[CERT-daily] Tageszusammenfassung - Dienstag 19-01-2016

Tue Jan 19 18:05:22 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 18-01-2016 18:00 − Dienstag 19-01-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** FDA Issues Guidelines on Medical Device Cybersecurity ***
---------------------------------------------
The Food and Drug Administration (FDA) issued a new set of draft guidelines on Friday in hopes medical device manufacturers address cybersecurity risks in their products.
---------------------------------------------
http://threatpost.com/fda-issues-guidelines-on-medical-device-cybersecurity/115915/


*** Good practice guide on disclosing vulnerabilities ***
---------------------------------------------
ENISA published a good practice guide on vulnerability disclosure, aiming to provide a picture of the challenges the security researchers, the vendors and other involved stakeholders are confronted wi...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19342


*** Microsoft asks: We've taken down botnets for you. How about a kill switch? ***
---------------------------------------------
Its like pulling a smoking car off the road... Oh, hang on Last December, Microsoft intercepted traffic on users' PCs and helped break up a botnet. And nobody complained. So the company very tentatively asked at a session on ethics and policy in Brussels this week whether it should do more.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/19/microsoft_botnets_kill_switch/


*** Security: XSS-Lücke in Yahoo-Mail gefixt ***
---------------------------------------------
Eine XSS-Lücke in Yahoo-Mail ermöglichte es Angreifern, fremde Accounts zu übernehmen. Sie hätten alle E-Mails der Nutzer weiterleiten und ausgehende E-Mails mit Viren infizieren können, schreibt ein Sicherheitsforscher. Yahoo hat bereits reagiert.
---------------------------------------------
http://www.golem.de/news/security-xss-luecke-in-yahoo-mail-gefixt-1601-118619-rss.html


*** Angler Exploit Kit's January Vacation ***
---------------------------------------------
Since last year, we've been monitoring various redirectors which lead to exploit kits (EK). One of the redirectors in question routes to either Angler EK or Neutrino EK. SANS ISC has also observed this particular redirector switching between these two kits. At the beginning of this year, we noticed a sudden significant drop in our...
---------------------------------------------
https://labsblog.f-secure.com/2016/01/19/angler-exploit-kits-january-vacation/


*** Root-Exploit: Android und Linux anfällig für Rechte-Trickserei ***
---------------------------------------------
Der Schlüsselbund des Kernels stattet mit einem Trick seit 2012 jeden Nutzer mit Root-Rechten aus. Allerdings muss der Nutzer dafür bereits angemeldet sein.
---------------------------------------------
http://heise.de/-3076663


*** MSN Home Page Drops More Malware Via Malvertising ***
---------------------------------------------
Visitors to the MSN homepage may have been exposed to malvertising.Categories:  MalvertisingTags: ad spiritappnexusmalvertisingmsn(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/malvertising-2/2016/01/msn-home-page-drops-more-malware-via-malvertising/


*** Cisco Web Security Appliance Security Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa


*** Moodle Bugs Let Remote Users Access Hidden Course and Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1034694