[CERT-daily] Tageszusammenfassung - Montag 21-09-2015

Daily end-of-shift report team at cert.at
Mon Sep 21 18:15:09 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 18-09-2015 18:00 − Montag 21-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner




*** Unconventional Malvertising Attack Uses New Tricks ***
---------------------------------------------
Cyber criminals are creative when using their creative, as seen in this malvertising campaign experimenting with new obfuscation tricks.
---------------------------------------------
https://blog.malwarebytes.org/malvertising-2/2015/09/unconventional-malvertising-attack-uses-new-tricks/




*** Cisco Unity Connection Web Interface SQL Injection Vulnerability ***
---------------------------------------------
A vulnerability in the web interface of Cisco Unity Connection (UC) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. 
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41074




*** Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41101




*** DSA-3361 qemu - security update ***
---------------------------------------------
Several vulnerabilities were discovered in qemu, a fast processoremulator.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3361




*** Insistent router botnet ***
---------------------------------------------
Not so long ago, monitoring attackers in our telnet honeypots helped reveal an interesting botnet composed of ASUS brand home routers. A botnet trying to log into our SSH honeypot running on Turris routers most frequently in the last two weeks is a botnet whose IP addresses, according to Shodan, often have one common characteristic: they respond with cookie AIROS_SESSIONID on port 80. This cookie points at AirOS running on Ubiquiti airRouter. 
---------------------------------------------
http://en.blog.nic.cz/2015/09/18/insistent-router-botnet/




*** Harman-Kardon Uconnect Vulnerability ***
---------------------------------------------
This advisory is a follow-up to the ICS-ALERT titled ICS-ALERT-15-203-01 FCA Uconnect Vulnerability that was published July 22, 2015, on the NCCIC/ICS-CERT web site. This advisory provides mitigation details for an unauthorized remote access to Fiat-Chrysler Automobile US (FCA US) LLC Uconnect telematics infotainment system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01




*** Deutsche Cyber-Sicherheitsorganisation DCSO gegründet ***
---------------------------------------------
Vier deutsche DAX-Konzerne wollen sich in Deutschland um die Cyber-Sicherheit kümmern. Volkswagen, Allianz, BASF und Bayer gründen einen eigenen Sicherheits-Dienstleister.
---------------------------------------------
http://heise.de/-2821882




*** AVG Antivirus Plans to Collect & Sell Your Personal Data to Advertisers ***
---------------------------------------------
We at The Hacker News are big fans of Security Software - The first thing we install while setting our Computers and Devices. Thanks to Free Security Software that protects Internet users without paying for their security. But, Remember: Nothing comes for FREE  "Free" is just a relative term, as one of the worlds most popular anti-virus companies is now admitting.
---------------------------------------------
http://thehackernews.com/2015/09/avg-antivirus.html




*** Certificate Transparency: Symantec stellt falsches Google-Zertifikat aus ***
---------------------------------------------
Offenbar zu Testzwecken ist von Symantec unberechtigterweise ein gültiges TLS-Zertifikat für Google.com ausgestellt worden. Entdeckt hat Google das über die Logs des Certificate-Transparency-Systems. 
---------------------------------------------
http://www.golem.de/news/certificate-transparency-symantec-stellt-falsches-google-zertifikat-aus-1509-116403-rss.html




*** Brief survey on methods for attacking Tor hidden service ***
---------------------------------------------
cently, MIT published an article for their recent work of identifying the hidden service of Tor by circuit fingerprinting with website fingerprinting to eventually trace down the hidden service users. This paper has been discussed on reddit and many other forums, and the question that whether Tor can be compromised becomes hot again. Here I want to have a brief overview of recent research on the methods and attempts for attacking Tor hidden services over the past years. 
---------------------------------------------
http://translate.wooyun.io/2015/09/19/Brief-survey-on-methods-for-attacking-Tor-hidden-service.html




*** SYNful Knock ***
---------------------------------------------
Introduction On 15 September 2015, FireEye published information about potentially compromised Cisco routers under the name SYNful Knock. As soon as Shadowserver became aware of these potential compromises, Shadowserver and Cisco worked together and cooperated to scan the internet to detect this affected routers to allow a more accurate notification of the affected end-users. 
---------------------------------------------
http://blog.shadowserver.org/2015/09/21/synful-knock/




*** Inside Target Corp., Days After 2013 Breach ***
---------------------------------------------
In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to probe its networks for weaknesses. The results of that confidential investigation -- until now never publicly revealed -- confirm what pundits have long suspected: Once inside Targets network, there was nothing stop attackers from gaining direct and complete access to every single cash register in every Target store.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/yLzOrODU9Vc/




*** BitPay Hacked, 5 000 Bitcoins Stolen ***
---------------------------------------------
Bitcoin payments processor BitPay Inc. is the latest victim in a series of massive hacking scandals that have rocked the cryptocurrency community. The Atlanta-based Bitpay was hacked on three separate occasions in December of 2014. More than 5 000 bitcoins were stolen. Subsequent to this, BitPay sent a claim to its insurer Massachusetts Bay Insurance Company, and the latter declined to pay. The matter is now in court.
---------------------------------------------
https://www.cryptocoinsnews.com/bitpay-hacked-5-000-bitcoins-stolen/




*** App Store: Apple bestätigt "XcodeGhost"-Infektionen ***
---------------------------------------------
Der Konzern hat laut eigenen Angaben infizierte Apps aus einem Onlineladen entfernt. Ob es alle sind, weiß niemand.
---------------------------------------------
http://heise.de/-2822207




*** Risiko Firmware ***
---------------------------------------------
Firmware ist nur was für Profis? Von wegen: Heute hängen alltägliche Dinge im Internet und lassen sich darüber fernsteuern. Wenn die Heizungsanlage durchdreht und der DSL-Router für Angreifer offen steht, ist nicht selten veraltete Firmware schuld.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Risiko-Firmware-2822449.html?wt_mc=rss.ho.beitrag.rdf




*** Typo3 über XSS-Lücke verwundbar ***
---------------------------------------------
In Typo3 klafft eine Schwachstelle, über die Angreifer JavaScript in das Content Management System schmuggeln können.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Typo3-ueber-XSS-Luecke-verwundbar-2822495.html?wt_mc=rss.ho.beitrag.rdf




*** Cisco Wireless LAN Controller RADIUS Packet of Disconnect Vulnerability ***
---------------------------------------------
A vulnerability in the RADIUS implementation of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition by disconnecting user sessions.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41102




*** Security Updates Available for Adobe Flash Player (APSB15-23) ***
---------------------------------------------
A security bulletin (APSB15-23) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1273






More information about the Daily mailing list