[CERT-daily] Tageszusammenfassung - Donnerstag 12-02-2015

Thu Feb 12 18:06:01 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 11-02-2015 18:00 − Donnerstag 12-02-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Advantech EKI-1200 Buffer Overflow ***
---------------------------------------------
This advisory provides mitigation details for a buffer overflow vulnerability in Advantech EKI-1200 product line.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-041-01


*** MSRT February: Escad and NukeSped ***
---------------------------------------------
This month we added three new families to the Microsoft Malicious Software Removal Tool (MSRT) to help protect our customers: Win32/Escad, Win32/Jinupd and Win32/NukeSped. While this blog focuses on Escad and NukeSped, we want to note that Jinupd is point-of-sale malware that steals sensitive data, such as credit card information and sends it to a malicious hacker.  The Escad and NukeSped malware families have backdoor capabilities that have been used as part of targeted attacks.
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/02/10/msrt-february-escad-and-nukesped.aspx


*** February 2015 Updates ***
---------------------------------------------
Today, as part of Update Tuesday, we released nine security bulletins - three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software.  We encourage you to apply all of these updates. 
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2015/02/10/february-2015-updates.aspx


*** A Crypto Trick That Makes Software Nearly Impossible to Reverse-Engineer ***
---------------------------------------------
Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It's also what allows those same hackers' dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder. 
---------------------------------------------
http://feeds.wired.com/c/35185/f/661467/s/434d3df8/sc/4/l/0L0Swired0N0C20A150C0A20Ccrypto0Etrick0Emakes0Esoftware0Enearly0Eimpossible0Ereverse0Eengineer0C/story01.htm


*** Decrypting TLS Browser Traffic With Wireshark - The Easy Way ***
---------------------------------------------
It turns out that Firefox and the development version of Chrome both support logging the symmetric session key used to encrypt TLS traffic to a file. You can then point Wireshark at said file and presto! decrypted TLS traffic. Read on to learn how to set this up.
---------------------------------------------
https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/


*** Elasticsearch vulnerability CVE-2015-1427 ***
---------------------------------------------
Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. We have been assigned CVE-2015-1427 for this. ... 
CVSS: Overall CVSS score: 5.8
---------------------------------------------
http://www.securityfocus.com/archive/1/534689


*** NIST requests final comments on ICS security guide ***
---------------------------------------------
Included in the final draft are updates on ICS vulnerabilities and risk management practices, along with information on security capabilities and tools for industrial control systems. Also added to the guide were methods for aligning guidance with other ICS security standards and guidelines.
---------------------------------------------
http://www.scmagazine.com/nist-requests-final-comments-on-ics-security-guide/article/397751/


*** Pannen-Patch: Microsoft probierts noch mal ***
---------------------------------------------
Unangekündigt hat Microsoft erneut damit begonnen, den Patch KB3001652 über Windows Update zu verteilen. Im ersten Anlauf hatte das Unternehmen damit zahlreiche Rechner lahm gelegt. Unterdessen beschweren sich Nutzer über einen weiteren Patch.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Pannen-Patch-Microsoft-probierts-noch-mal-2548229.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** Cisco Security Advisories ***
---------------------------------------------
Cisco IOS Software Access Control List Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0610
---------------------------------------------
Cisco Adaptive Security Appliance WebVPN Embedded Web Server Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0619
---------------------------------------------