[CERT-daily] Tageszusammenfassung - Freitag 23-10-2015

Fri Oct 23 18:07:20 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 22-10-2015 18:00 − Freitag 23-10-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a

*** Red Hat CVE Database Revamp ***
---------------------------------------------
Since 2009, Red Hat has provided details of vulnerabilities with CVE names as part of our mission to provide as much information around vulnerabilities that affect Red Hat products as possible. These CVE pages distill information from a variety ..
---------------------------------------------
https://securityblog.redhat.com/2015/10/22/red-hat-cve-database-revamp/

*** Hack.lu 2015 Wrap-Up Day #3 ***
---------------------------------------------
I just drove back to home after the 11th edition of hack.lu. As always, it was an amazing event organized by, amongst others, many team members of the CIRCL. So, let's write a quick wrap-up for this third day. Some talk will be less covered due to interesting chat sessions with a lot of infosec peers. Lik ..
---------------------------------------------
https://blog.rootshell.be/2015/10/22/hack-lu-2015-wrap-up-day-3/

*** Oracle Critical Patch Update Advisory - October 2015 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

*** Janitza UMG Power Quality Measuring Products Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on September 22, 2015, and is being released to the ICS-CERT web site. This advisory provides mitigation details for several vulnerabilities in the Janitza UMG power quality measuring products. Janitza has produced new firmware and new documentation to mitigate these vulnerabilities.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03

*** 5E5: Die nächste runde Ticketnummer ***
---------------------------------------------
Es ist soweit: unser Ticketsystem hat wieder eine symbolische Grenze überschritten: Wir haben das Ticket #500000 behandelt:Date: Thu Oct 22 11:07:54 2015Queue: InvestigationsSubject: [CERT.at #500000] SSDP-Service aus dem Internet erreichbar in AS12635 Was bedeuten diese Zahlen? Und was nicht? Wir bekommen und senden ..
---------------------------------------------
http://www.cert.at/services/blog/20151023103846-1610.html

*** Forscher demontieren App-TANs der Sparkasse ***
---------------------------------------------
"Komfortabel, aber leider unsicher" - so lässt sich das Ergebnis eines Forschungsprojekts zu den von immer mehr Banken angebotetenen App-basierten TAN-Verfahren zusammenfassen. Die Online-Banking-Apps der Sparkasse haben sie bereits geknackt.
---------------------------------------------
http://heise.de/-2853492

*** CCTV botnets proliferate due to unchanged default factory credentials ***
---------------------------------------------
Incapsula researchers have uncovered a botnet consisting of some 9,000 CCTV cameras located around the world, which was being used to target, among others, one of the companys clients with HTTP flood...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19020

*** PMASA-2015-5 ***
---------------------------------------------
Content spoofing vulnerability when redirecting user to an external siteAffected VersionsVersions 4.4.x (prior to 4.4.15.1) and 4.5.x (prior to 4.5.1) are affected.CVE ID2015-7873
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2015-5/

*** Malvertising-Kampagne verteilt Exploit-Kit über ebay.de ***
---------------------------------------------
Betrüger sollen aktuell Werbenetzwerke missbrauchen, um Exploit-Kits über Werbeanzeigen auf etwa ebay.de und t-online.de zu verteilen.
---------------------------------------------
http://heise.de/-2853882

Aufgrund des Feiertages am kommenden Montag, den 26.10.2015, erscheint der nächste End-of-Shift Report erst am 27.10.2015.