[CERT-daily] Tageszusammenfassung - Mittwoch 13-01-2016

Wed Jan 13 18:05:14 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 12-01-2016 18:00 − Mittwoch 13-01-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Security Bulletins Posted for Adobe Acrobat and Reader ***
---------------------------------------------
Security Bulletins for Adobe Acrobat and Reader (APSB16-02) have been published. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant security bulletin. This posting ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1311


*** There Goes The Neighborhood - Bad Actors on GMHOST Alexander Mulgin Serginovic ***
---------------------------------------------
Whether they encourage it or not, some network operators become known and favored by criminals such as those that operate exploit kit (EK) and malware infrastructure. After ..
---------------------------------------------
http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.html


*** MS16-JAN - Microsoft Security Bulletin Summary for January 2016 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-JAN


*** Raising the Dead ***
---------------------------------------------
It's a bit late for Halloween but the ability to resurrect the dead (processes that is) is an interesting type of security issue when dealing with multi-user Windows systems such as Terminal Servers. Specifically this blog is about this issue which I reported to Microsoft and was fixed in bulletin ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/01/raising-dead.html


*** FortiOS SSH Undocumented Interactive Login Vulnerability ***
---------------------------------------------
http://www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability


*** Ransomware Strikes Websites ***
---------------------------------------------
Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as any hard drives connected to the machine - pictures, videos, text files - you ..
---------------------------------------------
https://blog.sucuri.net/2016/01/ransomware-strikes-websites.html


*** Triaging the exploitability of IE/EDGE crashes ***
---------------------------------------------
Both Internet Explorer (IE) and Edge have seen significant changes in order to help protect customers from security threats. This work has featured a number of mitigations that together have not only rendered classes of vulnerabilities not-exploitable, but also dramatically raised the cost ..
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2016/01/12/triaging-the-exploitability-of-ie-edge-crashes.aspx


*** Die smarte Türklingel verrät das WLAN-Passwort ***
---------------------------------------------
Eine Gegensprechanlage, die mit dem Smartphone zusammenarbeitet. Klingt eigentlich praktisch, doch leider weist das Gerät Sicherheitsmängel auf, wie Hacker jetzt herausfanden.
---------------------------------------------
http://www.golem.de/news/internet-of-things-die-smarte-tuerklingel-verraet-das-wlan-passwort-1601-118497.html


*** Backdoor bei Fortinet vermutet: Firma spricht von Lücke ***
---------------------------------------------
Alternative Login-Methode in Software entdeckt – Patch bereits 2014 veröffentlicht
---------------------------------------------
http://derstandard.at/2000028972976


*** A Case of Too Much Information: Ransomware Code Shared Publicly for 'Educational Purposes', Used Maliciously Anyway ***
---------------------------------------------
Researchers, whether independent or from security vendors, have a responsibility to properly disseminate the information they gathered to help the industry as well as users. Even with the best intentions, improper disclosure of sensitive information ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/a-case-of-too-much-information-ransomware-code-shared-publicly-for-educational-purposes-used-maliciously-anyway/


*** Security: Verizon routet 4 Millionen Spammer-IPs ***
---------------------------------------------
IPv4-Adressen sind ein knappes Gut. Doch der US-Anbieter Verizon reagiere trotzdem nicht auf Missbrauchsmitteilungen, kritisiert eine Sicherheitsfirma.
---------------------------------------------
http://www.golem.de/news/security-verizon-routet-4-millionen-spammer-ips-1601-118506.html


*** [HTB23279]: Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered multiple SQL Injection vulnerabilities in mcart.xls Bitrix module, which can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website.
---------------------------------------------
https://www.htbridge.com/advisory/HTB23279


*** [HTB23283]: Remote Code Execution in Roundcube ***
---------------------------------------------
High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server.
---------------------------------------------
https://www.htbridge.com/advisory/HTB23283


*** Hacking Team's Leak Helped Researchers Hunt Down a Zero-Day ***
---------------------------------------------
Researchers at Kaspersky Lab have, for the first time, discovered a valuable zero-day exploit after intentionally going on the hunt for it.
---------------------------------------------
http://www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/


*** Denial-of-Service Flaw Patched in DHCP ***
---------------------------------------------
The Internet Systems Consortium (ISC) on Tuesday patched a denial-of-service vulnerability in numerous versions of DHCP.
---------------------------------------------
http://threatpost.com/denial-of-service-flaw-patched-in-dhcp/115875/


*** The SLOTH attack and IKE/IPsec ***
---------------------------------------------
Executive Summary: The IKE daemons in RHEL7 (libreswan) and RHEL6 (openswan) are not vulnerable to the SLOTH attack. But the attack is still interesting to look at . The SLOTH attack released today is a new transcript collision attack against ..
---------------------------------------------
https://securityblog.redhat.com/2016/01/13/the-sloth-attack-and-ikeipsec/