[CERT-daily] Tageszusammenfassung - Mittwoch 4-11-2015

Daily end-of-shift report team at cert.at
Wed Nov 4 18:31:55 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 03-11-2015 18:00 − Mittwoch 04-11-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Return of the EXIF PHP Joomla Backdoor ***
---------------------------------------------
Our Remediation and Research teams are in constant communication and collaboration. It's how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats that aren't new but may be reoccuring. Such as today's post, in which we explore a case we shared close to two years ago where...
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/VZAI0vVYGjI/exif-php-joomla-backdoor.html




*** Researchers map out hard-to-kill, multi-layered spam botnet ***
---------------------------------------------
A dropper component sent to the Akamai researchers led them to the discovery of a spamming botnet that consists of at least 83,000 compromised systems. The botnet is multi-layered, decentralized, a...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/B72jnhO-1Ds/secworld.php




*** Nach Hack des Support-Forums: Mysteriöser vBulletin-Patch erschienen ***
---------------------------------------------
Nach einem Angriff auf das offizielle Support-Forum der Forensoftware vBulletin ist ein Sicherheitsupdate erschienen. Ob dies die Lücke stopft, die bei dem Angriff ausgenutzt wurde, ist nicht ganz klar.
---------------------------------------------
http://heise.de/-2869989




*** Internet Wide Scanners Wanted, (Wed, Nov 4th) ***
---------------------------------------------
In our data, we often find researchers performing internet wide scans. To better identify these scans, we would like to add a label to these IPs identifying them as part of a research project. If you are part of such a project, or if you know of a project, please let me know. You can submit any information as a comment or via our contact form. If the IP addresses change often, then a URLs with a parseable list would be appreciated to facilitate automatic updates. --- Johannes B. Ullrich, Ph.D.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20337&rss




*** GovRAT, the malware-signing-as-a-service platform in the underground ***
---------------------------------------------
Security Experts at InfoArmor discovered GovRAT, a malware-signing-as-a-service platform that is offered to APT groups in the underground. In the past, I have explained why digital certificates are so attractive for crooks and intelligence agencies, one of the most interesting uses is the signature of malware code in order to fool antivirus. Naturally, digital certificates...
---------------------------------------------
http://securityaffairs.co/wordpress/41714/cyber-crime/govrat-platform.html




*** Confusing Convenience for Security: SSH Keys ***
---------------------------------------------
Secure Shell (SSH) keys are a common part of accessing Unix systems, and you need to put some focus specifically on your organization's use of SSH keys.
---------------------------------------------
http://blog.beyondtrust.com/confusing-convenience-for-security-ssh-keys




*** Security Fixes in Firefox 42 ***
---------------------------------------------
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox42




*** VU#391604: ZTE ZXHN H108N R1A routers contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#391604 ZTE ZXHN H108N R1A routers contains multiple vulnerabilities Original Release date: 03 Nov 2015 | Last revised: 03 Nov 2015   Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, and ZXV10 W300 router, version W300V1.0.0f_ER1_PE, contain multiple vulnerabilities.  Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials and other sensitive details about the ZXHN...
---------------------------------------------
http://www.kb.cert.org/vuls/id/391604




*** Alcatel-Lucent Home Device Manager Spoofing ***
---------------------------------------------
Topic: Alcatel-Lucent Home Device Manager Spoofing Risk: Low Text: ## # # SWISSCOM CSIRT ADVISORY - https://www.swisscom.ch/en/about/sustainability/digital- #switze...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015110029




*** DSA-3391 php-horde - security update ***
---------------------------------------------
It was discovered that the web-based administration interface in theHorde Application Framework did not guard against Cross-Site RequestForgery (CSRF) attacks. As a result, other, malicious web pages couldcause Horde applications to perform actions as the Horde user.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3391




*** DSA-3392 freeimage - security update ***
---------------------------------------------
Pengsu Cheng discovered that FreeImage, a library for graphic imageformats, contained multiple integer underflows that could lead to adenial of service: remote attackers were able to trigger a crash bysupplying a specially crafted image.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3392




*** Bugtraq: [security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536827




*** Bugtraq: [security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536824




*** Security Advisory - Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-460347.htm




*** Security Notice - Statement on Venustech Revealing Heap Overflow Vulnerability in Huawei Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-460363.htm




*** Bugtraq: FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED] ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536833




*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm
---------------------------------------------
*** Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa1
---------------------------------------------
*** Cisco Mobility Services Engine Static Credential Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred
---------------------------------------------
*** Cisco AsyncOS TCP Flood Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos
---------------------------------------------
*** Cisco Web Security Appliance Range Request Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa2
---------------------------------------------
*** Cisco Mobility Services Engine Privilege Escalation Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse
---------------------------------------------
*** Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-wsa
---------------------------------------------
*** Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2


More information about the Daily mailing list