[CERT-daily] Tageszusammenfassung - Donnerstag 28-01-2016

Thu Jan 28 18:18:25 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 27-01-2016 18:00 − Donnerstag 28-01-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Googles VirusTotal now picks out suspicious firmware ***
---------------------------------------------
Googles VirusTotal service has added a new tool that analyzes firmware, the low-level code that bridges a computers hardware and operating system at startup.Advanced attackers, including the U.S. National Security Agency, have targeted firmware as a place to embed malware since its a great place to hide. Since antivirus programs "are not scanning this layer, the compromise can fly under the radar," wrote Francisco Santos, an IT security engineer with VirusTotal, in a blog post on...
---------------------------------------------
http://www.cio.com/article/3027050/googles-virustotal-now-picks-out-suspicious-firmware.html


*** Critical Israel power grid attack was just boring ransomware ***
---------------------------------------------
Minister puts nation on alert, SANS Institute says move along, nothing to see here ... The SANS Institute has moved to quell reports that Israels energy grid has been hit by malware, revealing instead that the attacks were ransomware infecting the nations utility regulatory authority.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/28/israel_power_grid_attack_boring_ransomware/


*** ENISA Threat Landscape 2015, a must reading ***
---------------------------------------------
ENISA has issued the annual ENISA Threat Landscape 2015 a document that synthesizes the emerging trends in cyber security I'm very happy to announce the publication of the annual ENISA Threat Landscape 2015 (ETL 2015), this is the fifth report issued by the European Agency. The ENISA Threat Landscape 2015 summarizes top cyber threats, experts have identified...
---------------------------------------------
http://securityaffairs.co/wordpress/43998/cyber-crime/enisa-threat-landscape-2015.html


*** Techie on the ground disputes BlackEnergy Ukraine power outage story ***
---------------------------------------------
And Russia? Thats too convenient A Ukrainian telecoms engineer has raised doubts about the widely reported link between BlackEnergy attacks and power outages in his country.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/01/27/ukraine_blackenergy_analysis/


*** BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents ***
---------------------------------------------
Few days ago, we came by a new document that appears to be part of the ongoing attacks BlackEnergy against Ukraine. Unlike previous Office files used in the recent attacks, this is not an Excel workbook, but a Microsoft Word document.
---------------------------------------------
http://securelist.com/blog/research/73440/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents/


*** Java Serialization Bug Crops Up At PayPal ***
---------------------------------------------
PayPal has rewarded two researchers with bug bounties for the discovery of a Java serialization vulnerability in manager.paypal.com
---------------------------------------------
http://threatpost.com/java-serialization-bug-crops-up-at-paypal/116054/


*** LG closes data-theft hole affecting millions of G3 smartphones ***
---------------------------------------------
Bug allows attackers to embed malicious code in data fed to phone.
---------------------------------------------
http://arstechnica.com/security/2016/01/lg-closes-data-theft-hole-affecting-millions-of-g3-smartphones/


*** Oracle announces Java plugin deprecation, death ***
---------------------------------------------
With a short post by a member of the Java strategy team, Oracle has announced the approaching death of the hated Java plugin. "Oracle plans to deprecate the Java browser plugin in JDK 9. This techn...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19385


*** DFN-CERT-2016-0166: OpenSSL: Zwei Schwachstellen ermöglichen das Umgehen von Sicherheitsmechanismen und das Ausspähen von Informationen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0166/


*** Bugtraq: Netgear GS105Ev2 - Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537389


*** Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc


*** Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016 ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd


*** Security Advisory: IPSec vulnerability CVE-2015-4047 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05013313.html?ref=rss


*** Filr 1.2 - Security Update 1 ***
---------------------------------------------
Abstract: Security Updates for openSSH on the Filr, Search and MySQL 1.2.0 appliances.Document ID: 5233830Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:MySQL-1.2.0.412.HP.zip (763.81 kB)Filr-1.2.0.857.HP.zip (763.86 kB)Search-1.2.0.996.HP.zip (763.83 kB)Products:Filr 1.2Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=Sww_cAfKic0~


*** Filr 1.1 - Security Update 5 ***
---------------------------------------------
Abstract: Security Updates for openSSH on the Filr, Search and MySQL 1.1.0 appliances.Document ID: 5233810Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:MySQL-1.1.0.386.HP.zip (763.82 kB)Search-1.1.0.823.HP.zip (763.83 kB)Filr-1.1.0.677.HP.zip (763.91 kB)Products:Filr 1.1Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=GGjGx_IhcY4~


*** phpMyAdmin 4.5.4, 4.4.15.3, and 4.0.10.13 are released ***
---------------------------------------------
Welcome to phpMyAdmin 4.5.4, which contains regular bug fixes and a number of security fixes. The phpMyAdmin project also announces the release of versions 4.4.15.3 (a security release compatible with PHP versions as old as 5.3.7 and MySQL 5.5), and 4.0.10.13 (a security release compatible with PHP versions as old as 5.2 and MySQL 5). The security incidents will be documented in the upcoming PMASA-2016-1 through PMASA-2016-9, which will be available shortly at
---------------------------------------------
https://www.phpmyadmin.net/news/2016/1/28/phpmyadmin-454-44153-and-401013-are-released/


*** Bugtraq: HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537395


*** Bugtraq: Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537396