[CERT-daily] Tageszusammenfassung - Dienstag 3-11-2015

Tue Nov 3 18:21:51 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 02-11-2015 18:00 − Dienstag 03-11-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** UK-US Cyberattack Simulation On Finance Sector Set For This Month ***
---------------------------------------------
US-CERT and CERT-UK putting President and Prime Ministers earlier plans into action.
---------------------------------------------
http://www.darkreading.com/operations/uk-us-cyberattack-simulation-on-finance-sector-set-for-this-month-/d/d-id/1322953?_mc=RSS_DR_EDT


*** Latest Adobe Flash vulnerability now in Angler, Nuclear EKs ***
---------------------------------------------
Malwarebytes is reporting that once again Adobe Flash Player has become a target as the recently patched zero-day exploit that was discovered and patched has become a part of several exploit kits (EK).
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/s2Q_P9QhW74/


*** WoW! Want to beat Microsofts Windows security defenses? Poke some 32-bit software ***
---------------------------------------------
Compatibility tool hampers EMET anti-malware protections Two chaps claim to have discovered how to trivially circumvent Microsofts Enhanced Mitigation Experience Toolkit (EMET) using Redmonds own compatibility tools.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/32bit_software_to_beat_emet/


*** Web server secured? Good, now lets talk about e-mail ***
---------------------------------------------
Its not just Hillary whose servers a spillory While Website owners may have noticed the need to get rid of old, buggy or weak crypto, those operating e-mail servers seem to be operating on autopilot.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/web_server_secured_good_now_lets_talk_about_email/


*** Dev to Mozilla: Please dump ancient Windows install processes ***
---------------------------------------------
Old habits die hard Security bod Stefan Kanthak is asking Mozilla to quit using Windows self-extracting installs.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/dev_to_mozilla_please_dump_ancient_windows_install_processes/


*** The official website of the popular vBulletin forum has been hacked ***
---------------------------------------------
The website of the vBulletin forum software is down for maintenance following a data breach that exposed personal information of hundreds of thousands users On Sunday, the vBulletin official website has been hacked by an attacker using the moniker "Coldzer0". The website has been defaced and the vBulletin forum was displaying the message "Hacked by Coldzer0." At the...
---------------------------------------------
http://securityaffairs.co/wordpress/41656/cyber-crime/vbulletin-forum-hacked.html


*** Chimera crypto-ransomware is hitting German companies ***
---------------------------------------------
A new piece of crypto-ransomware is targeting German companies: its called Chimera, and the criminals behind the scheme are threatening to release sensitive corporate data on the Internet if the targ...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/D53NfnuVrIM/malware_news.php


*** KeyPass looter: The password plunderer to hose pwned sys admins ***
---------------------------------------------
When youre owned, youre boned. Kiwi hacker Denis Andzakovic has developed an application that steals password vaults from the popular local storage vault KeyPass.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/11/03/keypass_looter_the_password_plunderer_to_hose_pwned_sys_admins/


*** Security: Kommandozeilen-Zugriff auf Bankterminal dokumentiert ***
---------------------------------------------
Ein deutscher Sicherheitsforscher hat eine Sicherheitslücke in Geldautomaten-Software gefunden. Die Schwachstelle ermöglichte den Zugriff auf die Kommandozeile des Geräts und das Auslesen zahlreicher kritischer Daten.
---------------------------------------------
http://www.golem.de/news/security-kommandozeilen-zugriff-auf-bankterminal-dokumentiert-1511-117258-rss.html


*** OTA-Patch: Google verteilt Sicherheitsupdate für Android 6.0 ***
---------------------------------------------
Die neue Android-Version 6.0 alias Marshmallow bekommt nach einem Monat ihre erste Sicherheitsaktualisierung. Grund sind insgesamt sieben Bedrohungen, von denen Google zwei als kritisch einstuft.
---------------------------------------------
http://www.golem.de/news/ota-patch-google-verteilt-sicherheitsupdate-fuer-android-6-0-1511-117261-rss.html


