[CERT-daily] Tageszusammenfassung - Montag 1-06-2015

Daily end-of-shift report team at cert.at
Mon Jun 1 18:15:27 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 29-05-2015 18:00 − Montag 01-06-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Which malware lures work best? ***
---------------------------------------------
More often than not, malware peddlers main goal is to deliver their malicious wares to the maximum number of users possible. Choosing the right lure is crucial to achieving that goal. Two researc...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/SXwL_z3NcUM/malware_news.php




*** New Android NFC Attack Could Steal Money From Credit Cards Anytime Your Phone Is Near ***
---------------------------------------------
Your NFC capable Android smartphone could be the newest weapon hackers use to steal money from the credit cards in your pocket, researchers find. In a presentation at Hack In The Box Security Conference in Amsterdam, security researchers Ricardo J. Rodriguez and Jose Vila presented a demo of a real world attack, to which all NFC capable Android phones are vulnerable. This attack, delivered through poisoned apps, exploits the NFC feature allowing unethical hackers to steal money from...
---------------------------------------------
http://www.idigitaltimes.com/new-android-nfc-attack-could-steal-money-credit-cards-anytime-your-phone-near-445497




*** Crypto flaws in Blockchain Android app sent Bitcoins to the wrong address ***
---------------------------------------------
A comedy of programming errors could prove catastrophic for affected users.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/9dMUjIT6yyo/




*** HITB Amsterdam Wrap-Up Day #2 ***
---------------------------------------------
I left Amsterdam after the closing keynote and I just arrived at home. This is my quick wrap-up for the second day of Hack in the Box! The second keynote was presented by John Matherly: "The return of the Dragons". John is the guy behind Shodan, the popular devices search engine. Shodan started because Nmap was not designed to scan the whole Internet. With Shodan, Stateless...
---------------------------------------------
http://blog.rootshell.be/2015/05/29/hitb-amsterdam-wrap-up-day-2-2/




*** Adventures in Social Engineering: The Evil Reference ***
---------------------------------------------
I recently completed a social engineering gig targeting four bank locations. After a phone call and a few e-mails, I was able to grab some victims NTLMv2 domain hashed credentials. The Approach I developed a fictitious persona to help me...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Adventures-in-Social-Engineering--The-Evil-Reference/




*** Locker Ransomware Author Allegedly Releases Database Dump of Private Keys ***
---------------------------------------------
Allegedly, the author of the "Locker" ransomware has uploaded a dump of the C2 server database, releasing private keys of infected hosts to the public. Allegedly, the author of the "Locker" ransomware has uploaded a dump of the C2 server database, releasing private keys of infected hosts worldwide to the public. The "author" claims that...
---------------------------------------------
http://securityaffairs.co/wordpress/37346/cyber-crime/locker-ransomware-db-dump.html




*** Malware Evolution Calls for Actor Attribution? ***
---------------------------------------------
What makes one novel strain of malicious software more dangerous or noteworthy than another? Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it? Most experts probably would say it's important to consider attribution insofar as it is knowable, but it's remarkable how seldom companies that regularly publish reports on the latest criminal innovations go...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/8rYlMnG_kmU/




*** Intelligente Städte: "Smart wäre, wenn man den ganzen Quatsch lassen würde" ***
---------------------------------------------
Der White-Hat-Hacker Felix Lindner ist entsetzt, wie wenig Wert Politik und Industrie auf den Schutz der digital vernetzten Stadt vor Cyberattacken legen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Intelligente-Staedte-Smart-waere-wenn-man-den-ganzen-Quatsch-lassen-wuerde-2671382.html?wt_mc=rss.ho.beitrag.rdf




*** Researchers discover hidden shell in Hola VPN software ***
---------------------------------------------
Hola, an Israeli company that develops a browser plug-in promoted heavily as a means to bypass region locks on Web-based content and anonymous surfing, faced a considerable amount of backlash last week - after it was discovered they were selling access to their users connections in what one researcher called "a poorly secured botnet."On Friday, 24-hours after the quasi-botnet operation was disclosed, a group of researchers released details on a number of critical vulnerabilities in...
---------------------------------------------
http://www.csoonline.com/article/2929192/data-protection/researchers-discover-hidden-shell-in-hola-vpn-software.html#tk.rss_applicationsecurity




*** Unzählige Apps speichern private Daten unsicher in der Cloud ***
---------------------------------------------
Auf den Cloud-Servern von Apple und Co. schlummern 56 Millionen nicht optimal geschützte Datensätze. Angreifer könnten vergleichsweise einfach Fotos, Adressdaten und weitere Infos abgreifen.
---------------------------------------------
http://heise.de/-2671988




