[CERT-daily] Tageszusammenfassung - Dienstag 24-11-2015

Tue Nov 24 18:09:51 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 23-11-2015 18:00 − Dienstag 24-11-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Stealthy GlassRAT Spies on Commercial Targets ***
---------------------------------------------
RSA has uncovered GlassRAT, a spy tool targeting commercial targets thats signed with a stolen certificate from a large developer in China.
---------------------------------------------
http://threatpost.com/stealthy-glassrat-spies-on-commercial-targets/115453/


*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-vts
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-fire
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150520-CVE-2015-0741
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-asa


*** Multiple vulnerabilities in Apache Commons affecting IBM products ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21971377
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21971376
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21971415
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21971412
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21971246


*** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by operating system command vulnerability (CVE-2015-7426) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21971484


*** IBM Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2015-7416 ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1020995


*** IBM Security Bulletin: IBM Smart Analytics System 5600 is affected by a vulnerability in IBM GPFS (CVE-2015-1788) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21969177


*** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect Sytem Storage DS8000 ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1005448


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect AppScan Standard (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21970847


*** Security Advisory - Overflow Vulnerabilities in SNMPv3 ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260601.htm


*** Worlds most complex cash register malware plunders millions in US ***
---------------------------------------------
ModPos kernel monster threatens haul during festive shopping blitz The worlds most complex sales till malware has been discovered ... after it ripped millions of bank cards from US retailers ..
---------------------------------------------
www.theregister.co.uk/2015/11/24/modpos_point_of_sale_malware/


*** Break a dozen secret keys, get a million more for free ***
---------------------------------------------
For many years NIST has officially claimed that AES-128 has "comparable strength" to 256-bit ECC, namely 128 "bits of security". Ten years ago, in a talk "Is 2255−19 big enough?", I disputed this claim. The underlying attack algorithms had already been known for years, and its not hard to see their impact on key-size selection; but somehow NIST hadnt gotten ..
---------------------------------------------
http://blog.cr.yp.to/20151120-batchattacks.html


*** Steam Weak File Permissions Privilege Escalation ***
---------------------------------------------
A low privileged user could modify the steam.exe binary and obtain code execution with elevated privileges upon an administrator login or execution of steam.exe
---------------------------------------------
http://www.securityfocus.com/archive/1/536961


*** Security Advisory - Memory Overflow Vulnerability in the Huawei Smartphone ***
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-462918.htm


*** Root-CA-Zertifikat: Dell will eDellRoot über Update entfernen ***
---------------------------------------------
Dell versichert, dass Besitzer eines Dell-Computers das vom Hersteller standardmäßig installierte gefährliche CA-Zertifikat über ein Update deinstallieren oder per Hand dauerhaft entfernen können.
---------------------------------------------
http://heise.de/-3015616


*** 3 Attacks on Cisco TACACS+: Bypassing the Ciscos auth ***
---------------------------------------------
I would like to tell the results of my little security research of TACACS+ protocol.
---------------------------------------------
http://agrrrdog.blogspot.ca/2015/11/3-attacks-on-cisco-tacacs-bypassing.html


*** Hackers do the Haka - Part 1 ***
---------------------------------------------
Haka is an open source network security oriented language that allows writing security rules and protocol dissectors. In this first part of a two-part series, we will focus on writing security rules.
---------------------------------------------
http://thisissecurity.net/2015/11/23/hackers-do-the-haka-part-1/


*** Heap Overflow in PCRE ***
---------------------------------------------
There are two variants of PCRE, the classic one and PCRE2. PCRE2 is not affected. ... If you use PCRE with potentially untrusted regular expressions you should update immediately. There is no immediate risk if you use regular expressions from a trusted source with an untrusted input.
---------------------------------------------
https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html


*** Ermittlern gelingt Schlag gegen weltweit agierende Phisher-Bande ***
---------------------------------------------
Das LKA Sachsen hat fünf Tatverdächtige verhaftet, die bandenmäßig mit Betrugsanrufen PIN-Codes für Online-Zahlungsgutscheine abgephisht haben sollen.
---------------------------------------------
http://heise.de/-3016944


*** WP Page Widget <= 2.7 - Authenticated Reflected Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8317


*** Social Share Button <= 2.1 - Authenticated Persistent Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8326


*** Google kann Android-Geräte aus der Ferne entsperren ***
---------------------------------------------
Google kann offensichtlich die Bildschirmsperren der meisten Android-Geräte auf Behördenanordnung zurücksetzen. Das geht aus dem Bericht eines New Yorker Bezirksstaatsanwalt hervor. Der einzige Schutz dagegen ist die Vollverschlüsselung.
---------------------------------------------
http://heise.de/-3015984


*** WP Live Chat Support <= 4.3.5 - Unauthenticated Blind SQL Injection ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8343


*** WR ContactForm <= 1.1.9 - Authenticated SQL Injection ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8341