and this step is done...
---------------------------------------------
https://securityblog.redhat.com/2015/04/22/regular-expressions-and-recommended-practices/


*** RSA 2015: Thousands of Android apps found to be vulnerable ***
---------------------------------------------
Vulnerability testing by CERT found tens of thousands of Android apps are vulnerable and no full register exists as they dont all get CVE assigned.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/42uHv7yPt0M/


*** RSA 2015: Experts discuss six dangerous attack techniques ***
---------------------------------------------
Data breaches, ransomware, and threats against industrial control system were were discussed during an RSA Conference 2015 session on dangerous attack techniques.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/yup3ar8W41U/


*** SSA-994726 (Last Update 2015-04-22): GHOST Vulnerability in Siemens Industrial Products ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-994726.pdf


*** SSA-451236 (Last Update 2015-04-22): Vulnerability in SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-451236.pdf


*** HPSBGN03308 rev.1 - HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS), Remote Code Execution ***
---------------------------------------------
A potential security vulnerability has been identified with the HP TippingPoint Security Management System (SMS) and vSMS. A vulnerability in JBOSS RMI could be exploited to allow remote code execution.
---------------------------------------------
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04626974


*** Manage Engine Firewall Analyzer 8.3 Build 8300 Cross Site Scripting ***
---------------------------------------------
Topic: Manage Engine Firewall Analyzer 8.3 Build 8300 Cross Site Scripting Risk: Low Text: = Reflected XSS Vulnerability In Manage Engine Firewall Analyzer = . contents:: Table Of Content Overview == ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015040128


*** Cisco FireSIGHT Management Center Web Framework HTTP Header Redirection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38486


*** Cisco Unified MeetingPlace Web Services Directory SOAP API Endpoints Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38461


*** Cisco Unified MeetingPlace Server Multiple State Changing URL API Functionalities Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38460


*** DSA-3231 subversion - security update ***
---------------------------------------------
Several vulnerabilities were discovered in Subversion, a version controlsystem. The Common Vulnerabilities and Exposures project identifies thefollowing problems:...
---------------------------------------------
https://www.debian.org/security/2015/dsa-3231


*** Glibc Buffer Overflow in getanswer_r() Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1032178


*** Platform Agent 2011.1r2 ***
---------------------------------------------
Abstract: The Novell Audit Platform Agent (Platform Agent) facilitates auditing events by transmitting log data from multiple applications to the Audit server.Document ID: 5207351Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:Platform-Agent_2011.1r2.sha256 (93 bytes)Platform-Agent_2011.1r2.zip (16.8 MB)Products:Sentinel 7.0Sentinel 7.0.1Sentinel 7.0.2Sentinel 7.0.3Sentinel 7.1Sentinel 7.1.1Sentinel 7.1.2Sentinel 7.2Sentinel 7.2.1Sentinel 7.2.2Sentinel 7.3Sentinel Log
---------------------------------------------
https://download.novell.com/Download?buildid=dpHkpNu89zw~