[CERT-daily] Tageszusammenfassung - Dienstag 17-02-2015

Tue Feb 17 18:07:14 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 16-02-2015 18:00 − Dienstag 17-02-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8023
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0617
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0620


*** HITBSecConf2015 Amsterdam ***
---------------------------------------------
Held once again at De Beurs van Berlage, HITB2015AMS takes place from the 26th till the 29th of May 2015 and runs alongside HITB Haxpo - our 3-day technology expo for hackers, makers, builders and breakers.
---------------------------------------------
http://conference.hitb.org/hitbsecconf2015ams/


*** Anunak (aka Carbanak) Update ***
---------------------------------------------
... basically Anunak is the name the malware author gave to the main malware used in these attacks. Carbanak is the name the AV industry gave to this malware, which is a combination of the ..
---------------------------------------------
http://www.fox-it.com/en/press-releases/anunak-aka-carbanak-update/


*** HTTP Strict Transport Security comes to Internet Explorer ***
---------------------------------------------
As part of our ongoing commitment to help build an interoperable, secure web that just works, were excited to announce support for HTTP Strict Transport Security (HSTS) in Internet Explorer. This change can be previewed using Internet Explorer in the Windows 10 Technical Preview, and will come to Project Spartan in a later update.
---------------------------------------------
http://blogs.msdn.com/b/ie/archive/2015/02/16/http-strict-transport-security-comes-to-internet-explorer.aspx


*** TYPO3-EXT-SA-2015-005: Cross-Site Scripting in extension Gridelements (gridelements) ***
---------------------------------------------
The extension fails to properly escape user input in HTML context. Backend Editor permissions with access to any text field within any data table are required to exploit this vulnerability. 
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-005/


*** MongoDB: Tipps für sichere Benutzung veröffentlicht ***
---------------------------------------------
Nach Schlagzeilen über ungesicherte Online-Installationen der Datenbank MongoDB gibt der Hersteller der kommerziellen Variante Sicherheits-Empfehlungen. Sie zeigen, wie man die populäre Software ohne Datenleck übers Netz nutzen kann.
---------------------------------------------
http://www.heise.de/newsticker/meldung/MongoDB-Tipps-fuer-sichere-Benutzung-veroeffentlicht-2550645.html


*** TYPO3: Important Security-Bulletin Pre-Announcement ***
---------------------------------------------
A TYPO3 4.5.40 release containing a security fix will be published the day after tomorrow, Thursday 19th of February at about 10:00 am CET.
---------------------------------------------
http://typo3.org/news/article/important-security-bulletin-pre-announcement/


*** Bericht: Lightning-Anschluss gehackt ***
---------------------------------------------
Einem Entwickler hat es geschafft, den von Apple verwendeten Sicherheitschip für die Anschlusskabel von iPhone und Co. teilweise zu entschlüsseln und eine serielle Konsole aufzurufen. Das könnte zu ganz neuen Angriffsformen führen.
---------------------------------------------
http://heise.de/-2550921


*** Defeating TrueCrypt: Practical Attacks against TrueCrypt Security ***
---------------------------------------------
The need to defend confidentiality of our sensitive information against persistently rising cyber threats has turned most of us toward using encryption on a daily basis. This is facilitated by easy-to-use GUI tools like TrueCrypt that offer advanced encryption without hassles. TrueCrypt ..
---------------------------------------------
http://resources.infosecinstitute.com/defeating-truecrypt-practical-attacks-truecrypt-security/


*** SSA-315836 (Last Update 2015-02-17): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) V12 and V13 ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf


*** Vawtrack malware peddlers turn to malicious macros ***
---------------------------------------------
Cybercriminals spreading new versions of the Vawtrak banking Trojan are the latest ones to use the once again popular macro-based attack. Popular in the early 2000s, this type of attack was abandon...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=2967


*** APT Groups Emerging in Middle East ***
---------------------------------------------
Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But ..
---------------------------------------------
http://threatpost.com/apt-groups-emerging-in-middle-east/111124


*** Inside nls_933w.dll, the Equation APT Persistence Module ***
---------------------------------------------
The persistence module used by the Equation APT Group uncovered by researchers at Kaspersky Lab has been called the ultimate cyberattack tool.
---------------------------------------------
http://threatpost.com/inside-nls_933w-dll-the-equation-apt-persistence-module/111128


*** Keeping Up with SSL ***
---------------------------------------------
SSL is becoming an evermore important aspect of serving and consuming content on the Internet, so its only fit that Shodan extends the information that it gathers for every SSL-capable service. The banners for SSL services, such as HTTPS, have included the certificate in PEM format for a long time and youve been able to access that data through the REST API or real-time stream.
---------------------------------------------
https://blog.shodan.io/ssl-update/