[CERT-daily] Tageszusammenfassung - Mittwoch 14-01-2015

Wed Jan 14 18:10:43 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 13-01-2015 18:00 − Mittwoch 14-01-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** AMD plugs firmware holes that allowed command injection ***
---------------------------------------------
Bug your notherboard vendor for a fix, says boffin VID Chip maker AMD has patched holes across its firmware lines that could allow hackers to inject malware.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/01/14/amd_plugs_chip_firmware_holes/


*** Hintergrund: Universeller SSL-Tester SSLyze ***
---------------------------------------------
SSL mit Kommandozeilen-Tools von Hand zu testen, ist mühselig; SSLyze nimmt Admins viel dieser Arbeit ab.
---------------------------------------------
http://www.heise.de/security/artikel/Universeller-SSL-Tester-SSLyze-2470008.html


*** Patchday: Microsoft stopft acht Lücken in Windows ***
---------------------------------------------
Am Januar-Patchday überrascht die Firma damit, ausschließlich Lücken in Windows zu schließen. Für den Internet Explorer wird lediglich ein Patch vom Dezember noch einmal aufgewärmt.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Patchday-Microsoft-stopft-acht-Luecken-in-Windows-2517423.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** MMD-0030-2015 New ELF malware on Shellshock: the ChinaZ ***
---------------------------------------------
BackgroundThe bash Shellshock vulnerability is still proven to be one of the fastest way to spread ELF malware infection to NIX boxes in internet, along with Linux system that is still serving the vulnerable version. This fact that is not knowing only by internet security folks, but by the threat actors themself. Previously we announced linux/Mayhem malwarere was utilizing the shellshock previously, and now ELF malware actors in China is starting to utilized set of tools to spread more...
---------------------------------------------
http://blog.malwaremustdie.org/2015/01/mmd-0030-2015-new-elf-malware-on.html


*** Security updates available for Adobe Flash Player ***
---------------------------------------------
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. ... CVE number: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309
---------------------------------------------
http://helpx.adobe.com/security/products/flash-player/apsb15-01.html


*** Asus schließt kritische Router-Lücke ***
---------------------------------------------
Liefert wenige Tage nach Bekanntwerden Updates für zahlreiche Geräte
---------------------------------------------
http://derstandard.at/2000010378742


*** Amsterdam 2015 FIRST Technical Colloquium ***
---------------------------------------------
The FIRST Amsterdam Technical Colloquium (TC) 2015 will be hosted by Cisco Systems in Amsterdam, Netherlands. The event will be a plenary style conference held on the 5th and 6th of May 2015, with optional, free training sessions on May 4th. FIRST is looking for speakers that would like to present at this Technical Colloquium. This is a GREAT opportunity to give something back to FIRST and the industry, while practicing your speaking skills and sharing your hard work.
---------------------------------------------
http://www.first.org/events/colloquia/amsterdam2015


*** At this rate it will hit the launch codes in... 5.3 minutes. ***
---------------------------------------------
Hello everyone, in this post I would like to analyze an Android application which purpose is to manage and generate passwords securely. On their Play Store page they claim to use DES to encrypt passwords on local device and that DES key is derivated from you PIN code...
---------------------------------------------
https://bughardy.me/at-this-rate-it-will-hit-the-launch-codes-in-5-3-minutes/


*** MSRT January 2015 - Dyzap ***
---------------------------------------------
This month we added the Win32/Emotet and Win32/Dyzap malware families to the Malicious Software Removal Tool. Both Emotet and Dyzap are trojans that steal personal information, including banking credentials. In a previous blog we detailed how Emotet targets German-language banking websites. In this blog, we will focus on Dyzap - another prevalent banking trojan that predominantly targets English-speaking countries. Dyzap variants target credentials for online banking, crypto...
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/01/13/msrt-january-2015-dyzap.aspx


*** 4 Mega-Vulnerabilities Hiding in Plain Sight (Dark Reading) ***
---------------------------------------------
How four recently discovered, high-impact vulnerabilities provided "god mode" access to 90% of the Internet for 15 years, and what that means for the future.
---------------------------------------------
http://www.darkreading.com/vulnerabilities---threats/4-mega-vulnerabilities-hiding-in-plain-sight-/a/d-id/1318610


*** Phony Oracle Patches Making the Rounds ***
---------------------------------------------
Attackers are circulating fake fixes for Oracle error messages and the company is warning users not to download any patches that don't come directly from Oracle.
---------------------------------------------
http://threatpost.com/phony-oracle-patches-making-the-rounds/110415


*** Akamai: Probleme mit alten SSL-Implementierungen ***
---------------------------------------------
Akamai verarbeitet eine Billiarde an Verbindungen pro Jahr. Brian Sniffen gibt Einblicke, was das bedeutet - und welche Schwierigkeiten darin bestehen, alte SSL-Implementierungen auszusperren. (Akamai, Android)
---------------------------------------------
http://www.golem.de/news/akamai-probleme-mit-alten-ssl-implementierungen-1501-111705-rss.html


*** JSA10670 - 2015-01 Security Bulletin: Junos: Malformed BGP FlowSpec prefix triggers rpd crash (CVE-2014-6386) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10670&actp=RSS


*** JSA10668 - 2015-01 Security Bulletin: Junos: Fragmented OSPFv3 packets with IPsec AH may trigger kernel crash (CVE-2014-6385) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10668&actp=RSS


*** JSA10666 - 2015-01 Security Bulletin: Junos: Firewall filter fails to match on port (CVE-2014-6383) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10666&actp=RSS


*** JSA10665 - 2015-01 Security Bulletin: Junos: jpppd core when MX Series router receives crafted PAP Authenticate-Request (CVE-2014-6382) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10665&actp=RSS


*** Cisco ASA DHCPv6 Relay DoS Vulnerability ***
---------------------------------------------
CVE-2015-0578
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0578


*** Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability ***
---------------------------------------------
CVE-2015-0579
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0579


*** Cisco AsyncOS ISQ XSS Vulnerability ***
---------------------------------------------
CVE-2015-0577
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0577


*** Cisco AnyConnect User Interface Dialog Rendered When Connecting to Arbitrary Hosts Vulnerability ***
---------------------------------------------
CVE-2014-3314
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314


*** VU#117604: Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication ***
---------------------------------------------
Vulnerability Note VU#117604 Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication Original Release date: 13 Jan 2015 | Last revised: 13 Jan 2015   Overview Panasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data.  Description CWE-319: Cleartext Transmission of Sensitive InformationPanasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data between the client and server. It has been reported that Active Directory
---------------------------------------------
http://www.kb.cert.org/vuls/id/117604


*** Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1031533


*** Foxit MobilePDF 4.4.0 Local File Inclusion / Arbitrary File Upload ***
---------------------------------------------
Topic: Foxit MobilePDF 4.4.0 Local File Inclusion / Arbitrary File Upload Risk: High Text:Document Title: Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References (Source): == http://w...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015010071


*** Lexmark MarkVision Enterprise Arbitrary File Upload ***
---------------------------------------------
This module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the fdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.
---------------------------------------------
http://www.exploit-db.com/exploits/35776/


*** Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness ***
---------------------------------------------
This tool checks whether a BMC machine is vulnerable to CVE-2014-8272 (http://www.kb.cert.org/vuls/id/843044) by logging the TemporarySessionID/SessionID in each IPMI v1.5 session, and checking that these values are incremental...
---------------------------------------------
http://www.exploit-db.com/exploits/35770/


*** Simple Security <= 1.1.5 - Two Cross-Site Scripting (XSS) Vulnerabilities ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7753