[CERT-daily] Tageszusammenfassung - Mittwoch 14-10-2015

Wed Oct 14 18:14:24 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 13-10-2015 18:00 − Mittwoch 14-10-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Patchday: Adobe schließt kritische Lücken in Flash und Reader ***
---------------------------------------------
Sicherheitslücken in beiden Produkten erlauben es Angreifern, den Rechner des Opfers aus der Ferne zu kapern. Bei Flash werden insgesamt 13 Lücken durch die Updates geschlossen, bei Acrobat und Reader sind es 56 Lücken.
---------------------------------------------
http://heise.de/-2845079


*** Nach Patchday: Flash über neue Sicherheitslücke immer noch angreifbar ***
---------------------------------------------
Eine Sicherheitsfirma berichtet von gezielten Angriffen, die momentan stattfinden und eine Zero-Day-Lücke in der aktuellen Flash-Version für Windows missbrauchen.
---------------------------------------------
http://heise.de/-2846807


*** MS15-OCT - Microsoft Security Bulletin Summary for October 2015 - Version: 1.0 ***
---------------------------------------------
This bulletin summary lists security bulletins released for October 2015.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS15-OCT


*** Microsoft Patch Tuesday - October 2015 ***
---------------------------------------------
This month the vendor is releasing six bulletins covering a total of 33 vulnerabilities. Thirteen of this months issues are rated Critical.
---------------------------------------------
http://www.symantec.com/connect/blogs/microsoft-patch-tuesday-october-2015


*** Redirect to Microsoft Word Macro Virus ***
---------------------------------------------
These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It's not just email attachments when it comes to sharing infected documents. For example, this malicious file was found on a hacked Joomla site by our analyst Krasimir Konov.
---------------------------------------------
https://blog.sucuri.net/2015/10/redirect-to-microsoft-word-macro-virus.html


*** The Web Authentication Arms Race - A Tale of Two Security Experts ***
---------------------------------------------
Web authentication systems have evolved over the past ten years to counter a growing variety of threats. This post will present a fictional arms race between a web application developer and an attacker, showing how different threats can be countered with the latest security technologies.
---------------------------------------------
http://blog.slaks.net/2015-10-13/web-authentication-arms-race-a-tale-of-two-security-experts/


*** MSRT October 2015: Tescrypt ***
---------------------------------------------
Octobers  Microsoft Malicious Software Removal Tool (MSRT) includes detection and remediation for the following families:  Tescrypt Blakamba Diplugem Escad Joanap Brambul Drixed  This blog focuses on the ransomware family  Tescrypt. Tescrypt started showing up early in 2015 and, like most of its file-encrypting predecessors, it does what most typical ransomware does:  Searches for specific file types on the infected machine (see  our encyclopedia description for a list of known file extensions
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2015/10/13/msrt-october-2015-tescrypt.aspx


*** AndroidVulnerabilities.org - Calculating the score ***
---------------------------------------------
We developed the FUM score to compare the security provided by different device manufacturers. The score gives each Android manufacturer a score out of 10 based on the security they have provided to their customers over the last four years.
---------------------------------------------
http://androidvulnerabilities.org/


*** AV Phone Scan via Fake BSOD Web Pages, (Tue, Oct 13th) ***
---------------------------------------------
A few days ago, I found a malicious website which triesto lure the visitor by simulating a Microsoft Windows Blue Screen of Death(BSOD) and popping up error messages within their browser. This is not a brand new attack but it remains in the wild. For a while, we saw Microsoft engineers calling people to warn them about an important problem with their computer (I blogged about this last year). In this case, it is different: the computer itself warns the user about a security issue and users...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20251&rss


*** Injection on Steroids: Code-less Code Injections and 0-Day Techniques ***
---------------------------------------------
In this talk, we discuss known-yet-complex and less documented code injection techniques. We further expose additional new user- and kernel-mode injection techniques. One of these techniques we've coined as "code-less code injection" since, as opposed to other known injection techniques, does not require adding code to the injected process. We also reveal an additional kernel-mode code injection which is a variation to the technique used by the AVs. However, as we demonstrate,...
---------------------------------------------
http://breakingmalware.com/injection-techniques/code-less-code-injections-and-0-day-techniques/


*** On (OAuth) token hijacks for fun and profit part #2 (Microsoft/xxx integration) ***
---------------------------------------------
In a previous blogpost we have already analyzed a token hijack on one OAuth integration between some Microsoft and Google service and seen what went wrong. Now it is time to see yet another integration between Microsoft and xxxx (unluckily I cant disclose the name of the other company due the fact the havent still fixed a related issue...) and see some fallacy. But before to focus on the attack we might need a bit of introduction.
---------------------------------------------
http://intothesymmetry.blogspot.ie/2015/10/on-oauth-token-hijacks-for-fun-and.html


*** VU#870744: ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#870744 ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities Original Release date: 13 Oct 2015 | Last revised: 13 Oct 2015   Overview Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting.  Description CWE-255: Credentials Management - CVE-2015-6016According to the reporter, the following models contain the weak...
---------------------------------------------
http://www.kb.cert.org/vuls/id/870744


*** KerioControl Input Validation and Access Control Flaws Let Remote Users Conduct Cross-Site Request Forgery, Cross-Site Scripting, and SQL Injection Attacks and Remote Authenticated Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1033807