[CERT-daily] Tageszusammenfassung - Freitag 16-01-2015

Fri Jan 16 18:09:32 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 15-01-2015 18:00 − Freitag 16-01-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Definitions matter. For crying out loud, securobods, BE SPECIFIC - ENISA ***
---------------------------------------------
Use your words or the DDoSers will GET you.... Definitions matter when your infrastructure is under threat says European Union Agency for Network and Information Security (ENISA).
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/01/15/if_you_want_your_infrastructure_to_be_secure_sort_out_your_language_says_enisa/


*** Critical Patch Update - January 2015 - Pre-Release Announcement ***
---------------------------------------------
This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2015, which will be released on Tuesday, January 20, 2015.  While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html


*** Google AdWords Campaigns Hijacked by Malvertisers ***
---------------------------------------------
Two Google AdWords campaigns have been hijacked by malvertisers and users are being redirected to fraud sites without even clicking the poisoned ads.
---------------------------------------------
http://threatpost.com/google-adwords-campaigns-hijacked-by-malvertisers/110457


*** Telekom-Tools für sichere Server-Konfiguration ***
---------------------------------------------
Die Telekom nimmt Admins an die Hand und liefert kostenlose Tools, die bei der Härtung von nginx, MySQL und Co. helfen.
---------------------------------------------
http://heise.de/-2517840


*** Sicherheitsfirmen warnen vor "Je Suis Charlie"-Trojaner ***
---------------------------------------------
Vermeintliches Solidaritätsvideo lädt tatsächlich Schadsoftware auf den Rechner
---------------------------------------------
http://derstandard.at/2000010489196


*** Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse ***
---------------------------------------------
In particular we reveal that, even though 95 percent of the popular domains we investigated are actively targeted by typosquatters, only few trademark owners protect themselves against this practice by proactively registering their own typosquatting domains. A small fraction of those typosquatted domains -- such as gooogle.com for google.com -- were registered by the legitimate website in a bid to foil typosquatters.
---------------------------------------------
https://lirias.kuleuven.be/bitstream/123456789/471369/3/typos-final.pdf


*** Employee Threat Assessment Template for Large Organizations ***
---------------------------------------------
Despite the popular image of the hacker cracking distant servers from his basement, studies show that people with legitimate access to your information pose an even bigger threat. And when information is stolen from within, it's often harder to trace and determine the extent of the problem. The larger your [...]The post Employee Threat Assessment Template for Large Organizations appeared first on InfoSec Institute.
---------------------------------------------
http://resources.infosecinstitute.com/employee-threat-assessment-template-large-organizations/


*** Details zur kritischen Lücke im Telnet-Server von Windows ***
---------------------------------------------
Auf einer chinesischen Website ist eine detaillierte Analyse der gerade erst gepatchten Telnet-Lücke aufgetaucht - und ein Proof-of-Concept.
---------------------------------------------
http://heise.de/-2518951


*** Cisco Adaptive Security Appliance DHCPv6 Relay Denial of Service Vulnerability ***
---------------------------------------------
CVE-2015-0578
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0578


*** Cisco Hosted WebEx Meeting Center Information Disclosure ***
---------------------------------------------
CVE-2015-0590
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590


*** T-Mobile Internet Manager UpdateCfg.ini SEH buffer overflow ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99945


*** Alienvault OSSIM Web UI command execution ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99951


*** Arbiter Systems 1094B GPS Clock Spoofing Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a GPS clock spoofing vulnerability in the Arbiter Systems 1094B clock.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-14-345-01


*** GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation ***
---------------------------------------------
This advisory provides mitigation details for a memory access violation vulnerability in GE's CIMPLICITY CimView application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02


*** Windows: Impersonation Check Bypass With CryptProtectMemory and CRYPTPROTECTMEMORY_SAME_LOGON flag ***
---------------------------------------------
Platform: Windows 7, 8.1 Update 32/64 bit Class: Security Bypass/Information Disclosure The function CryptProtectMemory allows an application to encrypt memory for one of three scenarios, process, logon session and computer. When using the logon session option (CRYPTPROTECTMEMORY_SAME_LOGON flag) the encryption key is generated based on the logon session identifier, this is for sharing memory between processes running within the same logon.
---------------------------------------------
https://code.google.com/p/google-security-research/issues/detail?id=128


*** DSA-3129 rpm - security update ***
---------------------------------------------
Two vulnerabilities have been discovered in the RPM package manager.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3129


*** Information Disclosure in Direct Mail Subscription (direct_mail_subscription) ***
---------------------------------------------
It has been discovered that the extension "Direct Mail Subscription" (direct_mail_subscription) is susceptible to Information Disclosure.
---------------------------------------------
http://www.typo3.org/news/article/information-disclosure-in-direct-mail-subscription-direct-mail-subscription/


*** WiFi File Browser Pro v2.0.8 Code Execution Vulnerability ***
---------------------------------------------
Topic: WiFi File Browser Pro v2.0.8 Code Execution Vulnerability Risk: High Text:Document Title: WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability References (Source): == http:/...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015010087