[CERT-daily] Tageszusammenfassung - Freitag 15-04-2016

Fri Apr 15 18:08:24 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 14-04-2016 18:00 − Freitag 15-04-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Cisco Unified Computing System Platform Emulator Command Injection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1


*** Cisco Unified Computing System Platform Emulator Filename Argument Handling Buffer Overflow Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2


*** Vorgebliches Flash-Update installiert unerwünschte Mac-Programme ***
---------------------------------------------
Erneut ist ein als Flash-Aktualisierung getarnter Installer im Umlauf, der ungewollte OS-X-Programme einspielt. Ein Entwickler-Zertifikat stellt die Schutzfunktion Gatekeeper ruhig.
---------------------------------------------
http://heise.de/-3174793


*** Bedep has raised its game vs Bot Zombies ***
---------------------------------------------
http://malware.dontneedcoffee.com/2016/04/bedepantiVM.html


*** Xen hugetlbfs Support Lets Local Users on a Guest System Cause Denial of Service Conditions on the Guest System ***
---------------------------------------------
http://www.securitytracker.com/id/1035569


*** Banking Trojans Nymaim, Gozi Merge to Steal $4M ***
---------------------------------------------
'Double-headed beast' Trojan, GozNym, drains $4 million from banks in past two weeks.
---------------------------------------------
http://threatpost.com/banking-trojans-nymaim-gozi-merge-to-steal-4m/117412/


*** Ransomware authors use the bitcoin blockchain to deliver encryption keys ***
---------------------------------------------
Ransomware authors are using the bitcoin blockchain, which serves as the cryptocurrencys public transaction ledger, to deliver decryption keys to victims.The technique, which removes the burden of maintaining a reliable website-based ..
---------------------------------------------
http://www.cio.com/article/3056604/ransomware-authors-use-the-bitcoin-blockchain-to-deliver-encryption-keys.html


*** VMSA-2016-0004 ***
---------------------------------------------
VMware product updates address a critical security issue in the VMware Client Integration Plugin
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2016-0004.html


*** HTTP Public Key Pinning: How to do it right, (Thu, Apr 14th) ***
---------------------------------------------
[Thanks to Felix aka @nexusnode for inspiring this post. Also, see his blog post [1] for more details] One of the underutilizedsecurity measures I mentioned recently was HTTP Public Key Pinning, or HPKP. First again, what is HPKP: HPKP adds a special header to the HTTP response. This header lists hashes ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20943


*** Researchers Crack Microsoft and Google's Shortened URLs to Spy on People ***
---------------------------------------------
They were even able to identify a young woman whod sought Google Maps directions to a Planned Parenthood clinic.
---------------------------------------------
http://www.wired.com/2016/04/researchers-cracked-microsoft-googles-shortened-urls-spy-people/


*** Russia sends exploit kit author to the GULAG for seven years ***
---------------------------------------------
♫ Mothers, dont let your babies grow up to be hackers ♫ The author of the infamous "Blackhole" exploit kit has been sentenced to seven years in a Russian penal colony, local media report.
---------------------------------------------
www.theregister.co.uk/2016/04/15/blackhole_paunch_sentence/


*** OGH: Unternehmer bei "Phishing"-Attacke vom Konto selbst schuld ***
---------------------------------------------
http://derstandard.at/2000034923248-406


*** AJAX Random Post <= 2.00 - Unauthenticated Reflected Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8450


*** HDW WordPress Video Gallery <= 1.2 - Unauthenticated Reflected Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8449


*** Blackberry: Kanadische Polizei besitzt seit 2010 Zentralschlüssel ***
---------------------------------------------
Wurde genutzt um über die Jahre Millionen BBM-Nachrichten mitzulesen
---------------------------------------------
http://derstandard.at/2000034940341


*** Sierra Wireless ACEmanager Information Exposure Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an exposure of sensitive information vulnerability in the Sierra Wireless ACEmanager application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-105-01


*** Accuenergy Acuvim II Series AXM-NET Module Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for authentication bypass vulnerabilities in Accuenergy's Acuvim II Series AXM-NET module.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02


*** QuickTime unter Windows deinstallieren - JETZT! ***
---------------------------------------------
Da zwei kritische Lücken in QuickTime für Windows klaffen und Apple die Anwendung nicht mehr unterstützt, ..
---------------------------------------------
http://heise.de/-3175518