[CERT-daily] Tageszusammenfassung - Donnerstag 3-09-2015

Daily end-of-shift report team at cert.at
Thu Sep 3 18:39:59 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 02-09-2015 18:00 − Donnerstag 03-09-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Neuer Banking-Trojaner taucht auch in Österreich auf ***
---------------------------------------------
IBM-Forscher haben mit "Shifu" einen neuen Trojaner identifiziert, der es auf Banken aus Deutschland, Japan und Österreich abgesehen hat.
---------------------------------------------
http://futurezone.at/digital-life/neuer-banking-trojaner-taucht-auch-in-oesterreich-auf/150.654.930




*** New Versions of Carbanak Banking Malware Seen Hitting Targets in U.S. and Europe ***
---------------------------------------------
New variants of the notorious Carbanak Trojan has surfaced in Europe and the United States, and researchers say that the malware now has its own proprietary communications protocol and the samples seen so far have been digitally signed. Carbanak has been in use for several years, and researchers at Kaspersky Lab earlier this year revealed the...
---------------------------------------------
http://threatpost.com/new-versions-of-carbanak-banking-malware-seen-hitting-targets-in-u-s-and-europe/114522




*** Cross-Site-Scripting: Netflix stellt Tool zum Auffinden von Sicherheitslücken vor ***
---------------------------------------------
Der Streamingdienst Netflix erstellt nicht nur aufwendige Eigenproduktionen, sondern entwickelt auch Sicherheitstools. Jetzt hat das Unternehmen ein Werkzeug zum Auffinden von Schwächen von Cross-Site-Scripting vorgestellt.
---------------------------------------------
http://www.golem.de/news/cross-site-scripting-netflix-stellt-tool-zum-auffinden-von-sicherheitsluecken-vor-1509-116117-rss.html




*** New Android Ransomware Communicates over XMPP ***
---------------------------------------------
A new strain of Android ransomware disguised as a video player app uses an instant messaging protocol called XMPP to receive commands and communicate with the command and control server.
---------------------------------------------
http://threatpost.com/new-android-ransomware-communicates-over-xmpp/114530




*** CVE-2015-5722: Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c ***
---------------------------------------------
Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example by using a query which requires a response from a zone containing a deliberately malformed key.
---------------------------------------------
https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/




*** CVE-2015-5986: An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c ***
---------------------------------------------
An incorrect boundary check in openpgpkey_61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query.
---------------------------------------------
https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/




*** Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs




*** Symantec Ghost Explorer Utility Tool Out-of-Bounds Array Indexing ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150902_00




*** EMC Atmos XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1033456




*** Bugtraq: [SYSS-2015-016] Avaya one-X Agent - Hard-coded Cryptographic Key ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536386




*** Bugtraq: Checkmarx CxQL Sandbox bypass (CVE-2014-8778) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536387




*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Watson Explorer, Watson Content Analytics, and OmniFind Enterprise Edition (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21965348

*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Proventia Network Enterprise Scanner (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3216) ***
http://www.ibm.com/support/docview.wss?uid=swg21965845

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Controller (CVE-2015-1793) ***
http://www.ibm.com/support/docview.wss?uid=swg21965725

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Security Network Controller (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=swg21964035

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Sterling Connect:Direct Browser User Interface ***
http://www.ibm.com/support/docview.wss?uid=swg21965448

*** IBM Security Bulletin: Multiple Security Issues in IBM Media Server Due to OpenSSL Issues ***
http://www.ibm.com/support/docview.wss?uid=swg21963783

*** IBM Security Bulletin: Multiple security vulnerabilities have been identified in IBM Security Identity Manager Virtual Appliance (CVE-2015-1788 and CVE-2015-1885) ***
http://www.ibm.com/support/docview.wss?uid=swg21964241

*** IBM Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Flex System Power Compute Node Firmware (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022656




*** ZDI-15-418: (0Day) Borland AccuRev Reprise License Server edit_lf_process Remote Code Execution Vulnerability ***
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Ejh3XZSEdr0/

*** ZDI-15-417: (0Day) Borland AccuRev Reprise License Server edit_lf_get_data Command lf Parameter Path Traversal Read Vulnerability ***
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/hC9GLRY4Jiw/

*** ZDI-15-416: (0Day) Borland AccuRev Reprise License Server service_setup_doit Command Stack Buffer Overflow Vulnerability ***
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/BQougUpI_Ys/

*** ZDI-15-415: (0Day) Borland AccuRev Reprise License Management Server Path Traversal Remote Code Execution Vulnerability ***
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/WM0upaoUI1c/

*** ZDI-15-414: (0Day) Borland AccuRev Reprise License Server activate_doit Command actserver Parameter Stack Buffer Overflow Vulnerability ***
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Nr36Je9oEJU/

*** ZDI-15-413: (0Day) Borland AccuRev Reprise License Server diagnostics_doit Command outputfile Parameter File Overwrite Denial of Service Vulnerability ***
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/fhh7V-Xsyjc/

*** ZDI-15-412: (0Day) Borland AccuRev Reprise License Server activate_doit Command akey Parameter Stack Buffer Overflow Vulnerability ***
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/q60XWhjbHKo/

*** ZDI-15-411: (0Day) Borland AccuRev SaveContentServiceImpl Servlet Path Traversal Remote File Read And Deletion Vulnerabilities ***
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/oMSmmw2PaFA/


More information about the Daily mailing list