[CERT-daily] Tageszusammenfassung - Mittwoch 3-06-2015

Daily end-of-shift report team at cert.at
Wed Jun 3 18:31:33 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 02-06-2015 18:00 − Mittwoch 03-06-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Your Website Hacked but No Signs of Infection ***
---------------------------------------------
Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. This is the emotionally draining world that many live in, with a paranoia and concern that grips you once you see and recognize that something is not right.
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/0D6hUcbKq34/your-website-hacked-but-no-signs-of-infection.html




*** Holy SSH-it! Microsoft promises secure logins for Windows PowerShell ***
---------------------------------------------
Now that the door has hit Ballmer on the way out, OpenSSH support is go Microsoft has finally decided to add support for SSH to PowerShell, allowing people to log into Windows systems and use software remotely over an encrypted connection.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/02/openssh_windows/




*** Bug des Tages: Skype hat eine "SMS des Todes" ***
---------------------------------------------
Sending the characters "http://:" (without the quotes) crashes Skype, and receiving a message with those characters makes it crash any time you try to sign in again.
---------------------------------------------
http://blog.fefe.de/?ts=ab900965




*** Good Patch Management Is Crucial to Cybersecurity in ICS ***
---------------------------------------------
A good cybersecurity strategy for industrial control systems (ICS) must include both a systematic approach to patch management and compensating cybersecurity controls for when patching is not an option. Patch management resolves bugs, operability, reliability,...
---------------------------------------------
http://feedproxy.google.com/~r/PaloAltoNetworks/~3/tK1mqdG1qkA/




*** IoT Devices Hosted On Vulnerable Clouds In Bad Neighborhoods ***
---------------------------------------------
OpenDNS report finds that organizations may be more susceptible to Internet of Things devices than they realize.
---------------------------------------------
http://www.darkreading.com/cloud/iot-devices-hosted-on-vulnerable-clouds-in-bad-neighborhoods/d/d-id/1320670?_mc=RSS_DR_EDT




*** Mass break-in: researchers catch 22 more routers for the SOHOpeless list ***
---------------------------------------------
A business model ripe for the bin Yet another disclosure tips 22 SOHO routers in the security bin, with everything from privilege escalation and authentication bypass to hard-coded credential backdoors.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/03/mass_breakin_researchers_catch_22_more_routers_for_the_sohopeless_list/




*** Piwik: Unberechtigte können Webseiten-Statistiken abrufen ***
---------------------------------------------
Installationen der Google-Analytics-Alternative Piwik sind häufig nicht korrekt konfiguriert und Dritte können ohne viel Aufwand Abrufstatistiken einsehen und sogar herunterladen.
---------------------------------------------
http://heise.de/-2678572




*** SSH: Sechs Jahre alter Bug bedroht Github-Repositories ***
---------------------------------------------
Ein Debian-Bug aus dem Jahr 2008 hinterlässt immer noch Spuren. Eine Analyse der öffentlichen SSH-Schlüssel bei Github zeigt: Mittels angreifbarer Schlüssel hätten Angreifer die Repositories von Projekten wie Python und Firmen wie Spotify oder Yandex manipulieren können.
---------------------------------------------
http://www.golem.de/news/ssh-sechs-jahre-alter-bug-bedroht-github-repositories-1506-114449-rss.html




*** Emergency Security Band-Aids with Systemtap ***
---------------------------------------------
Software security vulnerabilities are a fact of life. So is the subsequent publicity, package updates, and suffering service restarts. Administrators are used to it, and users bear it, and it's a default and traditional method. On the other hand, in...
---------------------------------------------
https://securityblog.redhat.com/2015/06/03/emergency-security-band-aids-with-systemtap/




*** Krypto-Trojaner überlegt es sich anders und entschlüsselt alles wieder ***
---------------------------------------------
Der Erpressungs-Trojaner Locker ist erst seit wenigen Tagen im Umlauf. Und schon ist seine Karriere wieder vorbei: Er hat vergangenen Dienstag den Befehl erhalten, alle verschlüsselten Dateien wiederherzustellen.
---------------------------------------------
http://heise.de/-2678669




*** Hackers Scan All Tor Hidden Services To Find Weaknesses In The Dark Web ***
---------------------------------------------
If you go down to the deep web today, you'll be following hot on the heels of a digital beast. In a matter of hours last week, the entire semi-anonymising Tor network, where activists and criminals alike try to hide from the gaze of their respective authorities, was traversed by PunkSPIDER, an automated scanner that pokes websites to uncover vulnerabilities.
---------------------------------------------
http://www.forbes.com/sites/thomasbrewster/2015/06/01/dark-web-vulnerability-scan/




*** DSA-3277 wireshark - security update ***
---------------------------------------------
Multiple vulnerabilities were discovered in the dissectors/parsers forLBMR, web sockets, WCP, X11, IEEE 802.11 and Android Logcat, which couldresult in denial of service.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3277




*** Vulnerabilities in Cisco Products  ***
---------------------------------------------

*** Cisco Unified MeetingPlace Microsoft Outlook Reflected Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39161

*** Cisco Unified MeetingPlace Session ID Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39162

*** Cisco AnyConnect Secure Mobility Client Privilege Escalation Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39158

*** Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39157

*** Cisco Unified MeetingPlace Arbitrary File Download Vulnerability ***
http://tools.cisco.com/security/center/viewAlert.x?alertId=39163




*** Beckwith Electric TCP Initial Sequence Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a TCP initial sequence numbers vulnerability in multiple Beckwith Electric products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01




*** Moxa SoftCMS Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a buffer overflow vulnerability in the Moxa SoftCMS software package.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-153-02




*** [HTB23258]: Local PHP File Inclusion in ResourceSpace ***
---------------------------------------------
Product: ResourceSpace v7.1.6513Vulnerability Type: PHP File Inclusion [CWE-98]Risk level: High Creater: Montala LimitedAdvisory Publication: May 6, 2015 [without technical details]Public Disclosure: June 3, 2015 CVE Reference: CVE-2015-3648 CVSSv2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Vulnerability Details: High-Tech Bridge Security Research Lab discovered vulnerability in ResourceSpace, which can be exploited to include arbitrary local PHP file, execute PHP code, and compromise
---------------------------------------------
https://www.htbridge.com/advisory/HTB23258




*** USN-2626-1: Qt vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2626-13rd June, 2015qt4-x11, qtbase-opensource-src vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryQt could be made to crash or run programs as your login if it opened aspecially crafted file.Software description qt4-x11 - Qt 4 libraries  qtbase-opensource-src - Qt 5 libraries  DetailsWolfgang Schenk discovered that Qt incorrectly handled certain malformedGIF...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2626-1/




Next End-of-Shift report on 2015-06-05


More information about the Daily mailing list