[CERT-daily] Tageszusammenfassung - Mittwoch 5-08-2015

Wed Aug 5 18:12:23 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 04-08-2015 18:00 − Mittwoch 05-08-2015 18:00
Handler:     n/a
Co-Handler:  n/a


*** Nuclear EK traffic patterns in August 2015, (Wed, Aug 5th) ***
---------------------------------------------
Introduction About two weeks ago, Nuclear exploit kit (EK)changed its URL patterns. Now it looks a bit likeAngler EK. Kafeine originally announced the change on 2015-07-21 [1], and we collected examples the next day. Heres how Nuclear EK looked on" /> Here" /> Now that were into August 2015,URL patterns for Nuclear EK have altered again. These changes are similar to weve seen withAngler EK since June 2015 [3]. Theyre not the same URL patternsas Angler, but the changes are...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20001&rss


*** Wait, what? TrueCrypt decrypted by FBI to nail doc-stealing sysadmin ***
---------------------------------------------
Do the Feds know something we dont about crypto-tool? Or did bloke squeal his password? Discontinued on-the-fly disk encryption utility TrueCrypt was unable to keep out the FBI in the case of a US government techie who stole copies of classified military documents. How the Feds broke into the IT bods encrypted TrueCrypt partition isnt clear.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/08/04/truecrypt_decrypted_by_fbi/


*** WordPress-Update schließt sechs Sicherheitslücken ***
---------------------------------------------
Die Version 4.2.4 des Content-Management-Systems behebt unter anderem eine SQL-Injection-Lücke, durch die Angreifer die Installation übernehmen können.
---------------------------------------------
http://heise.de/-2771541


*** Man-In-The-Cloud Owns Your DropBox, Google Drive -- Sans Malware ***
---------------------------------------------
Using no malware or stolen passwords, new attack can compromise your cloud synch services and make your good files malicious.
---------------------------------------------
http://www.darkreading.com/cloud/man-in-the-cloud-owns-your-dropbox-google-drive----sans-malware-/d/d-id/1321501?_mc=RSS_DR_EDT


*** Email Security Awareness: How To Get Quick Results ***
---------------------------------------------
Phishing and Spear phishing attacks on the rise Phishing and spear phishing attacks are the most effective attack vectors. Despite the high level of awareness of the cyber threats, bad actors still consider email their privileged attack vector. According to the security experts at Trend Micro firm, spear phishing is the attack method used in...
---------------------------------------------
http://resources.infosecinstitute.com/email-security-awareness-how-to-get-quick-results/


*** Finding Vulnerabilities in Core WordPress: A Bug Hunter's Trilogy, Part I ***
---------------------------------------------
In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts - describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only "Subscriber" user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web...
---------------------------------------------
http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/


*** Android-Schwachstelle: Telekom schaltet wegen Stagefright-Exploits direktes MMS ab ***
---------------------------------------------
MMS-Nutzer müssen wegen einer Android-Schwachstelle auf die direkte Zustellung verzichten. Die Telekom will so ihre Kunden schützen.
---------------------------------------------
http://www.golem.de/news/android-schwachstelle-telekom-schaltet-wegen-stagefright-exploits-direktes-mms-ab-1508-115600-rss.html


*** MVEL as an attack vector ***
---------------------------------------------
Java-based expression languages provide significant flexibility when using middleware products such as Business Rules Management System (BRMS). This flexibility comes at a price as there are significant security concerns in their use. In this article MVEL is used in JBoss...
---------------------------------------------
https://securityblog.redhat.com/2015/08/05/mvel-as-an-attack-vector/


*** Root-Exploit: Apple bereitet offenbar Patch mit MacOS 10.10.5 vor ***
---------------------------------------------
Der Mac-Hersteller setzt einem Bericht zufolge zunächst auf verschiedene Maßnahmen, um die Ausnutzung einer Rechteausweitungslücke zur Malware-Installation zu erschweren. Das ausstehende Update auf OS X 10.10.5 soll die Schwachstelle dann beseitigen.
---------------------------------------------
http://heise.de/-2772715


*** Bugtraq: [SECURITY] [DSA 3328-2] wordpress regression update ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536135


*** Apple OS X DYLD_PRINT_TO_FILE Environment Variable Validation Flaw Lets Local Users Obtain Root Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1033177


*** [2015-08-05] Websense Content Gateway stack buffer overflow in handle_debug_network ***
---------------------------------------------
A stack-based buffer overflow was identified in the Websense Content Manager administrative interface, which allows execution of arbitrary code.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150805-0_Websense_Content_Gateway_stack_buffer_overflow_in_handle_debug_network_v10.txt


*** Security Advisory - CF Card Information Leak Vulnerability on Multiple Huawei Products ***
---------------------------------------------
The CF cards on some Huawei switches contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information (HWPSIRT-2015-07048).
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446634.htm


*** Security_Advisory-Two Security Vulnerabilities in the ME906 Wireless Module ***
---------------------------------------------
The upgrade package of the ME906 wireless module contains the hash values of the root account and password. An attacker can obtain the password of the root account through reverse cracking, connect to the serial port of the wireless module, and enter the root account and password to log in to the operating system of the module. (HWPSIRT-2015-02009) | This module implements upgrade check using CRC16, which is insecure. Much study is done for reversely cracking this algorithm. (HWPSIRT-2015-06032)
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm