[CERT-daily] Tageszusammenfassung - Mittwoch 21-10-2015

Wed Oct 21 18:04:58 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 20-10-2015 18:00 − Mittwoch 21-10-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** VMSA-2015-0003.13 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0003.html


*** APPLE-SA-2015-10-20-1 OS X: Flash Player plug-in blocked ***
---------------------------------------------
Due to security issues in older versions, Apple has updated the
web plug-in blocking mechanism to disable all versions prior to
Flash Player 19.0.0.226 and 18.0.0.255.
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2015/Oct/msg00001.html


*** VMSA-2015-0007.2 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2015-0007.html


*** Oracle Linux Bulletin - October 2015 ***
---------------------------------------------
Oracle Linux Bulletin - October 2015
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html


*** New Headaches: How The Pawn Storm Zero-Day Evaded Java's Click-to-Play Protection ***
---------------------------------------------
Several months ago, we disclosed that Pawn Storm was using a then-undiscovered zero-day Java vulnerability to carry out its attacks. At the time, we noted that a separate vulnerability was used to bypass the click-to-play protection that is in use by Java. This second vulnerability has now been ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/


*** Multiple vulnerabilities in SAP products ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-532/
http://www.zerodayinitiative.com/advisories/ZDI-15-531/
http://www.zerodayinitiative.com/advisories/ZDI-15-530/
http://www.zerodayinitiative.com/advisories/ZDI-15-529/
http://www.zerodayinitiative.com/advisories/ZDI-15-528/
http://www.zerodayinitiative.com/advisories/ZDI-15-527/
http://www.zerodayinitiative.com/advisories/ZDI-15-526/


*** G DATA Malware Report - January - June 2015 ***
---------------------------------------------
The G Data SecurityLabs published the Malware Report for the first half of 2015. Here are the most important findings.
---------------------------------------------
https://blog.gdatasoftware.com/blog/article/g-data-malware-report-january-june-2015.html


*** EMET: To be, or not to be, A Server-Based Protection Mechanism ***
---------------------------------------------
Hi Folks - Platforms PFE Dan Cuomo here to discuss a common question seen in the field: 'My customer is deploying EMET and would like to know if it is supported on Server Operating Systems.' On the surface there is a simple answer to this question, ..
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2015/10/20/emet-to-be-or-not-to-be-a-server-based-protection-mechanism.aspx


*** Hack.lu 2015 Wrap-Up Day #1 ***
---------------------------------------------
Today started the 11th edition of hack.lu in Luxembourg. Being one of my preferred event, I drove to Luxembourg this morning direction to the Alvisse Parc hotel! The first day started with a security breakfast and a round ..
---------------------------------------------
https://blog.rootshell.be/2015/10/20/hack-lu-2015-wrap-up-day-1/


*** Flash, Java Patches Fix Critical Holes ***
---------------------------------------------
Adobe has issued a patch to fix a zero-day vulnerability in its Flash Player software. Separately, Oracle today released an update to plug more than two-dozen flaws in its Java software. Both programs plug directly into the browser and are ..
---------------------------------------------
http://krebsonsecurity.com/2015/10/flash-java-patches-fix-critical-holes/


*** Online-Banking: Neue Angriffe auf die mTAN ***
---------------------------------------------
Betrüger haben wieder einmal eine Methode gefunden, um Daten von Kunden beim Online-Banking abzugreifen und das mTAN-System auszuhebeln.
---------------------------------------------
http://heise.de/-2851624


*** Microsoft startet Bug-Bounty-Programm für .NET Core und ASP.NET ***
---------------------------------------------
Bis zum 20. Januar 2016 können Entwickler im Rahmen des Programms auf Sicherheitslücken in den Betas der CoreCLR und ASP.NET 5 hinweisen. Gute Lösungsvorschläge sind Microsoft bis zu 15.000 US-Dollar wert.
---------------------------------------------
http://heise.de/-2851587


*** Gwolle Guestbook <= 1.5.3 - Remote File Inclusion (RFI) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8218


*** High-Tech Bridge launches free PCI and NIST compliant SSL test ***
---------------------------------------------
High-Tech Bridge is pleased to announce availability of its new online service to test SSL/TLS server security and configuration for compliance with NIST and PCI DSS.
---------------------------------------------
https://www.htbridge.com/news/high-tech-bridge-launches-free-pci-and-nist-compliant-ssl-test.html


*** Metadaten-Leak: 1Password stellt Dateiformat um ***
---------------------------------------------
Nutzer der Abgleichfunktion "1Password Anywhere" hinterließen unter Umständen eine Liste mit den von ihnen verwendeten Websites im Netz. Ein neues Dateiformat für den Passworttresor soll Abhilfe schaffen.
---------------------------------------------
http://heise.de/-2851618


*** IniNet Solutions embeddedWebServer Cleartext Storage Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a cleartext storage of sensitive information vulnerability in the IniNet Solutions GmbH embeddedWebServer.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-293-01


*** IniNet Solutions SCADA Web Server Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for three vulnerabilities in the IniNet Solutions GmbH SCADA Web Server.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02


*** 3S CODESYS Gateway Null Pointer Exception Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a null pointer exception vulnerability in the 3S-Smart Software Solutions GmbH CODESYS Gateway Server.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-293-03


*** Angriffe auf Magento-Shops über bereits bekannte Lücken ***
---------------------------------------------
Die aktuellen Angriffe auf Tausende von Magento-Webseiten finden wohl über Lücken statt, für die bereits Patches existieren. Außerdem werden auch Seiten angegriffen, die Magento gar nicht einsetzen.
---------------------------------------------
http://heise.de/-2851842


*** Hacking Challenge: Staatsdruckerei sucht IT-Talente ***
---------------------------------------------
Die Österreichische Staatsdruckerei veranstaltet auf der Karrieremesse des Campus Hagenberg der FH OÖ eine Hacking Challenge mit dem Ziel, junge IT-Talente zu finden. 
---------------------------------------------
http://futurezone.at/digital-life/hacking-challenge-staatsdruckerei-sucht-it-talente/159.762.396


*** Kampagnen Malvertising Campaign Goes After German Users ***
---------------------------------------------
Malvertising targets German users via carefully crafted attack to dupe ad networks...)
---------------------------------------------
https://blog.malwarebytes.org/malvertising-2/2015/10/kampagnen-malvertising-campaign-goes-after-german-users/


*** Trend Micro kauft Tipping Point ***
---------------------------------------------
Mit Tipping Point verleibt sich der Antiviren-Hersteller auch die Zero Day Initiative (ZDI) und die Digital Vaccine Labs ein. Tipping Point, bisher Teil von HP, ist unter anderem auch als Sponsor der Pwn2Own-Events bekannt.
---------------------------------------------
http://heise.de/-2851848