[CERT-daily] Tageszusammenfassung - Freitag 27-11-2015

Fri Nov 27 18:09:21 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 26-11-2015 18:00 − Freitag 27-11-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter, Robert Waldner


*** Reader's Digest and other WordPress Sites Compromised, Push Angler EK ***
---------------------------------------------
Readers Digest is among the latest compromised sites pushing Angler EK.
---------------------------------------------
https://blog.malwarebytes.org/online-security/2015/11/readers-digest-and-other-wordpress-sites-compromised-push-angler-ek/


*** Known 'Good' DNS, An Observation, (Thu, Nov 26th) ***
---------------------------------------------
This has come up enough it seems worth noting for this U.S. Thanks Giving Holiday. The concept of public Domain Name Service (DNS) is not new, but worth discussing both the merits and pitfalls. Weve discussed DNS here quite a bit over the years, for a prospectus. There are a few (this is not an endorsement *quickly looks around for legal counsel and dodges them*) good services around that are known.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20419&rss


*** DSA-3407 dpkg - security update ***
---------------------------------------------
Hanno Boeck discovered a stack-based buffer overflow in the dpkg-debcomponent of dpkg, the Debian package management system. This flaw couldpotentially lead to arbitrary code execution if a user or an automatedsystem were tricked into processing a specially crafted Debian binarypackage (.deb) in the old style Debian binary package format.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3407


*** Apache Cordova vulnerable to improper application of whitelist restrictions ***
---------------------------------------------
Apache Cordova contains a vulnerability where whitelist restrictions are not properly applied.
---------------------------------------------
http://jvn.jp/en/jp/JVN18889193/


*** ManageEngine Firewall Analyzer fails to restrict access permissions ***
---------------------------------------------
ManageEngine Firewall Analyzer provided by Zoho Corporation contains a vulerability where access permissions are not restricted.
---------------------------------------------
http://jvn.jp/en/jp/JVN12991684/


*** ManageEngine Firewall Analyzer vulnerable to directory traversal ***
---------------------------------------------
ManageEngine Firewall Analyzer provided by Zoho Corporation contains a directory traversal vulnerability.
---------------------------------------------
http://jvn.jp/en/jp/JVN21968837/


*** Defending against Actual IT Threats ***
---------------------------------------------
Roger Grimes has written an interesting paper: "Implementing a Data-Driven Computer Security Defense." His thesis is that most organizations dont match their defenses to the actual risks. His paper explains how it got to be this way, and how to fix it....
---------------------------------------------
https://www.schneier.com/blog/archives/2015/11/defending_again_4.html


*** Adobe will Weiterverteilung von Flash Player einschränken ***
---------------------------------------------
Ab Januar 2016 können nur noch Business-Anwender mit einer gültigen Lizenz den Flash Player zur Weiterverteilung herunterladen, verkündet Adobe.
---------------------------------------------
http://heise.de/-3025473


*** Paper: Optimizing ssDeep for use at scale ***
---------------------------------------------
Brian Wallace presents tool to optimize ssDeep comparisons.Malware rarely comes as a single file, and to avoid having to analyse each sample in a set individually, a fuzzy hashing algorithm tool like ssDeep can tell a researcherwhether two files are very similar - or not similar at all.When working with a large set of samples, the number of comparisons (which grows quadratically with the set size) may soon become extremely large though. To make this task more manageable, Cylance
---------------------------------------------
http://www.virusbtn.com/blog/2015/11_27.xml?rss