[CERT-daily] Tageszusammenfassung - Donnerstag 7-05-2015

Thu May 7 18:05:33 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 06-05-2015 18:00 − Donnerstag 07-05-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Cisco UCS Central Software Arbitrary Command Execution Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc


*** eShop 6.3.11 - Remote Code Execution ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7967


*** Multiple vulnerabilities in ManageEngine Applications Manager ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-170
http://www.zerodayinitiative.com/advisories/ZDI-15-169
http://www.zerodayinitiative.com/advisories/ZDI-15-168
http://www.zerodayinitiative.com/advisories/ZDI-15-167
http://www.zerodayinitiative.com/advisories/ZDI-15-166


*** Macro Malware: When Old Tricks Still Work, Part 2 ***
---------------------------------------------
In the first part of this series, we discussed about the macro malware we have recently seen in the threat landscape. This second entry will delve deeper into the techniques or routines of macro malware. Unintended consequences Let us put things into ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/macro-malware-when-old-tricks-still-work-part-2/


*** APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 ***
---------------------------------------------
Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2015/May/msg00000.html


*** Kritische Sicherheitslücke in WordPress ***
---------------------------------------------
Wie gestern (06. Mai) bekannt wurde, gibt es eine Sicherheitslücke im "Genericons icon font package" von WordPress, welches in vielen populären Themes und Erweiterungen, darunter das ..
---------------------------------------------
http://cert.at/warnings/all/20150507.html


*** Protect your network with DNS Firewall ***
---------------------------------------------
If you run your own mail server, you will quickly find out that 90% of the e-mails you receive are spam. The solution ..
---------------------------------------------
http://securityblog.switch.ch/2015/05/07/protect-your-network-with-dns-firewall/


*** Security Operations Center ***
---------------------------------------------
Ensuring the confidentiality, integrity, and availability of a modern information technology enterprise is a big job. Cyber security breaches are becoming common news. The role of ..
---------------------------------------------
http://resources.infosecinstitute.com/security-operations-center/


*** Analyzing Quantum Insert Attacks ***
---------------------------------------------
A Quantum Insert Attack is a classic example of man-in-the-middle attacks which resurfaced into news among the top 10 biggest ..
---------------------------------------------
http://resources.infosecinstitute.com/analyzing-quantum-insert-attacks/


*** Avast verdächtigt Windows-Bibliotheken als Trojaner ***
---------------------------------------------
Der Virenwächter Avast hat DLL-Dateien von Windows als gefährlich eingestuft und in Quarantäne verschoben. Danach liefen bei betroffenen Nutzern einige Programme nicht mehr.
---------------------------------------------
http://heise.de/-2638093


*** Falscher PC-Experte überwies während Fernwartung Geld nach Bangkok ***
---------------------------------------------
Mehrere Hundert Euro Schaden - Bank konnte Transaktion nicht mehr rückgängig machen - Polizei warnt vor Betrugsmasche mit falschen Microsoft-Mitarbeitern
---------------------------------------------
http://derstandard.at/2000015448793


*** How to make two binaries with the same MD5 hash ***
---------------------------------------------
One question I was asked when I demod creating two PHP files with the same hash is; does it work on compiled binaries?
---------------------------------------------
http://natmchugh.blogspot.co.uk/2015/05/how-to-make-two-binaries-with-same-md5.html