[CERT-daily] Tageszusammenfassung - Dienstag 19-05-2015
Daily end-of-shift report
team at cert.at
Tue May 19 18:08:06 CEST 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 18-05-2015 18:00 − Dienstag 19-05-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Tracking SSL Issues with the SSL Labs API ***
---------------------------------------------
The SSL and TLS protocols have been on the front of the stage for months. Besides many vulnerabilities disclosed in the OpenSSL library, the deployment of SSL and TLS is not always easy. They are weak cyphers (like RC4), weak signatures, certificates issues (self-signed, expiration or fake ones). Other useful features are mis-understood and not often not configured like PFS ("Perfect Forward Secrecy"). Encryption effectiveness is directly related...
---------------------------------------------
http://blog.rootshell.be/2015/05/18/tracking-ssl-issues-with-the-ssl-labs-api/
*** Magnitude Exploit Kit leading to Ransomware via Malvertising ***
---------------------------------------------
Magnitude Exploit Kit is a malicious exploit package that leverages a victim's vulnerable browser plugins in order to download a malicious payload to a system. This technique is known as a drive-by-download attack, which is often leveraged on compromised websites and malicious advertising networks. We recently found a number of compromised pages following the structure of fake search engine...
---------------------------------------------
http://feedproxy.google.com/~r/zscaler/research/~3/YQBX1Zq733A/magnitude-exploit-kit-leading-to.html
*** Website Security - How Do Websites Get Hacked? ***
---------------------------------------------
In 2014 the total number of websites on the internet reached 1 billion, today it's hovering somewhere in the neighborhood of 944 million due to websites going inactive and it is expected to normalize again at 1 billion sometime in 2015. Let's take a minute to absorb that number for a moment. Another surprising statistic is...
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/w0FMyW_q_bA/website-security-how-do-websites-get-hacked.html
*** Cyber Security Challenge 2015 ***
---------------------------------------------
Cyber Security Challenge 2015 | 19. Mai 2015 | Auch heuer gibt es wieder die Cyber Security Challenge zur Suche von Hacker-Nachwuchstalenten. 2015 wird das europäische Finale zwischen 6 Ländern ausgespielt, und Österreich muss den Titel verteidigen.Die Qualifizierungsrunde läuft heuer von 4. Mai bis 3. August und steht Schülern und Studenten offen. Details siehe www.verbotengut.at.Wir wollen wieder ein gutes Team zusammenbekommen, wir bitten daher alle Leser, diesen Hinweis...
---------------------------------------------
http://www.cert.at/services/blog/20150519084602-1482.html
*** Cmstar Downloader: Lurid and Enfal's New Cousin ***
---------------------------------------------
In recent weeks, Unit 42 has been analyzing delivery documents used in spear-phishing attacks that drop a custom downloader used in cyber espionage attacks. This specific downloader, Cmstar, is associated with the Lurid downloader also known as "Enfal". Cmstar was named for the log message "CM**" used by the downloader.
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/
*** SSH-Client Putty: Trojaner-Version im Umlauf ***
---------------------------------------------
Wer mit dem SSH-Client Putty auf Geräte zugreifen will, sollte auf die Quelle des Clients achten. Aktuell geistert nämlich eine Version durch das Internet, die einen Trojaner auf Computer schmuggelt, um Daten abzugreifen.
---------------------------------------------
http://heise.de/-2654274
*** More on Chris Roberts and Avionics Security ***
---------------------------------------------
Last month ago I blogged about security researcher Chris Roberts being detained by the FBI after tweeting about avionics security while on a United flight: But to me, the fascinating part of this story is that a computer was monitoring the Twitter feed and understood the obscure references, alerted a person who figured out who wrote them, researched what flight...
---------------------------------------------
https://www.schneier.com/blog/archives/2015/05/more_on_chris_r.html
*** How much money do cyber crooks collect via crypto ransomware? ***
---------------------------------------------
FireEye researchers have calculated that the cybercriminals wielding TeslaCrypt and AlphaCrypt have managed to extort $76,522 from 163 victims in only two months. "This amount may seem trivial co...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/uK_6Ovw0K9M/malware_news.php
*** Address spoofing Safari bug opens door for phishing attacks ***
---------------------------------------------
Hacker David Leo has released a PoC exploit for a Safari vulnerability that can be misused to trick users into thinking they are on one site while they are actually on another - a boon for phishers. ...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/6F6ptWfI8rw/secworld.php
*** Address-Spoofing Bug Haunts Android Stock Browser ***
---------------------------------------------
There's an easily exploitable vulnerability in the Android stock browser that enables an attacker to spoof the URL in the address bar and force a victim to visit a malicious site while believing he is visiting a benign one. Security researcher Rafay Baloch discovered the vulnerability and developed the technique for exploiting it. The problem...
---------------------------------------------
http://threatpost.com/address-spoofing-bug-haunts-android-stock-browser/112892
*** KCodes NetUSB: How a Small Taiwanese Software Company Can Impact the Security of Millions of Devices Worldwide ***
---------------------------------------------
Today the SEC Consult Vulnerability Lab released an advisory regarding a vulnerability in a software component called NetUSB. This post intends to give some background information about this vulnerability.NetUSB is a proprietary technology developed by the Taiwanese company KCodes, intended to provide "USB over IP" functionality. USB devices (e.g. printers, external hard drives, flash drives) plugged into a Linux-based embedded system (e.g. a router, an access point or a dedicated...
---------------------------------------------
http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
*** [2015-05-19] Critical buffer overflow vulnerability in KCodes NetUSB ***
---------------------------------------------
KCodes NetUSB is vulnerable to a buffer overflow via the network that results in a denial of service or code execution.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt
*** Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=38905
*** IBM Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by cross-site scripting (XSS) Vulnerabilities in Dojo Toolkit ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21902837
*** Moodle Multiple Flaws Let Remote Users Conduct Cross-Site Scripting Attacks, Obtain Potentially Sensitive Information, and Bypass Security Restrictions ***
---------------------------------------------
http://www.securitytracker.com/id/1032358
*** Bugtraq: [SECURITY] [DSA 3175-2] kfreebsd-9 security update ***
---------------------------------------------
http://www.securityfocus.com/archive/1/535562
More information about the Daily
mailing list