[CERT-daily] Tageszusammenfassung - Montag 11-01-2016
Daily end-of-shift report
team at cert.at
Mon Jan 11 18:06:58 CET 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 08-01-2016 18:00 − Montag 11-01-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** GM Asks Friendly Hackers to Report Its Cars' Security Flaws ***
---------------------------------------------
The auto giant becomes the first in Detroit to extend an olive branch to car hackers.
---------------------------------------------
http://www.wired.com/2016/01/gm-asks-friendly-hackers-to-report-its-cars-security-flaws/
*** STIX - Looking at a Campaign, Part 1 ***
---------------------------------------------
Now we come to a useful application of STIX: characterizing a campaign.
---------------------------------------------
http://www.scmagazine.com/stix--looking-at-a-campaign-part-1/article/464093/
*** ZDI-16-007: McAfee Application Control Kernel Driver Memory Corruption Privilege Escalation Vulnerability ***
---------------------------------------------
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of McAfee Application Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-007/
*** Advancing the Security of Juniper Products ***
---------------------------------------------
BOB WORRALL, SVP CHIEF INFORMATION OFFICER makes provides more detail on the ScreenOS investigation and security steps being taken with Junos and across Juniper.
---------------------------------------------
http://forums.juniper.net/t5/Security-Incident-Response/Advancing-the-Security-of-Juniper-Products/ba-p/286383
*** Virtual Bitlocker Containers, (Sat, Jan 9th) ***
---------------------------------------------
This week, I gotan interestingquestion from a customer: What do you recommend to safely store files in a directoryon my laptop?. They are plenty of ways to achievethis, the right choice depending on the encryption reliability, the ease of use and ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20593
*** MMD-0049-2016 - A case of java trojan (downloader/RCE) for remote minerd hack ***
---------------------------------------------
This is a short post for supporting the takedown purpose. Warning: Sorry, theres nothing fancy nor "in-depth analysis" in here :-) The scheme is so bad, so I think its best for all to know for mitigation and hardening purpose. In this case, a bad actor was ..
---------------------------------------------
http://blog.malwaremustdie.org/2016/01/mmd-0049-2016-case-of-java-trojan.html
*** Studie: Mittelstand unterschätzt Gefahr durch Cyber-Kriminalität ***
---------------------------------------------
Die Schäden steigen, das Bewusstsein für IT-Sicherheit nicht: Laut einer Studie schützen sich Mittelständler nur unzureichend gegen IT-Angriffe. Dabei zwingt sie der Gesetzgeber längst zum Handeln.
---------------------------------------------
http://heise.de/-3067640
*** Jänner-Update: Google schließt kritische Lücken in Android ***
---------------------------------------------
Google scheint seinen Sicherheits-Update-Rhythmus gefunden zu haben – zumindest wenn es um die eigenen Geräte geht. Aktuell liefert Google das Jänner-Update für Android an die Smartphones und Tablets der Nexus-Linie aus.
---------------------------------------------
http://derstandard.at/2000028786638
*** NSA-Spionagevorwürfe: Juniper verspricht weitere Updates ***
---------------------------------------------
Vom US-Geheimdienst eingebrachter Zufallszahlengenerator wird aus Netzwerk-Betriebssystem entfernt
---------------------------------------------
http://derstandard.at/2000028789875
*** A Look Inside Cybercriminal Call Centers ***
---------------------------------------------
Crooks who make a living via identity theft schemes, dating scams and other con games often run into trouble when presented with a phone-based challenge that requires them to demonstrate mastery of a language they dont speak fluently. Enter the ..
---------------------------------------------
http://krebsonsecurity.com/2016/01/a-look-inside-cybercriminal-call-centers/
*** Android: Schadsoftware aus Play Store hunderttausendfach installiert ***
---------------------------------------------
Geht es um Android-Malware fällt der Ratschlag für die Nutzer meist recht simpel aus: Wer auf die Installation von Apps aus unsicheren Quellen verzichtet, ist üblicherweise auch nicht gefährdet. Doch in einem aktuellen Fall ist es Angreifern nun gelungen, die Sicherheitschecks des Play Store auszutricksen.
---------------------------------------------
http://derstandard.at/2000028774967
*** Hackerangriff auf Rechenzentrumsbetreiber Interxion ***
---------------------------------------------
Im Dezember kam es zu einem Einbruch auf das eigene CRM-System
---------------------------------------------
http://derstandard.at/2000028816801
*** Klickbetrug: Unter dem Deckmantel der Cookie-Warnung ***
---------------------------------------------
Online-Gauner verstecken sich im wahrsten Sinne des Wortes hinter Cookie-Warnungen und sammeln so Klicks auf Werbeanzeigen ein.
---------------------------------------------
http://heise.de/-3067995
*** OAuth2 & OpenID - HTTPS Bicycle Attack ***
---------------------------------------------
The OAuth 2.0 protocol allows users to grant relying parties access to resources at identity providers. In addition to being used for this kind of authorization, OAuth is also often employed for authentication in single sign-on (SSO) systems. OAuth 2.0 is, in fact, one of the most widely used ..
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016010064
*** PHP-Updates über alle Versionen beheben einige Sicherheitsprobleme ***
---------------------------------------------
Die Macher der Skriptsprache empfehlen den Nutzern von PHP 7.0, 5.5 und 5.6 die Installation der aktuellen Security-Releases. Gleichzeitig gibt ein Blick auf GitHub und das PHP-Wiki eine Vorschau auf kommende Funktionen in PHP 7.1.
---------------------------------------------
http://heise.de/-3068170
*** DSA-3438 xscreensaver - security update ***
---------------------------------------------
It was discovered that unplugging one of the monitors in a multi-monitorsetup can cause xscreensaver to crash. Someone with physical access toa machine could use this problem to bypass a locked session.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3438
*** Unverschlüsselte CMS-Updates: Drupal gelobt Besserung ***
---------------------------------------------
Das Update-Verfahren des beliebten Content Management Systems Drupal liefert Aktualisierungen unverschlüsselt aus. Ein Problem, das seit Jahren bekannt ist und von Angreifern missbraucht werden kann, um Seiten zu kapern.
---------------------------------------------
http://heise.de/-3068105
*** About CVE-2015-8518: SAP Adaptive Server Enterprise Extended Stored Procedure Unauthorized Invocation ***
---------------------------------------------
SAP released an update for SAP ASE 16.0 and 15.7 that addresses a serious security flaw discovered by Martin Rakhmanov, lead security researcher at Trustwave, that has been around for a long time. Suppose there is a user joe in...
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/About-CVE-2015-8518--SAP-Adaptive-Server-Enterprise-Extended-Stored-Procedure-Unauthorized-Invocation/
*** How Nvidia breaks Chrome Incognito ***
---------------------------------------------
When I launched Diablo III, I didn't expect the pornography I had been looking at hours previously to be splashed on the screen. But that's exactly what replaced the black loading screen. Like a scene from hollywood, the game temporarily froze as it launched, preventing any attempt to clear the screen. The game unfroze just before clearing the screen, and I was able to grab a screenshot (censored with bright red):
---------------------------------------------
https://charliehorse55.wordpress.com/2016/01/09/how-nvidia-breaks-chrome-incognito/
More information about the Daily
mailing list