[CERT-daily] Tageszusammenfassung - Montag 16-02-2015

Mon Feb 16 18:08:24 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 13-02-2015 18:00 − Montag 16-02-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client ***
---------------------------------------------
Another patch released by Microsoft this month is causing problems. This time it is KB3023607,which was supposed to mitigate the POODLE vulnerability. Once applied, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19331


*** PostgreSQL Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Deny Service ***
---------------------------------------------
Several vulnerabilities were reported in PostgreSQL. A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can cause denial of service conditions. A remote authenticated user can obtain ..
---------------------------------------------
http://www.securitytracker.com/id/1031742


*** SSA-234789 (Last Update 2015-02-13): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) V13 ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf


*** PowerShell: Better phishing for all! ***
---------------------------------------------
PowerShell is able to import functions from any DLL, this allows you to use functions like VirtualAlloc, memset and CreateThread. This will allow you to allocate executable memory, fill it with your program and execute it.
---------------------------------------------
http://d.uijn.nl/?p=116


*** Analysis of the Fancybox-For-WordPress Vulnerability ***
---------------------------------------------
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the details explaining how attackers could use this ..
---------------------------------------------
http://blog.sucuri.net/2015/02/analysis-of-the-fancybox-for-wordpress-vulnerability.html


*** Probleme mit Windows RT: Microsoft zieht PowerPoint-Patch zurück ***
---------------------------------------------
Per Patch wollte Microsoft die Stabilität von PowerPoint verbessern. Nutzer von Windows RT-Geräten hatten jedoch nach der Installation des Patches berichtet, dass sich Powerpoint nicht mehr starten lasse. Jetzt hat Microsoft den Patch zurückgezogen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Probleme-mit-Windows-RT-Microsoft-zieht-PowerPoint-Patch-zurueck-2550170.html


*** Sicherheitslücke in Gruppenrichtlinien: Mit dem Patchen allein ist es nicht getan ***
---------------------------------------------
Admins aufgepasst: Eines der am Februar-Patchday ausgelieferten Updates schützt nur, wenn man eine Reihe von Anweisungen befolgt. Tut man das nicht, bleibt die Infrastruktur für Man-in-the-Middle-Angriffe anfällig.
---------------------------------------------
http://heise.de/-2550209


*** The Great Bank Heist, or Death by 1,000 Cuts? ***
---------------------------------------------
I received a number of media requests and emails from readers over the weekend to comment on a front-page New York Times story about an organized gang of cybercriminals pulling off 'one of the largest bank heists ever.' Turns out, I reported on this gang's activities in December 2014, although my story ran minus many of the superlatives in the Times piece.
---------------------------------------------
http://krebsonsecurity.com/2015/02/the-great-bank-heist-or-death-by-1000-cuts/


*** The research: Mobile Internet traffic hijacking via GTP and GRX ***
---------------------------------------------
Most users assume that mobile network access is much safer because a big mobile-telecoms provider will protect subscribers. Unfortunately, as practice shows, mobile Internet is a great opportunity for the attacker.
---------------------------------------------
http://blog.ptsecurity.com/2015/02/the-research-mobile-internet-traffic.html


*** Angriffsziel Bitcoinbörse: Bter und Exco.in gehackt ***
---------------------------------------------
Die Jagdsaison auf Bitcoinbörsen scheint wieder loszugehen: Unbekannte haben die Handelsplattform Bter um Coins im Wert von fast 1,5 Millionen Euro erleichtern können. Die Börse Exco.in wurde gleich aller Bitcoins beraubt.
---------------------------------------------
http://heise.de/-2550175