[CERT-daily] Tageszusammenfassung - Freitag 24-07-2015

Daily end-of-shift report team at cert.at
Fri Jul 24 18:11:25 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 23-07-2015 18:00 − Freitag 24-07-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Four Zero Days Disclosed in Internet Explorer Mobile ***
---------------------------------------------
[...] The four vulnerabilities originally were reported to Microsoft as affecting IE on the desktop, and later on it was discovered that they also affected IE Mobile on Windows Phones. Microsoft has patched all of the vulnerabilities in the desktop version of the browser, but the bugs remain open on IE Mobile. ZDI’s original advisories on these flaws said that they were zero days on Internet Explorer, as well. The company updated the advisories late Thursday to reflect the fact that the bugs only affect IE Mobile.
---------------------------------------------
http://threatpost.com/four-zero-days-disclosed-in-internet-explorer/113911




*** Fixing hundreds of websites in one day ***
---------------------------------------------
Remedying Angler infections in Switzerland In recent weeks the Angler exploit kit has become the dominating tool for DriveBy attacks. Cleaning Angler compromised web servers is a challenge which has been well mastered in Switzerland, thanks to the close collaboration...
---------------------------------------------
http://securityblog.switch.ch/2015/07/24/fixing-hundreds-of-websites-in-one-day/




*** The OpenSSH Bug That Wasnt ***
---------------------------------------------
Much has been written about a purported OpenSSH vulnerability. On closer inspection, the reports actually got most of their facts wrong. Read on for the full story.It all started with a blog post dated July 16, 2015, titled OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass), where the TL;DR is that its possible to get an almost infinite number of tries at authentication -- good for bruteforce password guessing, for example -- if you only tickle the...
---------------------------------------------
http://bsdly.blogspot.com/2015/07/the-openssh-bug-that-wasnt.html




*** Malicious Google Analytics Referral Spam ***
---------------------------------------------
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable websites to attack, bots can also cause a lot of confusion in your website traffic reporting systems. If you use analytics software on yourRead More The post Malicious Google Analytics Referral Spam appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2015/07/malicious-google-analytics-referral-spam.html




*** libuser vulnerabilities ***
---------------------------------------------
It was discovered that the libuser library contains two vulnerabilities which, in combination, allow unprivileged local users to gain root privileges. libuser is a library that provides read and write access to files like /etc/passwd, which constitute the system user...
---------------------------------------------
https://securityblog.redhat.com/2015/07/23/libuser-vulnerabilities/




*** Emerging Web Infrastructure Threats ***
---------------------------------------------
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
---------------------------------------------
http://www.darkreading.com/cloud/emerging-web-infrastructure-threats/d/d-id/1321443?_mc=RSS_DR_EDT




*** Boffins sting spooks with HORNET onion router ***
---------------------------------------------
Spies eyss will water with effort as they try to slice into 93 Gb/s Tor cousin Five academics have developed a Tor alternative network that can handle up to 93 Gb/s of traffic while maintaining privacy.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/24/hornet_highspeed_onion_routing_at_the_network_layer/




*** SANS ICS Amsterdam 2015 - 22-28 September, 2015 ***
---------------------------------------------
SANS ICS Amsterdam 2015 remains open for registration. This dedicated event for those tasked with securing Industrial Control Systems will be led by SANS ICS/SCADA Instructors and subject-matter experts from across the globe.
---------------------------------------------
https://www.sans.org/event/ics-amsterdam-2015




*** IT-Sicherheitsgesetz tritt in Kraft ***
---------------------------------------------
Das "Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme" bringt zunächst verschärfte Anforderungen für Serveradmins und Meldepflichten für Provider sowie Kernkraftwerksbetreiber mit sich.
---------------------------------------------
http://www.heise.de/newsticker/meldung/IT-Sicherheitsgesetz-tritt-in-Kraft-2762518.html?wt_mc=rss.ho.beitrag.rdf




*** How to manage PCI DSS 3.1 Requirement 6.6 for your web applications ***
---------------------------------------------
One of the PCI DSS 3.1 requirements is Requirement 6.6 dedicated to web application security. In this blog post we will try to understand how to comply with the requirement in cost-efficient manner.
---------------------------------------------
https://www.htbridge.com/blog/how-to-manage-pci-dss-3-1-requirement-6-6-for-your-web-applications.html




*** SweetCaptcha Returns Hijacking Another Plugin ***
---------------------------------------------
Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-party ad code to their scripts which lead to malvertising problems on the sites that used this CAPTCHA service. After that incident, the SweetCaptcha WordPress plugin had been removed from the official plugin repository.Read More The post SweetCaptcha Returns Hijacking Another Plugin appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2015/07/sweetcaptcha-returns-hijacking-another-plugin.html




*** DSA-3314 typo3-src - end of life ***
---------------------------------------------
Upstream security support for Typo3 4.5.x ended three months ago and thesame now applies to the Debian packages as well.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3314




*** userhelper/libuser Multiple vulns ***
---------------------------------------------
Topic: userhelper/libuser Multiple vulns Risk: Medium Text:Qualys Security Advisory CVE-2015-3245 userhelper chfn() newline filtering CVE-2015-3246 libuser passwd file handling ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015070115




*** Siemens RuggedCom ROS and ROX-based Devices TLS POODLE Vulnerability (UPDATE A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-202-03 Siemens RuggedCom ROS and ROX-based Devices TLS POODLE Vulnerability that was published July 22, 2015 on the ICS-CERT web site. This advisory provides mitigation details for a Transport Layer Security Padding Oracle On Downgraded Legacy Encryption vulnerability in the web interface of the Siemens RuggedCom ROS and ROX-based devices.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A


More information about the Daily mailing list