[CERT-daily] Tageszusammenfassung - Donnerstag 4-02-2016

Thu Feb 4 18:05:14 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 03-02-2016 18:00 − Donnerstag 04-02-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Weiterhin etliche IP-Kameras von Aldi unzureichend geschützt ***
---------------------------------------------
Nach wie vor ist mindestens eine dreistellige Zahl der bei Aldi verkauften Maginon-Kameras ohne Passwort über das Internet steuerbar. Unterdessen hat sich herausgestellt, dass der Hersteller bereits im Juni 2015 informiert wurde.
---------------------------------------------
http://heise.de/-3092642


*** Cisco Unified Communications Manager SQL Injection Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-ucm


*** CERT: Poor password policy leaves OpenELEC operating system vulnerable to hackers ***
---------------------------------------------
The CERT Division at Carnegie Mellon University yesterday issued an alert detailing a password vulnerability in the Open Embedded Linux Entertainment Center operating system.
---------------------------------------------
http://www.scmagazine.com/cert-poor-password-policy-leaves-openelec-operating-system-vulnerable-to-hackers/article/470962/


*** Macro Redux: the Premium Package ***
---------------------------------------------
Earlier this week we came across an interesting spam email. It was targeted at one of our customers in the retail industry. It contained a Microsoft Word document (MD5 = b74604d0081e68e91d64b361601d79c4) with a rather small macro in it. All that macro did was save a copy of the document as RTF, open it and then ..
---------------------------------------------
http://labs.bromium.com/2016/02/03/macro-redux-the-premium-package/


*** Cisco Jabber Guest Server HTTP Web-Based Management Interface Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability in the HTTP web-based management interface of the Cisco Jabber Guest application could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-jgs


*** Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-uc


*** Fake Adobe Flash Update OS X Malware ***
---------------------------------------------
Yesterday, while investigating some Facebook click-bait, I came across a fake Flash update that is targeting OS X users. Fake flash updates have been very common to infect OS X. They do not rely on a vulnerability in the operating system. Instead, the user is asked to willingly install them, by making ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20693


*** No More Deceptive Download Buttons ***
---------------------------------------------
In November, we announced that Safe Browsing would protect you from social engineering attacks - deceptive tactics that try to trick you into doing something dangerous, like installing unwanted software or revealing your personal information (for example, passwords, phone numbers, or credit cards). You may ..
---------------------------------------------
https://googleonlinesecurity.blogspot.co.uk/2016/02/no-more-deceptive-download-buttons.html


*** l+f: Web-Dienst prüft Präsenz sicherheitsrelevanter HTTP-Header ***
---------------------------------------------
Mit securityheaders.io kann man herausfinden, welche Schutzfunktionen ein Server über die HTTP-Header scharf schaltet.
---------------------------------------------
http://heise.de/-3095001