[CERT-daily] Tageszusammenfassung - Montag 29-06-2015

Mon Jun 29 18:14:22 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 26-06-2015 18:00 − Montag 29-06-2015 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** In eigener Sache: CERT.at sucht Verstärkung ***
---------------------------------------------
Wir suchen aktuell eine/n ProgrammiererIn - vorerst als Karenzvertretung bis Jahresende. Details siehe https://cert.at/about/jobs/jobs.html
---------------------------------------------
http://www.cert.at/services/blog/20150629141329-1553.html


*** IETF Officially Deprecates SSLv3 ***
---------------------------------------------
The IETF, in RFC7568, declared SSLv3 "not sufficiently secure" and prohibited its use. SSLv3 fallbacks were to blame for the POODLE and BEAST attacks.
---------------------------------------------
http://threatpost.com/ietf-officially-deprecates-sslv3/113503


*** NIST Updates Random Number Generation Guidelines ***
---------------------------------------------
An anonymous reader writes: Encryption weighs heavily on the public consciousness these days, as weve learned that government agencies are keeping an eye on us and a lot of our security tools arent as foolproof as weve thought. In response to this, the National Institute of Standards and Technology has issued a formal update to its document on how to properly generate a random number - crucial in many types of encryption.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/JJ7XjyjPA9c/nist-updates-random-number-generation-guidelines


*** Lücke im Flash Player: Exploit Kit erhöht Angriffs-Risiko ***
---------------------------------------------
Bisher haben Angreifer die in der letzten Woche bekanntgewordene Schwachstelle in Adobes Flash Player nur vereinzelt und gezielt attackiert. Aktuell nutzt jedoch auch das Magnitude Exploit Kit die Lücke aus und vergrößert den Angriffsradius.
---------------------------------------------
http://heise.de/-2730795


*** The State of the ESILE/Lotus Blossom Campaign ***
---------------------------------------------
As is generally the case with backdoors, ESILE contacts a command-and-control server in order to receive commands from its attacker. How it does this is also a fingerprint of the campaign as well. It uses a URL based on the MAC address of the infected machine's network interface, as well as the current time. ... This distinctive pattern can be used to help spot and block ESILE-related endpoints on an organization's network.
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-the-esilelotus-blossom-campaign/


*** Migrating from SHA-1 to SHA-2 ***
---------------------------------------------
Heres a comprehensive document on migrating from SHA-1 to SHA-2 in Active Directory certificates....
---------------------------------------------
https://www.schneier.com/blog/archives/2015/06/migrating_from_.html


*** Cyber Security Challenge: Bundesheer sucht Nachwuchs-Hacker ***
---------------------------------------------
Qualifikation läuft bis August, Veranstaltung von Cyber Security Austria und Abwehramt organisiert
---------------------------------------------
http://derstandard.at/2000018220253


*** Bugtraq: ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities ***
---------------------------------------------
Summary: ESRS VE version 3.06 contains security fixes for multiple vulnerabilities that could potentially be exploited by malicious uses to compromise the affected system
Insufficient Certificate Validation
   CVE-2015-0543: CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cookie Generated with Insufficient Randomness
   CVE-2015-0544: CVSSv2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
---------------------------------------------
http://www.securityfocus.com/archive/1/535851


*** The Powershell Diaries 2 - Software Inventory, (Mon, Jun 29th) ***
---------------------------------------------
After last weeks story, hopefully youve got your problem users accounts identified. With that worked out, lets see about finding problem applications. We all need a handle on what applications are installed on workstations for a number of reasons  to make sure that when upgrade time comes, that nobody gets left behind that older apps that have security vulnerabilities or have limited function get taken care of...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19851&rss


*** Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) ***
---------------------------------------------
Business recommendation: By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. SEC Consult recommends not to use this system until a thorough security review has been performed by security professionals and all identified issues have been resolved.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150626-0_Polycom_RealPresence_Resource_Manager_Critical_Vulnerabilities_v10.txt


*** TYPO3-EXT-SA-2015-015: Cross-Site Scripting in extension "404 Page not found handling" (pagenotfoundhandling) ***
---------------------------------------------
It has been discovered that the extension "404 Page not found handling" (pagenotfoundhandling) is susceptible to Cross-Site Scripting
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C
Affected Versions: version 2.1.0 and below
---------------------------------------------
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-015/


*** Hacker-Angriff vermutet: Apache Build-Server offline ***
---------------------------------------------
Bis jetzt wurde ein Angriff nicht offiziell bestätigt. Auch ist nicht bekannt, ob ein Eingriff in auf den Servern gebaute Software-Pakete stattgefunden hat.
Die Build-Systeme der ASF werden unter anderem von OpenOffice, dem Tomcat-Projekt und dem Web-Framework Apache Wicket verwendet. Neben den Build-Servern und der Continuous-Integration-Webseite ist auch das CMS der Apache-Seiten betroffen.
---------------------------------------------
http://heise.de/-2731265


*** Cisco Application Policy Infrastructure Controller Unauthorized Access Vulnerability ***
---------------------------------------------
CVE: CVE-2015-4225, CVSS2 Base Score: 5.5
A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (Cisco APIC) could allow an authenticated, remote attacker to have read access to certain information stored in the affected system.
The vulnerability is due to improper handling of RBAC for health scoring. An attacker could exploit this vulnerability to gain access to information on the affected system.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39529