[CERT-daily] Tageszusammenfassung - Mittwoch 4-02-2015

Wed Feb 4 18:07:38 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 03-02-2015 18:00 − Mittwoch 04-02-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** New Wave of CTB-Locker/Critroni Ransomware Hitting Victims ***
---------------------------------------------
There is a new wave of attacks delivering the CTB-Locker or Critroni crypto ransomware, arriving through spam messages with a variety of lures in several different countries. CTB-Locker is one of the newer variants in the crypto ..
---------------------------------------------
http://threatpost.com/new-wave-of-ctb-lockercritroni-ransomware-hitting-victims/110820


*** Advisory - Dangerous "nonce" leak in UpdraftPlus ***
---------------------------------------------
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If you're a user of the UpdraftPlus plugin for WordPress, now is the time to update. During ..
---------------------------------------------
http://blog.sucuri.net/2015/02/advisory-dangerous-nonce-leak-in-updraftplus.html/


*** UpdraftPlus <= 1.9.50 - Privilege Escalation ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7781


*** 1,800 Domains Overtaken by Flash Zero Day ***
---------------------------------------------
Researchers at Cisco say that a Flash zero day exploit has compromised 1,800 domains, the majority of those during a 48-hour period last week.
---------------------------------------------
http://threatpost.com/1800-domains-overtaken-by-flash-zero-day/110835


*** Multiple vulnerabilities in Cisco Unified IP Phone 9900 ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0601
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0603
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604


*** MIT Kerberos Multiple Flaws in kadmind Let Remote Users Obtain Potentially Sensitive Information and Remote Authenticted Users Execute Arbitrary Code ***
---------------------------------------------
MIT Kerberos Multiple Flaws in kadmind Let Remote Users Obtain Potentially Sensitive Information and Remote Authenticted Users Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1031691


*** Siemens SCALANCE X-200IRT Switch Family User Impersonation Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a user impersonation vulnerability in the Siemens SCALANCE X-200IRT Switch Family.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-034-01


*** Siemens Ruggedcom WIN Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for multiple vulnerabilities in the Siemens Ruggedcom WIN firmware.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-034-02


*** An In-depth analysis of the Fiesta Exploit Kit: An infection in 2015 ***
---------------------------------------------
A while ago I blogged about the Fiesta exploit kit, this was back in September 2013 [Fiesta Exploit Kit analysis serving MSIE exploit CVE-2013-2551] in this blog I focused on the integration of the MSIE exploit and parts of the landing page.
---------------------------------------------
http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploit-kit-an


*** Play Store: Weit verbreitete Apps zeigen Adware verzögert an ***
---------------------------------------------
Apps aus Googles Play Store mit Downloadzahlen von stellenweise über 5 Millionen beinhalten Adware, die den Nutzer zu dubiosen Appstores oder Anwendungen mit Premium-SMS-Versand weiterleiten. Interessant ist dabei die Art und Weise, wie die Werbung an den Nutzer gebracht wird. 
---------------------------------------------
http://www.golem.de/news/play-store-weit-verbreitete-apps-zeigen-adware-verzoegert-an-1502-112136.html


*** Threat Analysis Template For BYOD Applications ***
---------------------------------------------
Your IT department is certainly not at a loss when it comes to worrying about BYOD applications. Indeed, the list of threats to enterprise applications and the data they contain is a long one, and security professionals are ..
---------------------------------------------
http://resources.infosecinstitute.com/threat-analysis-template-byod-applications/


*** So schützen Sie sich vor der Flash-Lücke ***
---------------------------------------------
Während Adobe weiterhin keine konkreten Schutzmaßnahmen kennt oder nennt, rät das BSI ganz klar zur Deinstallation des Flash Player. Wer nicht handelt und Flash weiterhin aktiv lässt, geht ein großes Risiko ein.
---------------------------------------------
http://heise.de/-2539858


*** Cisco WebEx Meetings Server Command Injection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx


*** Pawn Storm Update: iOS Espionage App Found ***
---------------------------------------------
In our continued research on Operation Pawn Storm, we found one interesting poisoned pawn - spyware specifically designed for espionage on iOS devices. While spyware targeting Apple users is highly notable by itself, this particular spyware is also involved in a targeted attack. Background ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/