*** Kaspersky DDoS Intelligence Report Q3 2015 ***
---------------------------------------------
In the third quarter of 2015 botnet-assisted DDoS attacks targeted victims in 79 countries around the world; 91.6% of targeted resources were located in 10 countries. The largest numbers of DDoS attacks targeted victims in China, the US and South Korea. The longest DDoS attack in Q3 2015 lasted for 320 hours.
---------------------------------------------
http://securelist.com/analysis/quarterly-malware-reports/72560/kaspersky-ddos-intelligence-report-q3-2015/


*** Wormhole-Schwachstelle: Backdoor in über 14.000 Android-Apps ***
---------------------------------------------
Das Moplus SDK hält in zahlreichen Apps eine Hintertür für Angreifer auf, sodass diese etwa heimlich Dateien von Android-Gerät abziehen und SMS-Nachrichten versenden können.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Wormhole-Schwachstelle-Backdoor-in-ueber-14-000-Android-Apps-2868252.html?wt_mc=rss.ho.beitrag.rdf


*** A few things about Redis security ***
---------------------------------------------
>From time to time I get security reports about Redis. It's good to get reports, but it's odd that what I get is usually about things like Lua sandbox escaping, insecure temporary file creation, and similar issues, in a software which is designed (as we explain in our security page here http://redis.io/topics/security) to be totally insecure if exposed to the outside world. Yet these bug reports are often useful since there are different levels of security concerning any software in...
---------------------------------------------
http://antirez.com/news/96


*** How Carders Can Use eBay as a Virtual ATM ***
---------------------------------------------
How do fraudsters "cash out" stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they dont yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate...
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/E4QijbOr8i0/


*** ORX-Locker, a Web Platform to Create Ransomware ***
---------------------------------------------
The only thing more dangerous than cryptolocker-type ransomware in the hands of a highly skilled hacker is the same ransomware offered as a service and made available to the general public. Similar to the private TOX RaaS (Ransomware as a Service) platform discovered in August, ORX-Locker is a free-to-use web platform where anyone can create and download malware that will encrypt a victim's file system and demand payment for recovery. This is one of the first public RaaS sites we've...
---------------------------------------------
https://feeds.feedblitz.com/~/122089935/0/alienvault-blogs~ORXLocker-a-Web-Platform-to-Create-Ransomware


*** XcodeGhost S: A New Breed Hits the US ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html


*** Enhancing pentesting recon with nmap, (Tue, Nov 3rd) ***
---------------------------------------------
You might have used nmap several times for recon using the conventional portscan functionality (Connect scan, SYN Scan, FIN scan, UDP scan, ...) but for gathering extra info like HTTP directories, DNS host enumeration without performing zone transfer, Microsoft SQL Server enumeration and SMB device info people usually uses additional tools. I will show you how nmap can provide that information without use of extra tools: 1. HTTP Directories The http-enum script is able to test for the existence...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20331&rss


*** VU#316888: MobaXterm server may allow arbitrary command injection due to missing X11 authentication ***
---------------------------------------------
Vulnerability Note VU#316888 MobaXterm server may allow arbitrary command injection due to missing X11 authentication Original Release date: 02 Nov 2015 | Last revised: 02 Nov 2015   Overview The MobaXterm server prior to verion 8.3 is vulnerable to arbitrary command injection over port 6000 when using default X11 settings.  Description CWE-306: Missing Authentication for Critical Function - CVE-2015-7244MobaXterm server prior to version 8.3 includes an X11 server listening on all IP addresses...
---------------------------------------------
http://www.kb.cert.org/vuls/id/316888


*** Security Advisory - Local Permission Escalation Vulnerability in GPU of P7 Phones ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-460276.htm


*** Cisco Unified Computing System Blade Server Information Disclosure Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151102-ucs


*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7852 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17516.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7850 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17528.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7701 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17517.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerabilities CVE-2015-7704 and CVE-2015-7705 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17527.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7703 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17529.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7848 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17526.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17530.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7871 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17518.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7849 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17521.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7854 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17524.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7853 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17525.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7855 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17515.html?ref=rss
---------------------------------------------
*** Security Advisory: NTP vulnerability CVE-2015-7851 ***
https://support.f5.com:443/kb/en-us/solutions/public/17000/500/sol17522.html?ref=rss
---------------------------------------------