[CERT-daily] Tageszusammenfassung - Donnerstag 23-07-2015

Daily end-of-shift report team at cert.at
Thu Jul 23 18:18:32 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 22-07-2015 18:00 − Donnerstag 23-07-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Flash zero-day monster Angler dominates exploit kit crime market ***
---------------------------------------------
If only you could buy shares SophosLabs researcher Fraser Howard says the Angler exploit kit is dominating the highly-competitive underground malware market, growing from exploding a quarter to 83 percent of market share within nine months .
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/23/sophos_angler_ek/




*** Hintergrund: Das Geschäft mit den Zero Days ***
---------------------------------------------
Der Verkauf von bisher unbekannten Sicherheitslücken, sogenannten Zero Days, scheidet die Geister. Manche halten dieses Geschäft für unmoralisch, andere sagen, es sollte illegal sein. Vor allem ist es aber wohl sehr lukrativ.
---------------------------------------------
http://heise.de/-2757303




*** Security: Schwachstelle erlaubt lokale Rechteausweitung in OS X 10.10 ***
---------------------------------------------
Ein Fehler in Apples OS X 10.10.4 erlaubt es, sich administrative Privilegien zu verschaffen. Die Schwachstelle kann nur lokal ausgenutzt werden und wurde in der Beta von OS X 10.11 bereits behoben.
---------------------------------------------
http://www.golem.de/news/security-schwachstelle-erlaubt-lokale-rechteausweitung-in-os-x-10-10-1507-115388-rss.html




*** 3 important questions raised by Wired's car hack ***
---------------------------------------------
Wired.com broke a shocking but hardly surprising story on July 21st. The reporter was driving his Jeep on the highway when strange things started to happen. First the fan and radio went on and later the whole car came to a stop. On the highway! Andy Greenburg was not in control of the car anymore.
---------------------------------------------
http://safeandsavvy.f-secure.com/2015/07/23/3-important-questions-raised-by-wireds-car-hack/




*** Löchrige VMs: Den PGP-Schlüssel des Nachbarn klauen ***
---------------------------------------------
Teilt man sich auf einem virtuellen Server die gleiche Hardware mit anderen VMs, kann man diese ausspionieren. Dabei lassen sich auf überraschend vielen Wegen Side-Channel-Angriffe durchführen.
---------------------------------------------
http://heise.de/-2760695




*** Hacking Team: a zero-day market case study ***
---------------------------------------------
This article documents Hacking Teams third-party acquisition of zero-day (0day) vulnerabilities and exploits. The recent compromise of Hacking Teams email archive offers one of the first public case studies of the market for 0days. Because of its secretive nature, this market has been the source of endless debates on the ethics of its participants. The archive also offers insight into the capabilities and limits of offensive-intrusion software developers. Hacking Team was seriously exploit...
---------------------------------------------
http://tsyrklevich.net/2015/07/22/hacking-team-0day-market/




*** Securing Cookies using HTTP Headers ***
---------------------------------------------
In the previous articles in this series on defending against web attacks using HTTP headers, we have seen the usage of X-Frame-Options and X-XSS-Protection headers. In this article, we will see some HTTP headers to secure cookies. Introduction: Cookies are one of the most sensitive items during a user's session. An authentication cookie is as...
---------------------------------------------
http://resources.infosecinstitute.com/defending-against-web-attacks-using-http-headers-part-3/




*** Another Day, Another Patch ***
---------------------------------------------
FreeBSD users were treated this week to an interesting new denial of service attack vector. All supported versions of the OS are affected by the bug, which has now been patched. Junos OS, which is based on FreeBSD, is also affected. If you're a FreeBSD admin and you haven't patched, feel free to disappear now and do so. Don't worry, we'll be here when you're done -  Right, now that's out of the way, we can peruse the vulnerability at our leisure. The bug...
---------------------------------------------
https://blog.team-cymru.org/2015/07/another-day-another-patch/




*** SBA Afterworks Summer Special: Hacking Team Hacked? => Lessons Learned! ***
---------------------------------------------
August 06, 2015 - 5:00 pm - 6:00 pm SBA Research Favoritenstraße 16 1040 Wien
---------------------------------------------
https://www.sba-research.org/events/security-afterworks-hacking-team-hacked-lessons-learned/




