[CERT-daily] Tageszusammenfassung - Dienstag 1-09-2015

Daily end-of-shift report team at cert.at
Tue Sep 1 18:24:38 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 31-08-2015 18:00 − Dienstag 01-09-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** How the SIEM Solution Can Help in Achieving PCI-DSS ***
---------------------------------------------
We all know that PCI-DSS is one of the toughest compliances/certifications to hold, but organizations that seek to be PCI-DSS compliant can greatly benefit if they incorporate a SIEM solution around the Card Holder Data Environment (CDE). In this article, we will learn how the SIEM solution can be leveraged to satisfy a majority of...
---------------------------------------------
http://resources.infosecinstitute.com/how-the-siem-solution-can-help-in-achieving-pci-dss/




*** Microsoft accused of adding spy features to Windows 7, 8 ***
---------------------------------------------
The privacy impact of Windows telemetry features continues to be scrutinized.
---------------------------------------------
http://arstechnica.com/information-technology/2015/08/microsoft-accused-of-adding-spy-features-to-windows-7-8/




*** ORX Locker, the new Darknet Ransomware-as-a-service platform ***
---------------------------------------------
Security experts at Sensecy have uncovered ORX-Locker, a Darknet Ransomware-as-a-service platform that could allow everyone to become a cyber criminal. It is becoming even easier to become a cyber-criminal thanks to the model of sale known as malware-as-a-service that offers off-the-shelf malware for rent or sale. Recently malware authors started to offer also Ransomware-as-a-Service (RaaS), in...
---------------------------------------------
http://securityaffairs.co/wordpress/39753/cyber-crime/orx-locker-raas.html
3430




*** l+f: Simuliertes Firmennetz als Spielwiese für Hacker ***
---------------------------------------------
Im simulierten Netzwerk des Penetration Test Lab kann man virtuellen Systemen mit echten Pentesting-Tools auf den Zahn fühlen.
---------------------------------------------
http://heise.de/-2795897




*** Android: Mehr Smartphones mit vorinstallierter Malware ***
---------------------------------------------
Zwischenhändler sollen immer mehr Modelle aus dem Android-Lager vor dem Verkauf manipulieren, indem sie beliebte Apps mit Malware-Komponenten ausstatten und auf den Geräten installieren.
---------------------------------------------
http://heise.de/-2794608




*** MassVet finds unknown malicious apps in app stores in 10 Sec ***
---------------------------------------------
A group of researchers have developed a method dubbed Mass Vetting (MassVet) to find unknown malicious apps in app stores in 10 Seconds. A group of University researchers has created a new method for detecting malicious apps running on an Android devices called MassVet. MassVet doesn't use the old method of signatures scanning, instead it compares...
---------------------------------------------
http://securityaffairs.co/wordpress/39762/malware/massvet-android-scan.html




*** iOS-Trojaner ermöglichte Einkauf im App Store mit gehackten Accounts ***
---------------------------------------------
Palo Alto Networks hat Details zu der letzte Woche entdeckten Hintertür in mehreren in China verteilten Jailbreak-Apps und Tweaks genannt. Demnach arbeitet die Malware äußerst trickreich. Gestohlen wurden 225.000 iCloud-Accounts.
---------------------------------------------
http://heise.de/-2795857




*** Tired of memorizing passwords? A Turing Award winner came up with this algorithmic trick ***
---------------------------------------------
Passwords are a bane of life on the Internet, but one Turing Award winner has an algorithmic approach that he thinks can make them not only easier to manage but also more secure.The average user has some 20 passwords today, and in general the easier they are to remember, the less secure they are. When passwords are used across multiple websites, they become even weaker.Manuel Blum, a professor of computer science at Carnegie Mellon University who won the Turing Award in 1995, has been working...
---------------------------------------------
http://www.csoonline.com/article/2978170/data-protection/tired-of-memorizing-passwords-a-turing-award-winner-came-up-with-this-algorithmic-trick.html#tk.rss_applicationsecurity




*** What Can you Learn from Metadata? ***
---------------------------------------------
An Australian reporter for the ABC, Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life. They did pretty well, even though they were amateurs, which should give you some idea what professionals can do....
---------------------------------------------
https://www.schneier.com/blog/archives/2015/09/what_can_you_le.html




*** Cisco AsyncOS for Cisco Email Security Appliance and Cisco Web Security Appliance Cluster Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39785




*** Cisco ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40708




*** DSA-3346 drupal7 - security update ***
---------------------------------------------
Several vulnerabilities were discovered in Drupal, a content managementframework:
---------------------------------------------
https://www.debian.org/security/2015/dsa-3346




*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_gb




*** Bugtraq: [security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536363




*** Bugtraq: [security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536364




*** DFN-CERT-2015-1329: MediaWiki: Mehrere Schwachstellen ermöglichen u.a. einen Denial-of-Service-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1329/




*** Security Advisory: Apache HTTP server vulnerability CVE-2008-0455 ***
---------------------------------------------
(SOL17201)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/17000/200/sol17201.html?ref=rss




*** USN-2727-1: GnuTLS vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2727-11st September, 2015gnutls28 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04SummaryGnuTLS could be made to crash or run programs if it processed a speciallycrafted certificate.Software description gnutls28 - GNU TLS library  DetailsIt was discovered that GnuTLS incorrectly handled parsing CRL distributionpoints. A remote attacker could possibly use this issue to cause a denialof service, or execute arbitrary
---------------------------------------------
http://www.ubuntu.com/usn/usn-2727-1/




*** USN-2726-1: Expat vulnerability ***
---------------------------------------------
Ubuntu Security Notice USN-2726-131st August, 2015expat vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryExpat could be made to crash or run programs as your login if it opened aspecially crafted file.Software description expat - XML parsing C library  DetailsIt was discovered that Expat incorrectly handled malformed XML data. If auser or application linked against Expat were tricked into opening acrafted
---------------------------------------------
http://www.ubuntu.com/usn/usn-2726-1/




*** VU#361684: Router devices do not implement sufficient UPnP authentication and security ***
---------------------------------------------
Vulnerability Note VU#361684 Router devices do not implement sufficient UPnP authentication and security Original Release date: 31 Aug 2015 | Last revised: 31 Aug 2015   Overview Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures.  Description The UPnP protocol allows automatic device discovery and interaction with devices on a network. The UPnP protocol was originally designed with the threat model of
---------------------------------------------
http://www.kb.cert.org/vuls/id/361684




*** VU#201168: Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#201168 Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities Original Release date: 31 Aug 2015 | Last revised: 31 Aug 2015   Overview Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities.  Description CWE-330: Use of Insufficiently Random Values - CVE-2015-5987DNS queries originating from the Belkin N600, such as those to resolve the names of firmware
---------------------------------------------
http://www.kb.cert.org/vuls/id/201168


More information about the Daily mailing list