[CERT-daily] Tageszusammenfassung - Donnerstag 22-01-2015

Daily end-of-shift report team at cert.at
Thu Jan 22 18:09:00 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 21-01-2015 18:00 − Donnerstag 22-01-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** "Zero-Day"-Sicherheitslücke in Adobe Flash Player (aktiv ausgenützt) ***
---------------------------------------------
Wie der bekannte Sicherheitsforscher "Kafeine" in seinem Blog berichtet (http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html), scheint es eine neue, noch ungepatchte Sicherheitslücke im Adobe Flash Player zu geben, die aktiv von zumindest einem Exploit Kit ausgenützt wird. 
---------------------------------------------
https://cert.at/warnings/all/20150122.html




*** Security updates available for Adobe Flash Player (APSB15-02) ***
---------------------------------------------
A Security Bulletin (APSB15-02) has been published regarding security updates for Adobe Flash Player. These updates address a vulnerability (CVE-2015-0310) that could be used to circumvent memory randomization mitigations on the Windows platform. Adobe is aware of reports that an ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1157




*** Security Advisory - Vulnerabilities in Pagelines/Platform theme for WordPress ***
---------------------------------------------
Users of both the Pagelines and Platform themes should update as soon as possible. During a routine audit for our WAF, we found two dangerous issues: A Privilege Escalation vulnerability ..
---------------------------------------------
http://blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html




*** Tubrosa threat drives millions of views to scammers' YouTube gaming videos ***
---------------------------------------------
Cybercriminals are fraudulently earning advertising revenue by spreading click-fraud threat Trojan.Tubrosa, which sends compromised computers to their ..
---------------------------------------------
http://www.symantec.com/connect/blogs/tubrosa-threat-drives-millions-views-scammers-youtube-gaming-videos




*** CTB-Locker Ransomware Includes Freemium Feature, Extends Deadline ***
---------------------------------------------
Last July we came across a crypto-ransomware variant known as Critroni or Curve-Tor-Bitcoin (CTB) Locker. We observed recent improvements to the CTB malware, which now offer a 'free decryption' service, extended deadline to ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/ctb-locker-ransomware-includes-freemium-feature-extends-deadline/




*** Multiple vulnerabilities in third-party Drupal-modules ***
---------------------------------------------
https://www.drupal.org/node/2411737
https://www.drupal.org/node/2411539
https://www.drupal.org/node/2411527




*** Energy Harvesting: Tastatur erkennt Benutzer durch Eigenheiten beim Tippen ***
---------------------------------------------
Tippe, und ich sage dir, wer du bist: Forscher in den USA und China haben eine Tastatur entwickelt, die ihren Besitzer am Tippen erkennt. Das könnte eine Ergänzung zu herkömmlichen Passwörtern sein. Die Tastatur gewinnt per Energy Harvesting elektrische Energie aus den Tippbewegungen. 
---------------------------------------------
http://www.golem.de/news/energy-harvesting-tastatur-erkennt-benutzer-durch-eigenheiten-beim-tippen-1501-111865.html




*** Is 123456 Really The Most Common Password? ***
---------------------------------------------
I recently worked with SplashData to compile their 2014 Worst Passwords List and yes, 123456 tops the list. In the data set of 3.3 million passwords I used for SplashData, almost 20,000 of those were in fact 123456. But how often do you really see people using that, or the second most common ..
---------------------------------------------
https://xato.net/passwords/123456-common-password/




*** An analysis of Regins Hopscotch and Legspin ***
---------------------------------------------
Perhaps one of the most interesting things we observed in the Regin malware operation are the forgotten codenames for some of its modules. We decided to analyse two of these modules in more detail.
---------------------------------------------
http://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/




*** Confluence Security Advisory - 2015-01-21 ***
---------------------------------------------
We have discovered and fixed a vulnerability in our fork of WebWork. Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework. The attacker needs to have an account and be able to access the Confluence web interface.
---------------------------------------------
https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+-+2015-01-21




*** Yes, Every Freeware Download Site is Serving Crapware ***
---------------------------------------------
When we wrote about what happens when you install the top ten apps from CNET Downloads, about half of the comments were from people saying, 'Well you should download from a trusted source.' The only problem is that there isn't a freeware download site that is free of crapware or adware. And here's the result of our investigation to prove it.
---------------------------------------------
http://www.howtogeek.com/207692/yes-every-freeware-download-site-is-serving-crapware-heres-the-proof/?PageSpeed=noscript




*** Contact Form 3.82 - Unauthorized Language Manipulation ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7761




*** Dataurization of URLs for A More Effective Phishing Campaign ***
---------------------------------------------
Phishing with data: URIs is not a new idea. The concept is relatively simple, taking advantage of many user's inexperience with how data: URIs function in order to trick them into entering credentials into a phishing page. We've seen this ..
---------------------------------------------
https://thehackerblog.com/dataurization-of-urls-for-a-more-effective-phishing-campaign/


More information about the Daily mailing list