[CERT-daily] Tageszusammenfassung - Freitag 23-01-2015

Fri Jan 23 18:09:22 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 22-01-2015 18:00 − Freitag 23-01-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Malvertising leading to Flash Zero Day via Angler Exploit Kit ***
---------------------------------------------
Background As part of our daily research activity, we came across this blog mentioning an Angler Exploit Kit (EK) instance serving a possible zero day Adobe Flash exploit ..
---------------------------------------------
http://research.zscaler.com/2015/01/malvertising-leading-to-flash-zero-day.html


*** UPDATED: Security updates available for Adobe Flash Player (APSB15-02) ***
---------------------------------------------
A Security Bulletin (APSB15-02) has been published regarding security updates for Adobe Flash Player. These updates address a vulnerability (CVE-2015-0310) that ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1157


*** New RATs Emerge from Leaked Njw0rm Source Code ***
---------------------------------------------
In the middle of my research on the remote access Trojan (RAT) known as 'njrat' or 'Njw0rm', I stumbled upon dev-point.com, a site that disguises itself as a site for 'IT enthusiasts' but actually hosts various downloaders, different types of spyware, and RATs. I explored the site and found that they host ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code


*** Multiple vulerabilities in McAffee products ***
---------------------------------------------
http://www.securitytracker.com/id/1031618
http://www.securitytracker.com/id/1031617
http://www.securitytracker.com/id/1031616


*** Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication ***
---------------------------------------------
A critical cross-site scripting (XSS) vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about ..
---------------------------------------------
http://thehackernews.com/2015/01/google-account-hacking.html


*** Google veröffentlicht weitere OS-X-Lücken ***
---------------------------------------------
Im vergangenen Jahr gegründet, dreht Googles Project Zero derzeit so etwas wie eine Vorstellungstour bei den großen Softwareherstellern. Wenn auch wohl nicht ganz in deren Sinne. Nach einer Reihe von Fehlern in Microsofts Windows, ist nun offenbar Apples OS X an der Reihe.
---------------------------------------------
http://derstandard.at/2000010780464


*** Microsoft lässt Server-2003-Lücke ungepatcht ***
---------------------------------------------
Eine Sicherheitslücke im Netzwerkerkennungsdienst NLA von Windows Server 2003 wird nicht geschlossen, obwohl das Betriebssystem eigentlich noch Sicherheitsupdates erhalten sollte.
---------------------------------------------
http://heise.de/-2526994


*** Scareware App Downloaded Over a Million Times from Google Play ***
---------------------------------------------
We have recently been investigating an antivirus app in the Google Play store that was displaying fake virus detection results to scare users into purchasing ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/01/scareware-app-downloaded-million-times-google-play/


*** Adobe will Flash-Lücke erst nächste Woche schliessen ***
---------------------------------------------
Im Flash Player klafft eine kritische Lücke, über die Angreifer das System komplett übernehmen können. Diese wird bereits aktiv ausgenutzt. Adobe will sich trotzdem bis nächste Woche mit dem Patch Zeit lassen.
---------------------------------------------
http://heise.de/-2527107


*** The Likelihood of Cyber-Terrorism Today ***
---------------------------------------------
Introduction The virtual space has over time become something of real importance for business, politics, work, communities and communications. In becoming gradually more and more dependent and addicted to the Internet, ..
---------------------------------------------
http://resources.infosecinstitute.com/likelihood-cyber-terrorism-today/


*** How Vulnerabilities Happen: Input Validation Problems, (Fri, Jan 23rd) ***
---------------------------------------------
We would like to thank Richard Ackroyd of RandomStormfor reporting a critical input validation error in our site to us. As we have done before, here is how it happened so hopefully you can learn from it as well. Lets start with a bit of ,,
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19221


*** The Internet of Gas Station Tank Gauges ***
---------------------------------------------
Automated tank gauges (ATGs) are used to monitor fuel tank inventory levels, track deliveries, raise alarms that indicate problems with the tank or gauge (such as a fuel spill), and to perform leak tests in accordance with environmental regulatory ..
---------------------------------------------
https://community.rapid7.com/community/infosec/blog/2015/01/22/the-internet-of-gas-station-tank-gauges


*** Siemens SIMATIC S7-1200 CPU Web Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for an open redirect vulnerability in the SIMATIC S7-1200 CPU family.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-022-01


*** 1&1: Kundenportal akzeptierte jedes Passwort ***
---------------------------------------------
Durch eine schwerwiegende Panne stand ein Reseller-Kundenportal von 1&1 sperrangelweit offen. Mit einem beliebigen Passwort bekam man administrativen Zugriff auf Hosting-Pakete und Domains - offenbar sogar auf 1und1.de, gmx.de und web.de.
---------------------------------------------
http://heise.de/-2527421


*** Deja vu: PHP-Entwickler schliessen Sicherheitslücke zum zweiten Mal ***
---------------------------------------------
Sicherheitsforscher Stefan Esser hat wieder zugeschlagen: Dieses Mal musste er eine von ihm entdeckte Lücke zweimal stopfen lassen. Diese erlaubt es, PHP-Applikationen unter bestimmten Bedingungen aus der Ferne anzugreifen.
---------------------------------------------
http://heise.de/-2527525