*** Sicherheitsupdate für WordPress ***
---------------------------------------------
WordPress 4.2.3 stopft unter anderem ein Sicherheitsloch, durch die Nutzer mit bestimmten Rechten die gesamte Site kompromittieren können.
---------------------------------------------
http://heise.de/-2761788




*** Microsofts Advanced Threat Analytics soll Firmennetze schützen ***
---------------------------------------------
Microsoft will Firmennetze mit Advanced Threat Analytics gegen Angriffe und Eindringlinge wappnen. Die Software setzt am Active Directory an, soll lernfähig sein und präsentiert Verdächtiges in einer Zeitleiste.
---------------------------------------------
http://heise.de/-2761360




*** Cisco IOS Software TFTP Server Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp




*** Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp




*** Cisco Application Policy Infrastructure Controller Access Control Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic




*** Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40068




*** Security Advisory: PCRE library vulnerability CVE-2015-2325 ***
---------------------------------------------
(SOL16983)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/900/sol16983.html?ref=rss




*** Security Advisory: Multiple PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026 ***
---------------------------------------------
(SOL16993)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/900/sol16993.html?ref=rss




*** DSA-3312 cacti - security update ***
---------------------------------------------
Multiple SQL injection vulnerabilities were discovered in cacti, a webinterface for graphing of monitoring systems.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3312




*** DSA-3313 linux - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in the Linux kernel thatmay lead to a privilege escalation or denial of service.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3313




*** EMC Avamar Lets Remote Users Traverse the Directory to View Files on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1033026




*** USN-2676-1: NBD vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2676-122nd July, 2015nbd vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in NBD.Software description nbd - Network Block Device protocol  DetailsIt was discovered that NBD incorrectly handled IP address matching. Aremote attacker could use this issue with an IP address that has a partialmatch and bypass access restrictions. This...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2676-1/




*** Time Tracker - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-135 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-135Project: Time Tracker (third-party module)Version: 7.xDate: 2015-July-22Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Scripting, Multiple vulnerabilitiesDescriptionThis module enables you to track time on entities and comments.The module doesnt sufficiently filter notes added to time entries, leading to an XSS/JavaScript injection vulnerability. This vulnerability is mitigated by...
---------------------------------------------
https://www.drupal.org/node/2537866




*** OSF for Drupal - Critical - Multiple vulnerabilities - SA-CONTRIB-2015-134 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2015-134Project: OSF for Drupal (third-party module)Version: 7.xDate: 2015-July-22Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Scripting, Access bypass, Cross Site Request ForgeryDescriptionThe Open Semantic Framework (OSF) for Drupal is a middleware layer that allows structured data (RDF) and associated vocabularies (ontologies) to "drive" tailored tools and data displays within...
---------------------------------------------
https://www.drupal.org/node/2537860




*** FTC Uconnect Vulnerability ***
---------------------------------------------
NCCIC/ICS-CERT is aware of a public report and video of researchers demonstrating remote exploits on a magazine reporter's automobile. The report and video focus on unauthorized remote access to the Fiat Chrysler Automobile (FCA) Connect automotive infotainment system. ICS-CERT is issuing this alert to provide notice of this report and video, and that a patch is available from the FCA.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01




*** WordPress 4.2.3 Security and Maintenance Release ***
---------------------------------------------
July 23, 2015
---------------------------------------------
https://wordpress.org/news/2015/07/wordpress-4-2-3/




*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM WebSphere Real Time ***
http://www.ibm.com/support/docview.wss?uid=swg21962496

*** IBM Security Bulletin: Current Release of IBM SDK for Node.js in IBM Bluemix is affected by CVE-2015-5380 ***
http://www.ibm.com/support/docview.wss?uid=swg21962754

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Tealeaf Customer Experience (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21959030

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2015-4000, CVE-2015-0478, CVE-2015-1916). ***
http://www.ibm.com/support/docview.wss?uid=swg21962216

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK (CVE-2015-0478, CVE-2015-0488, and CVE-2015-1916) and with Diffie-Hellman ciphers (CVE-2015-4000) may affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID) ***
http://www.ibm.com/support/docview.wss?uid=swg21961812

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron (CVE-2015-0478, CVE-2015-0488) ***
http://www.ibm.com/support/docview.wss?uid=swg21961728

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Workload Deployer (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293) ***
http://www.ibm.com/support/docview.wss?uid=swg21962334

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2015-0410 and CVE-2014-6593) ***
http://www.ibm.com/support/docview.wss?uid=swg21962370


More information about the Daily mailing list