[CERT-daily] Tageszusammenfassung - Freitag 13-03-2015
Daily end-of-shift report
team at cert.at
Fri Mar 13 18:19:20 CET 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 12-03-2015 18:00 − Freitag 13-03-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Security updates available for Adobe Flash Player (APSB15-05) ***
---------------------------------------------
A Security Bulletin (APSB15-05) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin. This...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1185
*** After Delays, Samsung Patches Social Media Vulnerability in Millions of Devices ***
---------------------------------------------
Samsung patched a vulnerability last month in SNS Provider that if exploited could have given attackers the ability to access to any personal information users stored on Facebook, LinkedIn and Twitter.
---------------------------------------------
http://threatpost.com/after-delays-samsung-patches-social-media-vulnerability-in-millions-of-devices/111609
*** Blind SQL Injection against WordPress SEO by Yoast, (Fri, Mar 13th) ***
---------------------------------------------
WordPress has released an advisory for the WordPress plugin SEO by Yoast. Version up to and including 1.7.3.3 can be exploited with a blind SQL injection. According to WordPress, this plugin has more than one million downloads. A description of the SQL injection with proof of concept is described here and the latest update is available here. [1] https://wordpress.org/plugins/wordpress-seo/ [2] https://downloads.wordpress.org/plugin/wordpress-seo.1.7.4.zip [3]
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19457&rss
*** Achievement Locked: New Crypto-Ransomware Pwns Video Gamers ***
---------------------------------------------
Gamers may be used to paying to unlock downloadable content in their favorite games, but a new crypto-ransomware variant aims to make gamers pay to unlock what they already own. Data files for more than 20 games can be affected by the threat, increasing what is already a large target for cybercriminals. Another file type...
---------------------------------------------
http://labs.bromium.com/2015/03/12/achievement-locked-new-crypto-ransomware-pwns-video-gamers/
*** VIRLOCK Combines File Infection and Ransomware ***
---------------------------------------------
Analysis by Jaaziel Carlos, Jonh Chua, and Rodwin Fuentes Ransomware has become one of the biggest problems for end users are as of late. In the past months alone, we have reported on several variants of both ransomware and crypto-ransomware, each with their own "unique" routines. We recently came across one malware family, detected as...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/eJWas-XoY6I/
*** Microsoft EMET 5.2 is available, (Fri, Mar 13th) ***
---------------------------------------------
Microsoft has announced a new release of the Enhanced Mitigation Experience Toolkit (EMET) 5.2. The main the main changes and improvements as the following: Control Flow Guard:EMETs native DLLs have been compiled with Control Flow Guard(CFG). CFG is a new feature introduced in Visual Studio 2015 (and supported by Windows 8.1 and Windows 10) that helps detect and stop attempts of code hijacking. EMET native DLLs (i.e. EMET.DLL) are injected into the application process EMET protects. Since we
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19461&rss
*** Adobe schließt kritische Lücken in Flash ***
---------------------------------------------
Ein neues Update für den Flash-Player schließt elf Sicherheitslücken und ist für alle Plattformen verfügbar. Eine zügige Installation ist ratsam, da Angreifer im schlimmsten Fall das System übernehmen könnten.
---------------------------------------------
http://heise.de/-2574278
*** Bootschleife nach SHA-2-Update für Windows 7 ***
---------------------------------------------
Böse Überraschung für einige Nutzer mit Linux-Dual-Boot: Ein Windows-7-Update vom letzten Patchday stürzt den Rechner in eine Bootschleife. Das scheint allerdings nur beim Booten über das klassische BIOS aufzutreten, UEFI-Nutzer haben Glück.
---------------------------------------------
http://heise.de/-2574289
*** BlackBerry has no fix for devices vulnerable to FREAK security flaw ***
---------------------------------------------
Summary:The company, lauded for having the worlds most protected devices for encrypted messaging, warns that devices will be vulnerable to a serious security flaw until a patch is released.
