[CERT-daily] Tageszusammenfassung - Freitag 13-11-2015

Fri Nov 13 18:35:31 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 12-11-2015 18:00 − Freitag 13-11-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Using Facebook to log in - safe or not? ***
---------------------------------------------
Open up your favorite web site and you can see what this is about right away. There are in many cases two options, an ordinary log-in and "Log in with Facebook". Have you been using the Facebook option? It is quite convenient, isn't it? I was talking to a journalist about privacy a while ago...
---------------------------------------------
http://safeandsavvy.f-secure.com/2015/11/12/using-facebook-to-log-in-safe-or-not/


*** MIG Mozilla InvestiGator ***
---------------------------------------------
Search through your infrastructure in real-time from the command line
---------------------------------------------
https://jve.linuxwall.info/ressources/taf/LISA15/


*** ZipInputStream Armageddon ***
---------------------------------------------
Again, again, again .. and again these bugs are turning up because of the general lack of validation occurring on the ZIP contents. In most cases this is probably due to the fact that developers are making assumptions that these ZIP files are not being tampered with, and therefore dont really consider the ramifications.
---------------------------------------------
http://rotlogix.com/2015/11/12/zipinputstream-armageddon/


*** botfrei.de: Werbeblocker-Sanktionen "der falsche Weg" ***
---------------------------------------------
Das "Anti-Botnet Beratungszentrums" botfrei.de und der Betreiber, der eco Verband der Internetwirtschaft, halten Online-Werbung für wichtig. Sanktionen gegen Werbeblocker würden aber wichtige Nutzerinteressen unberücksichtigt lassen.
---------------------------------------------
http://heise.de/-2920022


*** One BadBarcode Spoils Whole Bunch ***
---------------------------------------------
At PacSec 2015, researchers demonstrated attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands.
---------------------------------------------
http://threatpost.com/one-badbarcode-spoils-whole-bunch/115362/


*** Google Reconnaissance, Sprinter-style, (Fri, Nov 13th) ***
---------------------------------------------
When doing security assessments or penetration tests, theres a significant amount of findings that you can get from search engines. For instance, if a client has sensitive information or any number of common vulnerabilities, you can often find those with a Google or Bing search, without sending a single packet to the clients infrastructure. This concept is called google dorking, and was pioneered by Johnny Long back in the day (he has since moved on to other projects see...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20375&rss


*** Researchers Discover Two New Strains of POS Malware ***
---------------------------------------------
Two new and different strains of point of sale malware have come to light, including one that's gone largely undetected for the past five years.
---------------------------------------------
http://threatpost.com/researchers-discover-two-new-strains-of-pos-malware/115350/


*** Spring Social Core Vulnerability Disclosure ***
---------------------------------------------
Today we would like to announce the discovery of a vulnerability in the Spring Social Core library. Spring Social provides Java bindings to popular service provider APIs like GitHub, Facebook, Twitter, etc., and is widely used by developers. All current versions (1.0.0.RELEASE to 1.1.2.RELEASE) of the library are affected by this vulnerability.
---------------------------------------------
https://blog.srcclr.com/spring-social-core-vulnerability-disclosure/


*** Unitronics VisiLogic OPLC IDE Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on November 3, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides mitigation details for vulnerabilities in Unitronics VisiLogic OPLC IDE.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02


*** Security Advisory - App Validity Check Bypass Vulnerability in Huawei P7 Smartphone ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-397472.htm


*** Security Notice - Statement on Black Hat Europe 2015 Revealing Security Vulnerability in Huawei P7 Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-461981.htm


*** DFN-CERT-2015-1761: Jenkins: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1761/


*** Cisco AnyConnect Secure Mobility Client Arbitrary File Move Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc


*** Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios2


*** Cisco Aironet 1800 Series Access Point SSHv2 Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151113-aironet