[CERT-daily] Tageszusammenfassung - Freitag 14-08-2015

Fri Aug 14 18:11:43 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 13-08-2015 18:00 − Freitag 14-08-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** One font vulnerability to rule them all #3: Windows 8.1 32-bit sandbox escape exploitation ***
---------------------------------------------
This is part #3 of the "One font vulnerability to rule them all" blog post series. In the previous posts, we introduced the "blend" PostScript operator vulnerability, discussed the Charstring primitives necessary to fully control the stack contents and used them to develop a reliable user-mode Adobe Reader exploit executing arbitrary C++ code embedded in the PDF file:One font vulnerability to rule them all #1: introducing the BLEND vulnerabilityOne font vulnerability to...
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/08/one-font-vulnerability-to-rule-them-all_13.html


*** Adwind: another payload for botnet-based malspam, (Fri, Aug 14th) ***
---------------------------------------------
Introduction Since mid-July 2015, Ive noticed an increase in malicious spam (malspam) caught by my employers spamfilters with java archive (.jar file) attachments. These .jar files are most often identified as Adwind. Adwind is a Java-based remote access tool (RAT) used by malware authors to infect computers with backdoor access. Theres no vulnerability involved. To infect a Windows computer, the user has to execute the malware by double-clicking on the .jar file. Im currently seeing enough...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20041&rss


*** Windows 10: Gefährlicher Zertifikats-Wirrwarr ***
---------------------------------------------
Windows 10 sammelt fleißig Benutzerdaten und überträgt sie an Microsoft. Ausgerechnet dabei verzichtet das Betriebssystem auf einen ansonsten verwendeten Schutz vor falschen Zertifikaten - sensible Daten könnten so zur leichten Beute werden.
---------------------------------------------
http://heise.de/-2776810


*** CaVer: Neue Technik findet Schwachstellen in C++-Code ***
---------------------------------------------
US-Wissenschaftler haben ein Verfahren entwickelt, das fehlerhafte Typumwandlungen in C++-Programmen zur Laufzeit identifiziert. Es hat bereits mehrere inzwischen behobene Schwachstellen in der GNU-libstd++ und in Firefox aufgespürt.
---------------------------------------------
http://heise.de/-2778993


*** Was tun bei Handy-Verlust? ***
---------------------------------------------
Besitzer sollten Sicherheitsvorkehrungen treffen
---------------------------------------------
http://derstandard.at/2000020734740


*** Android-Sicherheitslücke: Googles Stagefright-Patch ist fehlerhaft ***
---------------------------------------------
Google muss einen der Stagefright-Patches überarbeiten. Der Patch schließt die Sicherheitslücke nicht, und Android-Geräte sind weiterhin angreifbar. Ein korrigierter Patch für die Nexus-Modelle wird diesen Monat aber nicht mehr erscheinen.
---------------------------------------------
http://www.golem.de/news/android-sicherheitsluecke-googles-stagefright-patch-ist-fehlerhaft-1508-115769-rss.html


*** Auslaufendes A-Trust Root-Zertifikat "A-Trust-nQual-03" ***
---------------------------------------------
Auslaufendes A-Trust Root-Zertifikat "A-Trust-nQual-03" | 14. August 2015 | In den diversen Certificate Stores (Browser, Windows) ist ein Root-Zertifkat von A-Trust mit Gültigkeit bis 18. August 2015: A-Trust-nQual-03 SHA-1 Fingerprint D3:C0:63:F2:19:ED:07:3E:34:AD:5D:75:0B:32:76:29:FF:D5:9A:F2 | Unseren (limitierten) Recherchen nach gibt es im Certificate Store von Windows noch andere A-Trust Root-Zertifikate (auch mit SHA256, vgl. Microsoft Root Certificate Program). In den Certificate...
---------------------------------------------
http://www.cert.at/services/blog/20150814120852-1571.html


*** Eurocentric Ransomware Spam in Circulation ***
---------------------------------------------
A number of spam runs are gunning for customers of various European businesses. Fake delivery messages and online bills quickly give way to Ransomware...Categories:  Fraud/Scam AlertTags: emailmalwarephishransomwarespamtorrentlocker(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/fraud-scam/2015/08/eurocentric-ransomware-spam-in-circulation/


*** Lampen, Schlösser, Alarmanlagen hackbar: Wiener fanden Schwachstelle in ZigBee-Standard ***
---------------------------------------------
Sicherheitsfirma Cognosec weist auf Sicherheitsprobleme beim "smarten" Zuhause hin
---------------------------------------------
http://derstandard.at/2000020752533


*** Why Vulnerability Research Is A Good Thing ***
---------------------------------------------
Earlier this week Oracle's CSO released a blog post that talked about why people should stop looking for vulnerabilities in their software products. Needless to say, this did not go down well with the security community - and the post was soon taken down with a statement from the company adding that the post "does not reflect our...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Laorf2GvBCU/


*** Security, Reverse Engineering and EULAs ***
---------------------------------------------
Like more than a few others, I experienced the infosec outrage against Mary Ann Davidson, Oracle's Chief Security Officer, before I actually read the now-redacted blog post. After taking the time to read what she actually wrote (still available through Google's web cache), I think there's more discussion to be had than I've seen so far.
---------------------------------------------
http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/security-reverse-engineering-and-eulas/


*** Apple Patches Critical OS X DYLD Flaw in Monster Update ***
---------------------------------------------
Apple released hordes of patches for OS X, iOS, Safari and iOS Server, including fixes for the DYLD vulnerability disclosed in July.
---------------------------------------------
http://threatpost.com/apple-patches-critical-os-x-dyld-flaw-in-monster-update/114289


*** Apple Security Updates ***
---------------------------------------------

*** iOS 8.4.1 ***
https://support.apple.com/kb/HT205030

*** OS X Yosemite 10.10.5 and Security Update 2015-006 ***
https://support.apple.com/kb/HT205031

*** Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 ***
https://support.apple.com/kb/HT205033

*** OS X Server v4.1.5 ***
https://support.apple.com/kb/HT205032


*** Cisco Advisories ***
---------------------------------------------

*** Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40441

*** Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40444

*** Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=40443


*** ICS-CERT Alerts ***
---------------------------------------------

*** Rockwell Automation 1769-L18ER and A LOGIX5318ER Vulnerability ***
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-225-01

*** Rockwell Automation 1766-L32 Series Vulnerability ***
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-225-02

*** KAKO HMI Hard-coded Password ***
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-01

*** Schneider Electric Modicon M340 PLC Station P34 Module Vulnerabilities ***
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-02

*** Prisma Web Vulnerabilities ***
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-03

*** Moxa ioLogik E2210 Vulnerabilities ***
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-04


*** DFN-CERT-2015-1258: Request Tracker: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1258/