[CERT-daily] Tageszusammenfassung - Freitag 7-08-2015

Daily end-of-shift report team at cert.at
Fri Aug 7 18:13:19 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 06-08-2015 18:00 − Freitag 07-08-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Updated DGA Changer Malware Generates Fake Domain Stream ***
---------------------------------------------
Researchers at Seculert have discovered the latest twist to DGA Changer, which now is able to generate a fake stream of domains if it detects it's being executed in a virtual machine.
---------------------------------------------
http://threatpost.com/updated-dga-changer-malware-generates-fake-domain-stream/114159




*** BLEKey Device Breaks RFID Physical Access Controls ***
---------------------------------------------
A device called BEKey which is the size of a quarter and can be installed in 60 seconds on a proximity card reader could potentially be used to break physical access controls in 80 percent of deployments.
---------------------------------------------
http://threatpost.com/blekey-device-breaks-rfid-physical-access-controls/114163




*** BIND Denial of Service Vulnerability Blamed on Windows 2000 Compatibility Code ***
---------------------------------------------
The BIND implementation of the Domain Name System (DNS) is a critical part of the infrastructure of the Internet. For example, almost all of the 13 root name servers use BIND. On July 28 a vulnerability was published in BIND that could be anonymously exploited by an attacker. To crash the server, all an attacker would have to...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/OQsKsP-w1DU/




*** Schwachstelle: Certifi-Gate erlaubt Zertifikatsmissbrauch unter Android ***
---------------------------------------------
Bösartige Apps können in Android legitime Zertifikate nutzen, um erhöhte Rechte zu erhalten. Die Entdecker der Schwachstelle haben dieser den Namen Certifi-Gate gegeben. Google bestätigt die Lücke, betont aber, dass Apps im Play Store auf ein solches Missbrauchspotential überprüft würden.
---------------------------------------------
http://www.golem.de/news/schwachstelle-certifi-gate-erlaubt-zertifikatsmissbrauch-unter-android-1508-115633-rss.html




*** HTTPS: BGP-Angriff gefährdet TLS-Zertifikatssystem ***
---------------------------------------------
Auf der Black Hat weisen Sicherheitsforscher auf ein Problem mit TLS-Zertifizierungsstellen hin: Die Prüfung, wem eine Domain gehört, findet über ein ungesichertes Netz statt. Dieser Weg ist angreifbar - beispielsweise mittels des Routingprotokolls BGP.
---------------------------------------------
http://www.golem.de/news/https-bgp-angriff-gefaehrdet-tls-zertifikatssystem-1508-115632-rss.html




*** Kryptographie: Rechenfehler mit großen Zahlen ***
---------------------------------------------
Kryptographische Algorithmen benötigen oft Berechnungen mit großen Ganzzahlen. Immer wieder werden Fehler in den entsprechenden Bibliotheken gefunden. Diese können zu Sicherheitslücken werden.
---------------------------------------------
http://www.golem.de/news/kryptographie-rechenfehler-mit-grossen-zahlen-1508-115636-rss.html




*** Zwölf Sicherheitslücken in PHP geschlossen, Support für Version 5.5 ausgelaufen ***
---------------------------------------------
Das PHP-Entwickerteam hat seinen Interpreter sicherer gemacht und weist darauf hin, dass der Support für Version 5.5 vor kurzem abgelaufen ist. Wer kann, sollte auf Version 5.6 umsteigen.
---------------------------------------------
http://heise.de/-2774343




*** The GasPot experiment: Hackers target gas tanks ***
---------------------------------------------
Physically tampering with gasoline tanks is dangerous enough, given how volatile gas can be. Altering a fuel gauge can cause a tank to overflow, and a simple spark can set everything ablaze. But imagi...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/5bYYfndJK74/secworld.php




