[CERT-daily] Tageszusammenfassung - Montag 21-12-2015

Daily end-of-shift report team at cert.at
Mon Dec 21 18:05:34 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 18-12-2015 18:00 − Montag 21-12-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Update für Crimeware Kit Microsoft Word Intruder ***
---------------------------------------------
Über Sicherheitslücken in Microsoft Word kann ein Dateianhang schon beim Öffnen Windows-Systeme infizieren. Der Autor des im Untergrund beliebten Crimeware Kits MWI legt jetzt mit neuen Exploits nach.
---------------------------------------------
http://heise.de/-3049547




*** VMSA-2015-0009 ***
---------------------------------------------
VMware product updates address a critical deserialization vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2015-0009.html




*** VMSA-2015-0003.15 ***
---------------------------------------------
VMware product updates address critical information disclosure issue in JRE
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2015-0003.html




*** Avira Registry Cleaner DLL Hijacking ***
---------------------------------------------
avira_registry_cleaner_en.exe, available from
<https://www.avira.com/en/download/product/avira-registry-cleaner>
to clean up remnants the uninstallers of their snakeoil products
fail to remove, is vulnerable: it loads and executes WTSAPI32.dll,
UXTheme.dll and RichEd20.dll from its application directory
(tested and verified under Windows XP SP3 and Windows 7 SP1).
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015120223




*** PUPs Masquerade as Installer for Antivirus and Anti-Adware ***
---------------------------------------------
If youre looking for download sites of programs you wish to install onto your machine or simply try out, you, dear Reader, would be better off dropping by their official websites.
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/12/pups-masquerade-as-installer-for-antivirus-and-anti-adware/




*** Joomla 0-Day Exploited In the Wild (CVE-2015-8562) ***
---------------------------------------------
A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot of attention from the Joomla community, as well as attackers. Using knowledge gained from our recent research on Joomla (CVE-2015-7857, SpiderLabs Blog Post) and information ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-0-Day-Exploited-In-the-Wild-(CVE-2015-8562)/




*** Google Chrome: Abschied von SHA-1-siginierten SSL-Zertifikaten ***
---------------------------------------------
Ab Anfang nächsten Jahres wird Google Chrome keine neu ausgestellten SHA-1-signierten SSL-Zertifikate von öffentlichen CAs mehr akzeptieren. SHA-1 gilt seit zehn Jahren als unsicher, wird aber immer noch von HTTPS-Sites verwendet. 
---------------------------------------------
http://heise.de/-3049749




*** The EPS Awakens - Part 2 ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html




*** Facebook hammers another nail into Flashs coffin ***
---------------------------------------------
The Social NetworkTM bins Adobes malware-magnet for video, adopts HTML5 Facebook has hammered puts another nail in to the coffin of Adobe Flash, by switching from the bug-ridden plug-in to HTML5 for all videos on the site.
---------------------------------------------
www.theregister.co.uk/2015/12/21/facebook_dumps_flash_for_video/




*** Hello Kitty: Kinderdaten ungeschützt im Netz ***
---------------------------------------------
Eine MongoDB-Datenbank mit den privaten Informationen zahlreicher Hello-Kitty-Fans wurde veröffentlicht. Vor allem Kinder dürften davon betroffen sein - und sollten ihre Passwörter bei anderen Diensten überprüfen. 
---------------------------------------------
http://www.golem.de/news/security-hello-kitty-gehackt-1512-118123.html




*** XXX is Angler EK ***
---------------------------------------------
http://malware.dontneedcoffee.com/2015/12/xxx-is-angler-ek.html




*** Schnüffelcode in Juniper-Netzgeräten: Weitere Erkenntnisse und Spekulationen ***
---------------------------------------------
Die Analysen der ScreenOS-Updates fördern vogelwilde Dinge zu Tage. So gab es zwei unabhängige Hintertüren. Die SSH-Backdoor kann dank des veröffentlichten Passworts jeder ausnutzen; die komplexere VPN-Lücke beruht wohl auf einer bekannten NSA-Backdoor.
---------------------------------------------
http://heise.de/-3051260




*** The many attacks on Zengge WiFi lightbulbs ***
---------------------------------------------
In August I decided to check out the cool new Internet Of Things. I bought a WiFi-enabled colorful LED lightbulb. It was a cheap Chinese one that costs almost nothing on Alibaba, but I paid probably around $50 on Amazon. It's built by a company called Zengge. It turned out that my new lightbulb was a router, an HTTP server, an HTTP proxy, and a lot more.
---------------------------------------------
http://blog.viktorstanchev.com/2015/12/20/the-many-attacks-on-zengge-wifi-lightbulbs/






More information about the Daily mailing list