[CERT-daily] Tageszusammenfassung - Donnerstag 15-01-2015

Thu Jan 15 18:16:21 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 14-01-2015 18:00 − Donnerstag 15-01-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** CryptoWall 3.0 Uses I2P Anonymity Network For CC Communications (SecurityWeek) ***
---------------------------------------------
Almost two months have passed since the developers of CryptoWall released an updated version of the threat, but now they’re back to work. The malware, distributed via spam and malvertising campaigns, helped cybercriminals make a lot of money last year so it’s not surprising that its authors continue improving it.
---------------------------------------------
http://www.securityweek.com/cryptowall-30-uses-i2p-anonymity-network-cc-communications


*** AdSense Abused with Malvertising Campaign ***
---------------------------------------------
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some "magazine" websites. Most of them mentioned the lemode-mgz .com site. In all cases, the symptoms were the same. Some users randomly got redirected when they clicked on links or loaded new pages. They all reported...
---------------------------------------------
http://blog.sucuri.net/2015/01/adsense-abused-with-malvertising-campaign.html


*** Anatomy Of A Cyber-Physical Attack (Dark Reading) ***
---------------------------------------------
"If you only consider hackers, you don’t have to be concerned that much. They won't be able to take down a power grid or blow up chemical facilities," says Ralph Langer, founder of Langner Communications and a top Stuxnet expert. The danger is when attackers have an understanding of the physical and engineering aspects of the plant or site they are targeting, he says.
---------------------------------------------
http://www.darkreading.com/vulnerabilities---threats/anatomy-of-a-cyber-physical-attack-/d/d-id/1318624?_mc=RSS_DR_EDT


*** Kritik an Apples Zwei-Faktor-Schutz ***
---------------------------------------------
Apples zweistufige Bestätigung deckt mehrere Cloud-Dienste des Konzerns gar nicht ab, bemängelt eine Nutzerin - ein Angreifer könne auf diese Weise tiefe Einblicke erhalten.
---------------------------------------------
http://heise.de/-2517903


*** Private Schlüssel: Gitrob sucht sensible Daten bei Github ***
---------------------------------------------
Immer wieder tauchen Daten wie private Schlüssel oder Passwörter in Github-Repositories auf. Mit Hilfe von Gitrob sollen diese gefunden werden können, um sich besser zu schützen. Das öffnet aber auch die Möglichkeiten für einen interessanten Angriff.
---------------------------------------------
http://www.golem.de/news/private-schluessel-gitrob-sucht-sensible-daten-bei-github-1501-111728-rss.html


*** Security and Military Experts Fall For "Open" Wi-Fi ***
---------------------------------------------
According to The Local, an English-language newspaper in Sweden, Gustav Nipe watched earlier this week as around 100 politicians, military officers and journalists logged into a network called “Open Guest” and proceeded to search for various non-work-related things including “forest hikes” and monitor eBay auctions.
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002783.html


*** ATM: Attacking Multichannel Fraud (InfoRiskToday) ***
---------------------------------------------
The increasing globalization of fraud perpetrated by sophisticated organized crime rings has spurred unprecedented growth in cross-channel attacks, security experts from three of the world's leading ATM manufacturers say.
That's why ATM deployers can no longer build defenses that focus solely on the ATM channel, executives from Diebold Inc., Wincor Nixdorf AG and NCR Corp. say in this final part of an exclusive three-part interview with Information Security Media Group.
---------------------------------------------
http://www.inforisktoday.com/interviews/atm-attacking-multichannel-fraud-i-2551


*** Patchday: Adobe schließt neun Lücken in Flash ***
---------------------------------------------
Die Lücken, die Adobe nun in Flash geschlossen hat, betreffen alle Plattformen. Nutzer sollten die Updates schnellstmöglich installieren, da sie Angriffe aus dem Netz ermöglichen.
---------------------------------------------
http://heise.de/-2517426


*** Cybercrime: Hacking als aufstrebender Wirtschaftszweig in Österreich ***
---------------------------------------------
Internet-Sicherheitsbericht 2014 präsentiert - Ungeschützte Smartphones und Tablets als Ziele
---------------------------------------------
http://derstandard.at/2000010445114


*** JSA10669 - 2015-01 Security Bulletin: Junos: Multiple vulnerabilities in libxml2 library ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10669&actp=RSS


*** JSA10667 - 2015-01 Security Bulletin: Junos: Privilege escalation vulnerability (CVE-2014-6384) ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10667&actp=RSS


*** Cisco Identity Services Engine Cross-Site Scripting Vulnerability ***
---------------------------------------------
CVE-2014-8022
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022


*** Cisco Unified Communications Domain Manager Admin GUI DoS Vulnerability ***
---------------------------------------------
CVE-2015-0591
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0591


*** Simple Security plugin for WordPress wp-admin/users.php script cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99931


*** SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS) - Unsupported ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-022Project: nodeauthor (third-party module)Version: 7.xDate: 2015-January-14Security risk: 12/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescriptionThis module displays node author information in a jQuery slider.The module doesnt sufficiently sanitize Profile2 fields in a provided block.This vulnerability is mitigated by the fact that an attacker must have a user account allowed to
---------------------------------------------
https://www.drupal.org/node/2407401


*** SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-021Project: Content Analysis (third-party module)Version: 6.xDate: 2014-January-14Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThe Content Analysis module is an API designed to help modules that need to analyze content.The module fails to sanitize user input in log messages, leading to a Cross Site Scripting (XSS) vulnerability.This vulnerability is mitigated by the fact
---------------------------------------------
https://www.drupal.org/node/2407395


*** SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-020Project: Contact form fields (third-party module)Version: 6.xDate: 2014-January-14Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryDescriptionThe Contact Form Fields module enables you to create additional fields to site-wide contact form.Some links were not properly protected from CSRF. A malicious user could cause an administrator to delete fields by getting the
---------------------------------------------
https://www.drupal.org/node/2407357


*** SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-018Project: Video (third-party module)Version: 7.xDate: 2015-January-14Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescriptionThis module enables you to upload, convert and playback videos.The module doesnt sufficiently sanitize node titles when using the video WYSIWYG plugin, thereby opening a Cross Site Scripting (XSS) vulnerability.This vulnerability is mitigated by
---------------------------------------------
https://www.drupal.org/node/2407341


*** SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-015Project: Term merge (third-party module)Version: 7.xDate: 2015-January-14Security risk: 12/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionThis module enables you to merge (synonymous) taxonomy terms among themselves.The module doesnt sufficiently filter user input under certain conditions, thereby opening a Cross Site Scripting (XSS) vulnerability.This vulnerability is
---------------------------------------------
https://www.drupal.org/node/2407315


*** PHPKIT result cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99904