---------------------------------------------
http://www.zdnet.com/article/blackberry-slow-to-respond-to-freak-flaw-says-it-has-no-fix/
*** Mozilla Releases Open Source Masche Forensics Tool ***
---------------------------------------------
Mozilla has released an open source memory forensics tool that some college students designed and built during the company's recent Winter of Security event. The new tool, known as Masche, is designed specifically for investigating server memory and has the advantage of being able to scan running processes without causing any problems with the machine.
---------------------------------------------
http://threatpost.com/mozilla-releases-open-source-masche-forensics-tool/111630
*** Google-Panne: Inhaberdaten von 300.000 geschützten Domains einsehbar ***
---------------------------------------------
Google bietet seinen Kunden die Möglichkeit, Domains zu registrieren, ohne dass dabei persönliche Daten in den Whois-Einträgen auftauchen. Durch einen Bug waren die Informationen trotzdem abrufbar.
---------------------------------------------
http://heise.de/-2574423
*** Bypassing ASLR with CVE-2015-0071: An Out-of-Bounds Read Vulnerability ***
---------------------------------------------
Almost every Patch Tuesday cycle contains one bulletin that (for convenience) rolls up multiple Internet Explorer vulnerabilities into a single bulletin. February's Patch Tuesday cumulative IE bulletin (MS15-009) included a fix for a particularly interesting vulnerability that could be used to bypass one of the key anti-exploit technologies in use today, address space layout randomization...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/35xufNRKED8/
*** Security Afterworks: Cybercrime - Lessons From the Field & Best Of Troopers15 ***
---------------------------------------------
Cybercrime – wie reagieren nach einem Vorfall? Die Frage ist schon längst nicht mehr ob, sondern wann Sie zum Ziel werden. Andreas Tomek informiert beim Security Afterworks im April über Lessons from the field – Incident Response & Cybercrime in Österreich. Danach geht es mit den Hot Topics der Troopers15 weiter.
Lassen Sie sich von uns auf den neuesten Stand bringen!
Dienstag, 14. April 2015
16.30 Uhr
ab 17.30 Uhr gemütlicher Ausklang
SBA Research
---------------------------------------------
https://www.sba-research.org/events/security-afterworks-cybercrime-lessons-from-the-field-best-of-troopers15/
https://www.sba-research.org/wp-content/uploads/2015/03/Security-Afterworks-V-Agenda1.pdf
*** Cisco FREAKs out, starts epic OpenSSL bug-splat ***
---------------------------------------------
Happy weekend, network admins Cisco admins will be watching and waiting for fixes, with the company announcing that many of its OpenSSL implementations are carrying a bunch of post-POODLE fleas.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/13/cisco_freaks_out_starts_epic_openssl_bugsplat/
*** Samsung SNS Provider Application For Android Access Theft ***
---------------------------------------------
Topic: Samsung SNS Provider Application For Android Access Theft Risk: Low Text: Fundacion Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar *Vulnerabilities in the Samsung SNS ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015030093
*** HP Security Bulletins ***
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04571956
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04570627
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04576624
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03822422
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04562193
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04587108
*** DSA-3186 nss - security update ***
---------------------------------------------
It was discovered that the Mozilla Network Security Service library(nss) incorrectly handled certain ASN.1 lengths. A remote attacker couldpossibly use this issue to perform a data-smuggling attack.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3186
*** DSA-3185 libgcrypt11 - security update ***
---------------------------------------------
Multiple vulnerabilities were discovered in libgcrypt:
---------------------------------------------
https://www.debian.org/security/2015/dsa-3185
*** DSA-3184 gnupg - security update ***
---------------------------------------------
Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:
---------------------------------------------
https://www.debian.org/security/2015/dsa-3184
*** WPML Multiple Vulnerabilities (Including SQLi) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7843
*** Schneider Electric Pelco DS-NVs Buffer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a buffer overflow vulnerability in the Schneider Electric Pelco DS-NVs software package.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-071-01
*** Xen Multiple Flaws Let Local Guest Users Deny Service or Obtain Information From Other Guest Systems ***
---------------------------------------------
http://www.securitytracker.com/id/1031806
More information about the Daily
mailing list