[CERT-daily] Tageszusammenfassung - Donnerstag 30-04-2015

Thu Apr 30 18:03:43 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 29-04-2015 18:00 − Donnerstag 30-04-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** MailChimp - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-101 ***
---------------------------------------------
The MailChimp Signup submodule does not properly sanitize some user input, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting (XSS) vulnerability.
---------------------------------------------
https://www.drupal.org/node/2480253


*** My Website Was Blacklisted By Google and Distributing Email Spam ***
---------------------------------------------
Being blacklisted is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning page can literally destroy ..
---------------------------------------------
https://blog.sucuri.net/2015/04/my-website-was-blacklisted-by-google-and-distributing-email-spam.html


*** Cisco StarOS for Cisco ASR 5000 Series HTTP Packet Processing Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38580


*** Bedep trojan malware spread by the Angler exploit kit gets political ***
---------------------------------------------
We recently observed what seems to be a group of cybercriminals helping spread pro-Russia messaging by artificially inflating video views and ratings on a popular video website. The ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Bedep-trojan-malware-spread-by-the-Angler-exploit-kit-gets-political/


*** Cyber threat intelligence group links Russia to cyber espionage and attacks ***
---------------------------------------------
"Operation Armageddon," active since at least mid-2013, exposes a cyber espionage campaign devised to provide a military advantage to Russian leadership by targeting Ukrainian government, law enforcement, and military ..
---------------------------------------------
http://www.liveleak.com/view?i=b39_1430249732


*** WhatsApp durchleuchtet: Vorbildliche Verschlüsselung weitgehend nutzlos ***
---------------------------------------------
Um die Frage zu beantworten wie vertrauenswürdig die von WhatsApp seit einigen Monaten eingesetzte Ende-zu-Ende-Verschlüsselung ist, hat c't sie unter die Lupe genommen: Zwar setzt WhatsApp die richtige Technik ein, viel nützt das aber trotzdem nicht.
---------------------------------------------
http://heise.de/-2629081


*** Voiceprint: Stimmenerkennung ist die neue Gesichtserkennung ***
---------------------------------------------
Statt mit einem Passwort können sich Bankkunden mittlerweile mit ihrer Stimme am Telefon identifizieren. Akustische Biometriesysteme werden in immer mehr Firmen eingesetzt. Die Gefahr: Auch Geheimdienste und Staaten können auf die Technik zugreifen. 
---------------------------------------------
http://www.golem.de/news/voiceprint-stimmenerkennung-ist-die-neue-gesichtserkennung-1504-113801.html


*** Analysis of a MICROSOFT WORD INTRUDER sample: execution, check-in and payload delivery ***
---------------------------------------------
On April 1st FireEye released a report on 'MWI; and 'MWISTAT' which is a sort of exploit kit for Word Documents if you will: A New Word Document Exploit Kit In the article FireEye goes over MWI which is the short for 'Microsoft Word Intruder' coded ..
---------------------------------------------
http://blog.0x3a.com/post/117760824504/analysis-of-a-microsoft-word-intruder-sample


*** A Brief Look at DNS Zone Transfer for Alexia's Top 1M Domains ***
---------------------------------------------
The folks at Rapid7 have released another scan. This one is looking at Alexa's top 1 million domains for DNS servers which have allowed unauthenticated requests for Zone Transfer.
---------------------------------------------
http://atechdad.com/a-brief-look-at-dns-zone-transfer-for-alexias-top-1m-domains/


*** TA15-120A: Securing End-to-End Communications ***
---------------------------------------------
Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject code, ..
---------------------------------------------
https://www.us-cert.gov/ncas/alerts/TA15-119A-0


*** The BACKRONYM MySQL Vulnerability ***
---------------------------------------------
Earlier this year, I - along with some members of our DevOps team - noticed some interesting behavior in libmysqlclient and the MySQL CLI: no matter how hard we tried (no matter how many MYSQL_OPT_SSL_* options we set) we could not make the client enforce the use of SSL. If the server claimed not to support it, the ..
---------------------------------------------
https://www.duosecurity.com/blog/backronym-mysql-vulnerability