[CERT-daily] Tageszusammenfassung - Donnerstag 24-09-2015

Thu Sep 24 18:07:43 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 23-09-2015 18:00 − Donnerstag 24-09-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the SSH version 2 (SSHv2) protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. 
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk


*** Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability ***
---------------------------------------------
A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local ..
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=41135


*** Bidding for Breaches, Redefining Targeted Attacks ***
---------------------------------------------
A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of "targeted attacks." These bid-and-ask forums match crooks who are looking for access to specific data, resources or systems within major corporations with hired muscle who are up to the task or who already have access to those resources.
---------------------------------------------
http://krebsonsecurity.com/2015/09/bidding-for-breaches-redefining-targeted-attacks/


*** Custom Sidebars 2.1.0.1 - XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8196


*** Multiple vulnerabilities in Kaseya Virtual System Administrator ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-450/
http://www.zerodayinitiative.com/advisories/ZDI-15-449/
http://www.zerodayinitiative.com/advisories/ZDI-15-448/


*** Healthcare Organizations Twice As Likely To Experience Data Theft ***
---------------------------------------------
Bad guys very willing to invest in attacking medical data, but healthcare not very willing to invest in defending it.
---------------------------------------------
http://www.darkreading.com/risk/healthcare-organizations-twice-as-likely-to-experience-data-theft/d/d-id/1322312


*** Chinese Actors Use '3102' Malware in Attacks on US Government and EU Media ***
---------------------------------------------
On May 6 and May 11, 2015, Unit 42 observed two targeted attacks, the first against the U.S. government and the second on a European media company. Threat actors delivered the same document via ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media


*** An Update on Nuclear (Reverse) Engineering ***
---------------------------------------------
Although Angler continues to be the leading exploit kit, Nuclear is a significant threat to web surfers and seems to have been very active lately. ThreatLabZ recently encountered a Nuclear campaign originating from a variety of compromised ..
---------------------------------------------
http://research.zscaler.com/2015/09/an-update-on-nuclear-reverse-engineering.html


*** Quaverse RAT: Remote-Access-as-a-Service ***
---------------------------------------------
Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java RAT. As you might expect from a RAT, the tool is capable of grabbing passwords, ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-as-a-Service/


*** UltraEdit 22.20 Buffer Overflow ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015090142


***  Fingerabdrücke von Millionen US-Bediensteten gestohlen ***
---------------------------------------------
Eine China zugeschriebene Hacker-Attacke auf die US-Bundespersonalbehörde OPM war noch schwerer als ohnehin schon gedacht. Demnach verschafften sich die Cyber-Angreifer neben ..
---------------------------------------------
http://derstandard.at/2000022711754


*** Tracking Administrator Sessions in Windows Environments ***
---------------------------------------------
Tracking users with privileged access is a critical task in your security policy (SANS Critical Security Control #12). If the key point is to restrict the number of 'power users' to the lowest, it's not always easy. Most of them ..
---------------------------------------------
https://blog.rootshell.be/2015/09/24/tracking-administrator-sessions-in-windows-environments/


*** Exploiting Corporate Printers ***
---------------------------------------------
Printer exploitation and vulnerability in printers are serious problems, similar to those faced with computers and other hard drive devices, since they are connected to the network like other devices. Nowadays, most corporate offices or organizations ..
---------------------------------------------
http://resources.infosecinstitute.com/exploiting-corporate-printers/


*** General HTML5 Security ***
---------------------------------------------
HTML5 is a living standard and new features are being added as we speak. New features will continue to arrive and browsers will keep becoming better and better at supporting them. However, those new features also bring with them new opportunities for ..
---------------------------------------------
http://resources.infosecinstitute.com/general-html5-security/


*** XcodeGhost: Apple veröffentlicht "Top 25" der infizierten Apps ***
---------------------------------------------


Apple hat die 25 populärsten unter den kompromittierten Apps genannt, für manche ist bereits ein Update erhältlich. Die Einschätzungen zur Gesamtzahl der durch XcodeGhost betroffenen iOS-Programme variieren weiterhin deutlich.
---------------------------------------------
http://heise.de/-2824927


*** Kovter malware learns from Poweliks with persistent fileless registry update ***
---------------------------------------------
A variant of the Kovter malware is the first to use Trojan.Poweliks' pioneering tricks by residing only in the registry to evade detection.
---------------------------------------------
http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update


*** One Year After Shellshock, Are Your Servers and Devices Safer? ***
---------------------------------------------
Security researchers were the first to respond during the Shellshock attacks of 2014. After news of the fatal flaw in the prevalent Bash (Bourne Again Shell)- found in most versions of the Unix and Linux operating systems as well as in Mac OSX - was released, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/one-year-after-shellshock-are-your-servers-and-devices-safer/