[CERT-daily] Tageszusammenfassung - Donnerstag 12-03-2015

Thu Mar 12 18:12:33 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 11-03-2015 18:00 − Donnerstag 12-03-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Cyber Security in Supply Chain Management: Part 1 ***
---------------------------------------------
Introduction Cyber security is generally thought of as various types of security devices like firewalls, Web Application Firewall (WAF), IDS/IPS, SIEM, DLP etc. to safeguard network, applications and data. But what if, for example, the deployed security solutions have a bug inside? The latest example of this is exposing of a vulnerability in Lenovo notebooks.
---------------------------------------------
http://resources.infosecinstitute.com/cyber-security-in-supply-chain-management-part-1/


*** Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks ***
---------------------------------------------
Aryeh Goretsky gives advice on how to adapt to Windows 10s patching strategy.Patching is hard, especially when the code base is old and the bugs are buried deeply. This was highlighted once again this week when Microsoft released a patch for a vulnerability that was thought to have been patched almost five years ago, but which could still be exploited.In fact, six out of the last eight Patch Tuesdays have included patches that have caused problems for some Windows users.Probably in response to...
---------------------------------------------
http://www.virusbtn.com/blog/2015/03_12.xml?rss


*** Microsoft SHA-2 Advisory Causing "Infinite Loop" Issues ***
---------------------------------------------
Windows users are having issues with a security update issued this week meant to add SHA-2 code-signing and verification support to Windows 7 and Windows Server 2008 R2 machines.
---------------------------------------------
http://threatpost.com/microsoft-sha-2-advisory-causing-infinite-loop-issues/111597


*** Schwerwiegende Sicherheitslücke im Shop-System xt:Commerce ***
---------------------------------------------
Derzeit klafft eine Sicherheitslücke im aktuellen Versionszweig des verbreiteten Online-Shop-Systems xt:Commerce. Ein Patch ist bereits verfügbar.
---------------------------------------------
http://heise.de/-2573755


*** Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake., (Thu, Mar 12th) ***
---------------------------------------------
Ever wonder if any of your users connect to sites with bad SSL certificates? I ran into this issue recently when debugging some SSL issues, and ended up with thisquick tshark and shell script trickto extract the necessary information from a packet capture. First, you may want to compare the host name your clients connect to, to the host name returned as part of the certificate. While the Host header is encrypted and not accessible, modern SSL libraries use Server Name Indication (SNI) as part...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19455&rss


*** Defending Against PoS RAM Scrapers ***
---------------------------------------------
Stealing payment card data has become an everyday crime that yields quick monetary gains. Attackers aim to steal the data stored in the magnetic stripe of payment cards, optionally clone the cards, and run charges on the accounts associated with them. The topic of PoS RAM scraper malware always prompts businesses and retailers to ask...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/CYPwDbRGFfc/


*** Dropbox Patches Remotely Exploitable Vulnerability in SDK ***
---------------------------------------------
Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the app that enabled attackers to connect applications on some devices to a Dropbox account without the users consent.
---------------------------------------------
http://threatpost.com/dropbox-patches-remotely-exploitable-vulnerability-in-sdk/111587


*** Inverted WordPress Trojan ***
---------------------------------------------
Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously does something bad. In WordPress, typical trojans are plugins and themes (usually pirated) which may have backdoors, or send out spam, create doorways, inject hidden links or malware. The trojan modelRead More
---------------------------------------------
http://blog.sucuri.net/2015/03/inverted-wordpress-trojan.html


*** RSA Digital Certificate Manager Input Validation Flaws Permit Cross-Site Scripting and Denial of Service Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1031912


*** EMC Secure Remote Services GHOST / SQL Injection / Command Injection ***
---------------------------------------------
Topic: EMC Secure Remote Services GHOST / SQL Injection / Command Injection Risk: High Text:ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities CVE Identifier: CVE-2...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015030076


*** Google Android Integer Oveflow / Heap Corruption ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015030079


*** phpMyAdmin Bug May Disclose CSRF Token to Remote Users ***
---------------------------------------------
http://www.securitytracker.com/id/1031871


*** Elipse E3 Process Control Vulnerability (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-069-04 Elipse E3 Process Control Vulnerability that was published March 10, 2015, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-069-04A


*** IBM Security Bulletin: Apache Tomcat request smuggling affects Algo Audit and Compliance (CVE-2014-0227) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21698437


*** IBM Security Bulletin: IBM PowerVC - Ceilometer DB2/MongoDB Backend Password Leak (CVE-2013-6384) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1020585


*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM/Cisco Switches and Directors (CVE-2015-0235) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1005122


*** IBM Security Bulletin: Multiple IBM InfoSphere Information Server components are affected by a vulnerability in the XML4C parser (CVE-2014-8901) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21696312


*** SA-CONTRIB-2015-077 - OG tabs - Cross Site Scripting (XSS) ***
---------------------------------------------
https://www.drupal.org/node/2450427


*** SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting (XSS) ***
---------------------------------------------
https://www.drupal.org/node/2450393


*** SA-CONTRIB-2015-075 - Perfecto - Open Redirect ***
---------------------------------------------
https://www.drupal.org/node/2450391


*** SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting (XSS) ***
---------------------------------------------
https://www.drupal.org/node/2450387


*** Pie Register 2.0.14 - Cross Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7842