[CERT-daily] Tageszusammenfassung - Dienstag 15-12-2015
Daily end-of-shift report
team at cert.at
Tue Dec 15 18:29:05 CET 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 14-12-2015 18:00 − Dienstag 15-12-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** 13 million MacKeeper users exposed after MongoDB door was left open ***
---------------------------------------------
Expect more breaches in the future as 35,000 MongoDB installs are misconfigured.
---------------------------------------------
http://arstechnica.com/security/2015/12/13-million-mackeeper-users-exposed-after-mongodb-door-was-left-open/
*** Hack: Esa-Nutzer haben kurze Passwörter ***
---------------------------------------------
Zahlreiche interne Datensätze der Europäischen Raumfahrtagentur Esa sind gehackt worden und jetzt im Internet einsehbar. Offenbar benutzen viele der Esa-Nutzer kurze und unsichere Passwörter.
---------------------------------------------
http://www.golem.de/news/rocket-science-esa-nutzer-haben-kurze-passwoerter-1512-118026-rss.html
*** Vulnerability Details: Joomla! Remote Code Execution ***
---------------------------------------------
The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty much all versions of the platform up to 3.4.5. As soon as the patch was released, we were able to start our investigation and found that it was alreadyRead More The post Vulnerability Details: Joomla! Remote Code Execution appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.html
*** 4 Things to Consider When Assessing Device Posture for Effective Network Access Control ***
---------------------------------------------
Guest blogger Benny Czarny explains one of the main reasons to have a NAC system in place is to keep risky devices from connecting to your organization's network. Unfortunately, simply purchasing a NAC solution is not going to guarantee your protection.Categories: Online SecurityTags: Anti-Malwareanti-virusencryptionendpointvulnerability(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/12/4-things-to-consider-when-assessing-device-posture-for-effective-network-access-control/
*** Protecting Windows Networks - Kerberos Attacks ***
---------------------------------------------
MEDIA NOTE: This is not a new flaw, just a good write-up! I don't know why media reporting this as a new flaw. | Kerberos is an authentication protocol that is used by default in Windows networks and provide mutual authentication and authorization for clients and servers. It does not require you to send a password or a hash on the wire, it is instead rely on a trusted third party for handling all the details. | Although, it is considered a secure protocol, it has some flaws in Windows...
---------------------------------------------
http://dfir-blog.com/2015/12/13/protecting-windows-networks-kerberos-attacks/
*** Kaspersky Security Bulletin 2015. Overall statistics for 2015 ***
---------------------------------------------
In 2015, virus writers demonstrated a particular interest in exploits for Adobe Flash Player. The proportion of relatively simple programs used in mass attacks was growing. Attackers have mastered non-Windows platforms - Android and Linux: almost all types of malicious programs are created and used for these platforms.
---------------------------------------------
http://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-security-bulletin-2015-overall-statistics-for-2015/
*** Oil and Gas Cyber Security - Interview ***
---------------------------------------------
In the recent presentation at BlackHat, you mentioned that oil and gas is one of the industries most plagued by cyber-attacks. What makes oil and gas an attractive target? It's a juicy target for Cyberattacks as oil and gas companies are responsible for a great part of some countries' economies. Any interference in their work...
---------------------------------------------
http://resources.infosecinstitute.com/oil-and-gas-cyber-security-interview/
*** Android.ZBot banking Trojan uses "web injections" to steal confidential data ***
---------------------------------------------
December 15, 2015 The Trojans designed to steal money from bank accounts pose a serious threat to Android users. The Android.ZBot Trojan is one of these malicious programs. Its different modifications target mobile devices of Russian users from February 2015. This Trojan is interesting due to its ability to steal logins, passwords, and other confidential data by displaying fraudulent authentication forms on top of any applications. The appearance of such forms is generated on
---------------------------------------------
http://news.drweb.com/show/?i=9754&lng=en&c=9
*** Security Afterworks: Wie man TLS-Hipster wird & Best of CCC ***
---------------------------------------------
January 21, 2016 - 5:00 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/security-afterworks-wie-man-tls-hipster-wird-best-of-ccc/
*** ZDI-15-639: (0Day) Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-639/
*** ZDI-15-638: (0Day) Apache TomEE Deserialization of Untrusted Data Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache TomEE. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-638/
*** Security Advisory: RSA-CRT key leak vulnerability CVE-2015-5738 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/91/sol91245485.html?ref=rss
*** Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm
*** Cisco IOS XE Software IPv6 Neighbor Discovery Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios
*** Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim
*** Security Notice - Statement on NTP.org and CERT/CC Revealing Security Vulnerabilities in NTPd ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-408044.htm
*** TYPO3 CMS 6.2.16 and 7.6.1 released ***
---------------------------------------------
The TYPO3 Community announces the versions 6.2.16 LTS and 7.6.1 LTS of the TYPO3 Enterprise Content Management System.
Both versions are maintenance releases and contain bug and security fixes.
In case the extension mediace is used, please make sure to upgrade to version 7.6.1.
---------------------------------------------
http://www.typo3.org/news/article/typo3-cms-6216-and-761-released/
---------------------------------------------
*** Cross-Site Scripting in TYPO3 component Indexed Search ***
http://www.typo3.org/news/article/cross-site-scripting-in-typo3-component-indexed-search/
---------------------------------------------
*** TYPO3 is susceptible to Cross-Site Flashing ***
http://www.typo3.org/news/article/typo3-is-susceptible-to-cross-site-flashing/
---------------------------------------------
*** Multiple Cross-Site Scripting vulnerabilities in frontend ***
http://www.typo3.org/news/article/multiple-cross-site-scripting-vulnerabilities-in-frontend/
---------------------------------------------
*** Cross-Site Scripting vulnerability in typolinks ***
http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-typolinks/
---------------------------------------------
*** Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend ***
http://www.typo3.org/news/article/multiple-cross-site-scripting-vulnerabilities-in-typo3-backend/
---------------------------------------------
*** Cross-Site Scripting in TYPO3 component Extension Manager ***
http://www.typo3.org/news/article/cross-site-scripting-in-typo3-component-extension-manager/
---------------------------------------------
More information about the Daily
mailing list