*** Auto-Hacking: Gehackte Teslas lassen sich bei voller Fahrt ausschalten ***
---------------------------------------------
Insgesamt sechs Lücken haben IT-Sicherheitsforscher in der Software der Automobile von Tesla entdeckt. Über sie gelang es ihnen, die Kontrolle über das Fahrzeug zu übernehmen.
---------------------------------------------
http://www.golem.de/news/auto-hacking-gehackte-teslas-lassen-sich-bei-voller-fahrt-ausschalten-1508-115641-rss.html




*** Firefox exploit found in the wild ***
---------------------------------------------
Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1. https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
---------------------------------------------
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/




*** CrackLord: Gratis-Tool zum Steuern von Cracking-Clustern ***
---------------------------------------------
Forscher haben mit CrackLord eine Open-Source-Software vorgestellt, die CPU-/GPU-Cluster zum Cracken von Passwörtern ansteuert und Aufgaben verwaltet und verteilt.
---------------------------------------------
http://heise.de/-2774582




*** Scada-Sicherheit: Siemens-PLC wird zum Einbruchswerkzeug ***
---------------------------------------------
Über die oftmals frei aus dem Internet zugänglichen Programmable Logic Controller (PLC) zum Steuern von Scada-Systemen können Angreifer Scanner zum Spionieren in Industrie-Systeme schmuggeln. Die dafür nötige Software steht frei zum Download.
---------------------------------------------
http://heise.de/-2774812




*** Citrix XenServer Security Update for CVE-2015-5154 ***
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to compromise the host ...
---------------------------------------------
http://support.citrix.com/article/CTX201593




*** USN-2706-1: OpenJDK 6 vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2706-16th August, 2015openjdk-6 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTSSummarySeveral security issues were fixed in OpenJDK 6.Software description openjdk-6 - Open Source Java implementation  DetailsSeveral vulnerabilities were discovered in the OpenJDK JRE related toinformation disclosure, data integrity, and availability. An attackercould exploit these to cause a denial of service or expose sensitivedata...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2706-1/




*** Security Advisory: Java SE vulnerabilities CVE-2015-2590 and CVE-2015-4732 ***
---------------------------------------------
(SOL17079)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/000/sol17079.html?ref=rss




*** DSA-3329 linux - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in the Linux kernelthat may lead to a privilege escalation, denial of service orinformation leak.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3329




*** Apache Subversion Bugs Let Remote Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1033215





*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835) ***
http://www.ibm.com/support/docview.wss?uid=swg21962128

*** IBM Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM Security Identity Governance ***
http://www.ibm.com/support/docview.wss?rs=0&uid=swg21963438

*** IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects the IBM FlashSystem V840 (CVE 2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005344

*** IBM Security Bulletin: A vulnerability in Diffie-Hellman ciphers affects the IBM FlashSystem 840 (CVE 2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005339

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21960191

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tivoli Monitoring (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21962739

*** IBM Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem 840 (CVE 2015-1831) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005329

*** IBM Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V840 (CVEs 2015-0204, 2015-0488, and 2015-1916) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005328

*** IBM Security Bulletin: A vulnerability in Open Source Struts affect the IBM FlashSystem V840 (CVE 2015-1831) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005331

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-0488, CVE-2015-0478, CVE-2015-1916) ***
http://www.ibm.com/support/docview.wss?uid=swg21883959

*** IBM Security Bulletin: Multiple vulnerabilities in the unzip utility affect IBM Security Access Manager for Mobile. ***
http://www.ibm.com/support/docview.wss?uid=swg21963158

*** IBM Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting(CVE-2015-0488, CVE-2015-0478, CVE-2015-2808, CVE-2015-1916, CVE-2014-0227, CVE-2015-0209 , CVE-2015-0286 , CVE-2015-0289) ***
http://www.ibm.com/support/docview.wss?uid=swg21963024

*** IBM Security Bulletin: A vulnerability in Open Source OpenSSL affects the IBM FlashSystem 840 (CVE 2015-0286) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005341

*** IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat affect the IBM FlashSystem V840, (CVE-2014-0227) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005204


More information about the Daily mailing list