[CERT-daily] Tageszusammenfassung - Donnerstag 10-12-2015

Thu Dec 10 18:03:54 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 09-12-2015 18:00 − Donnerstag 10-12-2015 18:00
Handler:     Taranis Admin
Co-Handler:  n/a


*** Server Security: OSSEC Updated With GeoIP Support ***
---------------------------------------------
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Host-Based Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates ..
---------------------------------------------
https://blog.sucuri.net/2015/12/ossec-with-geoip.html


*** Cisco Unity Connection Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc


*** Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-tvc


*** Cybercrime News Results In Cybercrime Blues ***
---------------------------------------------
FireEye Labs recently spotted a 2011 article on cybercrime from the news site theguardian[.]com that redirects users to the Angler Exploit Kit. Successful exploitation by Angler resulted in a malware infection for readers of the article. A spokesperson for the guardian[.]com responded that they "are aware of FireEye's claims and are working to rectify the issue in question as soon as possible."
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/12/cybercrime-news.html


*** Inside Chimera Ransomware - the first 'doxingware' in wild ***
---------------------------------------------
Ransomware have proven to be a good source of money for cybercriminals. The Chimera ransomware comes with several ideas that are novel and may slowly become a new trend.
---------------------------------------------
https://blog.malwarebytes.org/intelligence/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/


*** PuTTY ECH Integer Overflow Lets Remote Users Execute Arbitrary Code on the Target Users System ***
---------------------------------------------
http://www.securitytracker.com/id/1034308


*** MS15-DEC - Microsoft Security Bulletin Summary for December 2015 - Version: 1.1 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS15-DEC


*** American hacker duo throws pwns on IoT BBQs, grills open admin ***
---------------------------------------------
Half-baked code a feast for attackers because Thing-builders are hopeless Kiwicon American hardware hackers have ruined Christmas cooks ups across Australia, revealing gaping ..
---------------------------------------------
www.theregister.co.uk/2015/12/10/american_hacker_duo_throws_pwns_on_iot_bbqs_grills_open_admin/


*** Valve Software: 77.000 Nutzerkonten pro Monat auf Steam ausgeplündert ***
---------------------------------------------
Um Nutzer vor dem Diebstahl virtueller Güter auf Steam zu schützen, führt Valve neue Regeln für den Verkauf ein. Das scheint nötig: Seitdem der Handel etwa mit Gegenständen aus Dota 2 möglich ist, sind immer mehr Nutzer ins Visier von Hackern geraten. 
---------------------------------------------
http://www.golem.de/news/valve-software-77-000-nutzerkonten-pro-monat-auf-steam-ausgepluendert-1512-117932.html


*** Kaspersky Security Bulletin 2015. Evolution of cyber threats in the corporate sector ***
---------------------------------------------
The data collected from Kaspersky Lab products shows that the tools used to attack businesses differ from those used against home users. Let's have a look back at the major incidents of 2015 and at the new trends we have observed in information security within the business environment.
---------------------------------------------
http://securelist.com/analysis/kaspersky-security-bulletin/72969/kaspersky-security-bulletin-2015-evolution-of-cyber-threats-in-the-corporate-sector/


*** Finale Version vom Passwortmanager KeePassX 2.0 erschienen ***
---------------------------------------------
KeePassX ist nach rund dreieinhalb Jahren Entwicklungszeit in der finalen Version 2.0 angekommen.
---------------------------------------------
http://heise.de/-3038771


*** HTTPS: Cloudflare und Facebook wollen SHA1 weiternutzen ***
---------------------------------------------
Eigentlich sollen mit SHA1 signierte TLS-Zertifikate bald der Vergangenheit angehören. Doch in Entwicklungsländern sind noch viele Geräte in Benutzung, die den besseren SHA256-Algorithmus nicht unterstützen. Facebook und Cloudflare wollen daher alten Browsern ein anderes Zertifikat ausliefern. 
---------------------------------------------
http://www.golem.de/news/https-cloudflare-und-facebook-wollen-sha1-weiternutzen-1512-117939.html


*** Cisco untersucht eigenes Portfolio auf gefährliche Java-Lücke ***
---------------------------------------------
Die weit verbreitete Java-Bibliothek Apache Common Collections ist verwundbar. Cisco untersucht nun, ob die Lücken in seinen Anwendungen und Geräten klafft. Außerdem wurden weitere potentiell angreifbare Java-Bibliotheken entdeckt.
---------------------------------------------
http://heise.de/-3039533


*** [2015-12-10] Skybox Platform Multiple Vulnerabilities ***
---------------------------------------------
The Skybox platform contains multiple security vulnerabilities which can be exploited by an attacker to execute arbitrary code and to read arbitrary files from the file system. Moreover a SQL injection and various Cross-Site scripting vulnerabilities have been identified. Attackers can exploit these issues to completely compromise affected Skybox appliances.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20151210-0_Skybox_Platform_Multiple_Vulnerabilities_v10.txt


*** WordPress hosting biz confesses to breach, urgently contacts 30,000 users ***
---------------------------------------------
We're 'proactively taking security measures' - WP Engine WordPress hosting outfit WP Engine has confessed to a security breach, prompting it to reset 30,000 customers passwords.
---------------------------------------------
www.theregister.co.uk/2015/12/10/wordpress_hosting_biz_confesses_to_hack/