[CERT-daily] Tageszusammenfassung - Montag 22-06-2015

Mon Jun 22 18:09:37 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 19-06-2015 18:00 − Montag 22-06-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Owning Internet Printing - A Case Study in Modern Software Exploitation ***
---------------------------------------------
Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs become unexploitable, ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/06/owning-internet-printing-case-study-in.html


*** Cacti Input Validation Flaw Permits Cross-Site Scripting and SQL Injection Attacks ***
---------------------------------------------
The software does not properly filter HTML code from user-supplied input before displaying the input [CVE-2015-2665]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The ..
---------------------------------------------
http://www.securitytracker.com/id/1032672


*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39432
http://tools.cisco.com/security/center/viewAlert.x?alertId=39431
http://tools.cisco.com/security/center/viewAlert.x?alertId=39422
http://tools.cisco.com/security/center/viewAlert.x?alertId=39424
http://tools.cisco.com/security/center/viewAlert.x?alertId=39423


*** Banking Trojan has targeted Bundestag ***
---------------------------------------------
After the initial reports on the attacks on the Bundestag (German Federal Parliament), variants of the Swatbanker family are now putting the Bundestags intranet on a watch list. The operators of the botnet are apparently trying to steal access data and server responses associated with this ..
---------------------------------------------
https://blog.gdatasoftware.com/blog/article/banking-trojan-has-targeted-bundestag.html


*** Microsoft website dedicated to online privacy gets hacked ***
---------------------------------------------
Digital Constitution was running outdated of version of WordPress.
---------------------------------------------
http://arstechnica.com/security/2015/06/microsoft-website-dedicated-to-online-privacy-gets-hacked/


*** Microsoft: Meine Lücken schließ' ich nicht ***
---------------------------------------------
Sicherheitsexperten geben Details zu Lücken in Internet Explorer heraus, weil Microsoft die Lücken nicht schließen will.
---------------------------------------------
http://heise.de/-2718449


*** Standardschlüssel gefährdet SAPs Datenbank Hana ***
---------------------------------------------
Bei der Installation wird die Benutzerdatenbank in SAPs Hana mit dem stets gleichen Standardschlüssel abgesichert. Weil dieser nur selten geändert wird, könnten sich Unberechtigte leicht Zugriff auf die dort gespeicherten Administratorkonten verschaffen. 
---------------------------------------------
http://www.golem.de/news/it-sicherheit-standardschluessel-gefaehrdet-saps-datenbank-hana-1506-114783.html


*** VMware Workstation: Der Einbruch �über Port COM1 ***
---------------------------------------------
Über Schwachstellen in VMwares Workstation und Player ist ein vollständiger Zugriff auf das Wirtssystem aus einem Gastsystem heraus möglich. VMware hat bereits Updates veröffentlicht. 
---------------------------------------------
http://www.golem.de/news/vmware-workstation-der-einbruch-ueber-port-com1-1506-114784.html


*** Advertising: The Digital Turf War on your Desktop ***
---------------------------------------------
https://blog.malwarebytes.org/privacy-2/2015/06/advertising-the-digital-turf-war-on-your-desktop/


*** XARA-Lücke: Apple kündigt Fix für iOS und OS X an ***
---------------------------------------------
Das Sicherheitsproblem, über das unter anderem Passwörter ausgelesen werden könnten, soll demnächst in der Software behoben werden. Zudem versucht sich der iPhone-Hersteller an anderen Lösungen.
---------------------------------------------
http://heise.de/-2718624


*** The most common information security mistakes of e-commerces ***
---------------------------------------------
Almost every month a new incident involving a big retailer, e-commerce or web platform makes the news headlines. Most retail fraud is now committed online, and in 2014 alone hackers managed to steal more than 61 million records from ..
---------------------------------------------
https://www.htbridge.com/blog/the-most-common-information-security-mistakes-of-e-commerces.html


*** Adware for OS X distributes Trojans ***
---------------------------------------------
Lately, reports about distribution of new malicious and potentially dangerous programs for OS X have been emerging with great frequency. Doctor Web security researches have registered a growing number of various adware and installers ..
---------------------------------------------
http://news.drweb.com/show/?i=9502&lng=en&c=9


*** Steal That Car in 60 Seconds ***
---------------------------------------------
Introduction Cars are everywhere and they are being upgraded with new technology as often as any other device we use. Taking some inspiration from the movie Knight and Day, ..
---------------------------------------------
http://resources.infosecinstitute.com/the-car-in-60-seconds/


*** NSA spionierte österreichische Antiviren-Hersteller aus ***
---------------------------------------------
Ikarus und Emsisoft genannt – NSA überwachte E-Mails an Firmen, um Entdeckung von Schadprogrammen mitzubekommen
---------------------------------------------
http://derstandard.at/2000017842807


*** Magnitude EK: Traffic Analysis ***
---------------------------------------------
Hello and welcome! Recently I have been skilling up in malware analysis. Specifically, my focus has been centred on client-side exploit kits, such common kits include: Angler, Nuclear, Magnitude, Neutrino, RIG... There are quite a few reasons for my new found ..
---------------------------------------------
http://www.fuzzysecurity.com/tutorials/21.html


*** Android Activtity Security ***
---------------------------------------------
Each Android Application is made up of Activity, Service, Content Provider and Broadcast Receiver, which are the basic components of Android. Among those components, An Activity is ..
---------------------------------------------
http://translate.wooyun.io/2015/06/22/android-activtity-security.html


*** A month with BADONIONS ***
---------------------------------------------
A few weeks ago I got the idea of testing how much sniffing is going on in the Tor network by setting up a phishing site where I login with unique password and then store them. I ..
---------------------------------------------
https://chloe.re/2015/06/20/a-month-with-badonions/


*** Poseidon and Backoff POS � the links and similarities ***
---------------------------------------------
Poseidon, also known as FindPOS, is a malware family designed for Windows point-of-sale systems. Poseidon scans the memory for running processes and employs keystroke logging ..
---------------------------------------------
https://blog.team-cymru.org/2015/06/poseidon-and-the-backoff-pos-link


*** Bypassing Microsoft EMET 5.2 - a neverending story? ***
---------------------------------------------
The experts of the SEC Consult Vulnerability Lab managed to adapt the EMET 5.0 / 5.1 bypasses to additionally work against the latest Microsoft EMET version which is 5.2. Results of the research were already presented this year at ..
---------------------------------------------
http://blog.sec-consult.com/2015/06/bypassing-microsoft-emet-52-neverending.html