[CERT-daily] Tageszusammenfassung - Mittwoch 1-06-2016

Wed Jun 1 18:06:29 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 31-05-2016 18:00 − Mittwoch 01-06-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Tor Browser 6.0: Ditches SHA-1 Support, Uses DuckDuckGo For Default Search Results ***
---------------------------------------------
The version 6.0 of Tor Browser, a free software for enabling anonymous communication, is now available to download. The new version introduces several changes, including disabling SHA-1 support, and removing ..
---------------------------------------------
https://tech.slashdot.org/story/16/05/31/1643234/tor-browser-60-ditches-sha-1-support-uses-duckduckgo-for-default-search-results


*** Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005 ***
---------------------------------------------
It has been over 19 months since Drupalgeddon, which refers to Drupal's Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it ..
---------------------------------------------
https://blog.sucuri.net/2016/05/drupal-sqli-drupalgeddon-attack-trend-cve-2014-3704-sa-core-2014-005.html


*** Finding Conditional Drupal Database Spam ***
---------------------------------------------
Nobody likes spam. It's never fun (unless you're watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what we deal with since our inception, giving us some pretty good ..
---------------------------------------------
https://blog.sucuri.net/2016/05/finding-conditional-drupal-database-spam.html


*** Cluster of 'megabreaches' compromises a whopping 642 million passwords ***
---------------------------------------------
MySpace, Tumblr, and Fling are the latest services to join discredited LinkedIn.
---------------------------------------------
http://arstechnica.com/security/2016/05/cluster-of-megabreaches-compromise-a-whopping-642-million-passwords/


*** Moxa UC 7408-LX-Plus Firmware Overwrite Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a firmware overwrite vulnerability in Moxa's UC 7408-LX-Plus device.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-152-01


*** ABB PCM600 Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for one use of password hash with insufficient computational effort and three insufficiently protected credentials vulnerabilities in ABB's PCM600.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02


*** Unfalsifiability of security claims ***
---------------------------------------------
There is an inherent asymmetry in computer security: things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We ..
---------------------------------------------
http://research.microsoft.com/pubs/256133/unfalsifiabilityOfSecurityClaims.pdf


*** Lücke in ImageMagick und GraphicsMagick ermöglicht erneute Angriffe ***
---------------------------------------------
Manipulierte Dateinamen können Schadcode über die popen()-Funktion des Betriebssystems zur Ausführung bringen. Patches stehen bereit.
---------------------------------------------
http://heise.de/-3223811


*** Scrum.org hacked, may have lost crypto keys and some user data ***
---------------------------------------------
Dont go dissing DevOps: a supplier has fessed up to a website vuln Scrum.org, the Scrum certification ..
---------------------------------------------
www.theregister.co.uk/2016/06/01/scrumorg_hacked_may_have_lost_crypto_keys_and_some_user_data/


*** Heikle Sicherheitslücken in vorinstallierter Laptop-Software ***
---------------------------------------------
http://derstandard.at/2000038006783


*** Microsoft: Spamfilter für Hotmail und Outlook kaputt ***
---------------------------------------------
Unternehmen arbeitet mit Hochdruck an Lösung, manche Nutzer sollen "extreme Menge" an Spam-Mails erhalten
---------------------------------------------
http://derstandard.at/2000038023486


*** The impossible task of creating a 'Best VPNs' list today ***
---------------------------------------------
Our writer set out to make a list of reliable VPNs; turns out the task is complicated.
---------------------------------------------
http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-in-2016/


*** VB2015 paper: Economic Sanctions on Malware ***
---------------------------------------------
Financial pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer. By cleverly employing various trust metrics and technologies such as digital signing, watermarking, and ..
---------------------------------------------
https://www.virusbulletin.com/blog/2016/06/economic-sanctions-malware/


*** DRIDEX Poses as Fake Certificate in Latest Spam Run ***
---------------------------------------------
At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/dridex-poses-as-fake-certificate/


*** Security: LG muss Android-Firmware reparieren ***
---------------------------------------------
Zwei Sicherheitslücken in LGs-Android Firmware ermöglichen eine Reihe von Angriffen, teilweise auch aus der Ferne. Nutzer sollten schnell reagieren, die Updates stehen bereit.
---------------------------------------------
http://www.golem.de/news/security-lg-muss-android-firmware-reparieren-1606-121232.html


*** Kindernahrung: Mein Baby Club von Hipp wurde gehackt ***
---------------------------------------------
Kopierte Nutzerdaten sind immer ein Ärgernis - besonders, wenn die persönlichen Informationen von Kindern betroffen sind. Der Hersteller Hipp hat seine Kunden jetzt über einen Einbruch in die eigenen Serversysteme des Mein Baby Clubs informiert
---------------------------------------------
http://www.golem.de/news/kindernahrung-mein-baby-club-von-hipp-wurde-gehackt-1606-121236.html