[CERT-daily] Tageszusammenfassung - Freitag 19-06-2015

Fri Jun 19 18:09:33 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 18-06-2015 18:00 − Freitag 19-06-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** So Long, and Thanks for All the Domains ***
---------------------------------------------
While Trojans like Dyre and Dridex are dominating malware-related news, we take the time to have a closer look at Tinba (Tiny Banker, Zusy, Illi), yet another Trojan which targets Windows users. In the first part of this post, we...
---------------------------------------------
http://securityblog.switch.ch/2015/06/18/so-long-and-thanks-for-all-the-domains/


*** Understanding type confusion vulnerabilities: CVE-2015-0336 ***
---------------------------------------------
In March 2014, we observed a patched Adobe Flash vulnerability (CVE-2015-0336) being exploited in the wild. Adobe released the patch on March 12, 2014, and exploit code using this vulnerability first appeared about a week later. To help stay protected:   Keep your Microsoft security software, such as  Windows Defender for Windows 8.1  up-to-date. Keep your third-party software, such as Adobe Flash Player, up-to-date. Be cautious when browsing potentially malicious or compromised websites.  
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/06/18/understanding-type-confusion-vulnerabilities-cve-2015-0336.aspx


*** Tapatalk-Plug-in liest Daten von Forennutzern aus ***
---------------------------------------------
Wie die Administratoren des HardwareLuxx-Forums entdeckten, liest das Plug-in der Mobil-App die E-Mail-Adressen ihrer 200.000 Nutzer auf Anfrage aus und schickt diese an eigene Server. Tapatalk hält das Ganze für ein Versehen.
---------------------------------------------
http://heise.de/-2716662


*** Paper: Beta exploit pack: one more piece of crimeware for the infection road! ***
---------------------------------------------
Exploit kit currently being tested focuses primarily on Flash Player exploits.Nuclear, Angler, Magnitude and Rig. Security researchers know were talking about exploit kits (or browser exploit packs), toolkits that automate the exploitation of client-side vulnerabilities and thus facilitate infection through drive-by downloads.Today, we publish an article by researchers Aditya K. Sood and Rohit Bansal, in which they look at a new exploit kit, Beta. Though it is still in a testing phase, Aditya...
---------------------------------------------
http://www.virusbtn.com/blog/2015/06_19.xml?rss


*** SAP Hana users warned of security vulnerability ***
---------------------------------------------
Hard on the heels of the release of a newly updated version of SAP Hana, a security researcher has warned of a potentially serious vulnerability in the in-memory platform. "If an attacker can exploit this vulnerability, he can get access to all encrypted data stored in an SAP Hana database," said Alexander Polyakov, CTO with ERPScan, which presented the details Thursday at the Black Hat Sessions XIII conference in the Netherlands.
---------------------------------------------
http://www.cio.com/article/2937953/sap-hana-users-warned-of-security-vulnerability.html


*** Identifying Your Prey ***
---------------------------------------------
User hunting is one of my favorite phases of an engagement. Whether it's performed for lateral spread and escalation, or to demonstrate impact by tracking down incident responders and executives, we end up hunting for users on nearly every assessment we conduct. I presented this topic at the Shmoocon '15 Firetalks, and published the "I Hunt Sys Admins" post to help highlight some of the ways we track down where users are located in Windows domains.
---------------------------------------------
http://www.verisgroup.com/2015/06/17/identifying-your-prey/


*** an awesome list of honeypot resources ***
---------------------------------------------
A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects. There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide.
---------------------------------------------
https://github.com/paralax/awesome-honeypots


*** The Samsung SwiftKey Vulnerability - What You Need To Know, And How To Protect Yourself ***
---------------------------------------------
Recently, researchers announced that a vulnerability in Samsung Android devices had been found which allowed attackers to run malicious code on vulnerable devices if they became the targets of a man-in-the-middle attack. In this post we will explain how this vulnerability works, and what can users do to protect themselves. The Vulnerability The stock Android...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Y8_n4zFsafI/


*** Security CheatSheets - A collection of cheatsheets for various infosec tools and topics ***
---------------------------------------------
These security cheatsheets are part of a project for the Ethical Hacking and Penetration Testing course offered at the University of Florida. Expanding on the default set of cheatsheets, the purpose of these cheatsheets are to aid penetration testers/CTF participants/security enthusiasts in remembering commands that are useful, but not frequently used. Most of the tools that will be covered have been included in our class and are available in Kali Linux.
---------------------------------------------
http://www.kitploit.com/2015/06/security-cheatsheets-collection-of.html


*** Bundestag: Linksfraktion veröffentlicht Malware-Analyse ***
---------------------------------------------
Die Linksfraktion veröffentlicht im Zusammenhang mit dem Bundestags-Hack eine Analyse von Malware, die auf ihren Servern gefunden wurde. Darin wird eine Verbindung zur russischen Organisation APT28 nahegelegt. Doch wirklich überzeugend sind die Belege dafür nicht.
---------------------------------------------
http://www.golem.de/news/bundestag-linksfraktion-veroeffentlicht-malware-analyse-1506-114775-rss.html


*** Bugtraq: ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/535797


*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition (CVE-2015-0478, CVE-2015-0488, CVE-2015-1916, CVE-2015-2808) ***
http://www.ibm.com/support/docview.wss?uid=swg21960248

*** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM InfoSphere Discovery (CVE-2015-0488) ***
http://www.ibm.com/support/docview.wss?uid=swg21903544

*** IBM Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2014-0230) ***
http://www.ibm.com/support/docview.wss?uid=swg21959294

*** IBM Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server uses an insecure hashing scheme for handling user passwords (CVE-2015-1913) ***
http://www.ibm.com/support/docview.wss?uid=swg21959298

*** IBM Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2014-0227) ***
http://www.ibm.com/support/docview.wss?uid=swg21959291

*** IBM Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM SmartCloud Entry (CVE-2014-6040 CVE-2014-7817) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022093


*** Wind River VXWorks TCP Predictability Vulnerability in ICS Devices ***
---------------------------------------------
This advisory provides mitigation details for a TCP predictability vulnerability identified in Wind River's VxWorks.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01


*** Cisco WebEx Meeting Center Web-Based Administrative Interface User Enumeration Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39420