*** Blue Coat: SSL Visibility Appliance web based vulnerabilities, (Sun, May 31st) ***
---------------------------------------------
Blue Coat has released a security advisory for SSL Visibility Appliance. The SSL Visibility Appliance is susceptible to multiple web-based vulnerabilities in the administration console. A remote attacker can use these vulnerabilities to obtain administrative access to the SSL Visibility Appliance. All versions of SSL Visibility prior to 3.8.4 are vulnerable. The vulnerabilities exist in the WebUI are:  Cross-Site Request Forgery (CVE-2015-2852): Cross-site request forgery (CSRF) vulnerability...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19749&rss




*** JSA10681 - 2015-05 Out of Cycle Security Bulletin: "Logjam" passive attack on sub-1024 DH groups, and active downgrade attack of TLS to DHE_EXPORT (CVE-2015-4000) ***
---------------------------------------------
Affected Products: Junos OS (XNM-SSL)*, WXOS
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10681&actp=RSS




*** Vulnerabilities in Cisco Products ***
---------------------------------------------


*** Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38863

*** Cisco Conductor for Videoscape and Cisco Headend System Release HTTP Injection Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38945

*** Cisco Headend System Release Archive File Download Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38944

*** Cisco Headend System Release UDP TFTP and DHCP Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38938

*** Cisco Unified MeetingPlace XML Processing Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39130

*** Multiple Cisco Products TCP Flood Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=38943




*** Security Advisory: cURL and libcurl vulnerability CVE-2015-3148 ***
---------------------------------------------
(SOL16707)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/700/sol16707.html?ref=rss




*** Security Advisory: cURL and libcurl vulnerability CVE-2015-3143 ***
---------------------------------------------
(SOL16704)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/700/sol16704.html?ref=rss




*** Novell Messenger 3.0 Support Pack 1 ***
---------------------------------------------
Abstract: Novell Messenger 3.0 Support Pack 1 has been released. Please be aware that there are security fixes to Messengers server and client components (see the change log below and the Readme documentation on the web). It is recommended that they are updated on an expedited basis.Document ID: 5211030Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:consoleone1.3.6h_windows.zip (46.82 MB)nm301_full_linux_multi.tar.gz (269.53 MB)nm301_client_mac_multi.zip (40.61
---------------------------------------------
https://download.novell.com/Download?buildid=j6RbJAJrtC4~




*** IDM 4.5 MSGW Driver 4.0.1.0 ***
---------------------------------------------
Abstract: This is a patch for the Managed System Gateway Driver (MSGW) for Identity Manager. It installs on Identity Manager version 4.5 but can be used on IDM 4.0.2. The version of this driver is 4.0.1.0Document ID: 5211010Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:IDM45_MSGW_4010.zip (4.68 MB)Products:Identity Manager 4.0.2Identity Manager 4.5Superceded Patches:IDM 4.0.2 MSGW Driver Version 4.0.0.6
---------------------------------------------
https://download.novell.com/Download?buildid=UQgGwYtht9c~




*** PHP Integer Overflows Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1032433




*** PHP Multipart POST Request Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1032432




*** PHP Functions That Permit Null Characters in Path Values May Let Remote Users Bypass Access Controls ***
---------------------------------------------
http://www.securitytracker.com/id/1032431




*** Security Notice - Statement on Security Researchers Revealing Security Vulnerabilities in Huawei SOHO Products on Packet Storm Website ***
---------------------------------------------
May 30, 2015 17:23
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-437161.htm




*** Huawei Wimax CPE Bm632w Hidden Backdoor ***
---------------------------------------------
Topic: Huawei Wimax CPE Bm632w Hidden Backdoor Risk: High Text:Exploit Title : Huawei Wimax CPE Bm632w Hidden Backdoor Date : 30 May 2015 Exploit Author : Koorosh Ghorbani Site : http://8...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015050183




*** Security Notice - Statement on Security Researchers Revealing Security Vulnerability in Huawei CPE Products on cxsecurity Website ***
---------------------------------------------
Jun 01, 2015 14:48
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-437262.htm




*** DSA-3275 fusionforge - security update ***
---------------------------------------------
Ansgar Burchardt discovered that the Git plugin for FusionForge, aweb-based project-management and collaboration software, does notsufficiently validate user provided input as parameter to the method tocreate secondary Git repositories. A remote attacker can use this flawto execute arbitrary code as root via a specially crafted URL.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3275




*** DSA-3276 symfony - security update ***
---------------------------------------------
Jakub Zalas discovered that Symfony, a framework to create websites andweb applications, was vulnerable to restriction bypass. It wasaffecting applications with ESI or SSI support enabled, that use theFragmentListener. A malicious user could call any controller via the/_fragment path by providing an invalid hash in the URL (or removingit), bypassing URL signing and security rules.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3276




*** ESC 8832 Data Controller Session Hijacking ***
---------------------------------------------
Topic: ESC 8832 Data Controller Session Hijacking Risk: Medium Text:=begin # Exploit Title: ESC 8832 Data Controller multiple vulnerabilities # Date: 2014-05-29 # Platform: SCADA / Web Applica...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015050181


More information about the Daily mailing list