[CERT-daily] Tageszusammenfassung - Mittwoch 16-03-2016

Wed Mar 16 18:08:59 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 15-03-2016 18:00 − Mittwoch 16-03-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Bugtraq: [security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537801


*** Exploit Kits in 2015: Scale and Distribution ***
---------------------------------------------
In the first part of this series of blog posts, we discussed what new developments and changes in the exploit kit landscape were seen in 2015. In this post, we look at the scale of the exploit kit problem - how many users were affected, ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/exploit-kits-2015-scale-distribution/


*** Apache Struts Input Validation Flaw in I18NInterceptor Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1035272


*** Apache Struts Double OGNL Evaluation Lets Remote Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1035271


*** VMware vRealizes that vRealize has XSS bugs on Linux ***
---------------------------------------------
Virtzillas also released first maintenance release for vRealize Automation A tricky Tuesday for VMwares vRealize products, which have received the first maintenance release for version 7 and also become the subject of a security alert.
---------------------------------------------
www.theregister.co.uk/2016/03/16/vmware_vrealizes_that_vrealize_has_xss_bugs_on_linux/


*** OpenSSH 7.2p1 xauth Command Injection / Bypass ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016030083


*** TeslaCrypt 3.1? New Ransomware Strain Removes ShadowCopies via WMI ***
---------------------------------------------
The authors of TeslaCrypt 3.1 ransomware understood that the common ransomware action of deleting shadow copies by executing "vssadmin Delete Shadows /All /Quiet" draws the defenders attention, and so they worked around that by using WMI.
---------------------------------------------
http://www.minerva-labs.com/


*** subsearch ***
---------------------------------------------
subsearch is a command line tool designed to brute force subdomain names. It is aimed at penetration testers and bug bounty hunters and has been built with a focus on speed, stealth and reporting.
---------------------------------------------
https://github.com/gavia/subsearch


*** Git Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1035290


*** FortiOS open redirect vulnerability ***
---------------------------------------------
The FortiOS webui accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. The redirect input parameter is also prone to a cross site scripting.
---------------------------------------------
http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability


*** IBM Security Bulletin: Vulnerabilities in java affect Power Hardware Management Console (CVE-2016-0448) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1021172


*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images (CVE-2016-0777, CVE-2016-0778) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21978487


*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM WebSphere MQ (CVE-2015-1788) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21972125


*** DDoSing with Other Peoples Botnets ***
---------------------------------------------
While I was reverse engineering ZeroAccess in order to write a monitoring system, I had an idea which would allow me to use ZeroAccess C&C infrastructure to reflect and amplify a UDP based DDoS attack, which Id found to be beautifully ironic. After further analysis, I discovered it may even be possible to use non worker bots (which connect from behind NAT) to participate in the attack.
---------------------------------------------
http://www.malwaretech.com/2016/03/ddosing-with-other-peoples-botnets.html


*** DFN-CERT-2016-0461/">Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0461/


*** Nacktfotos von Prominenten: Verdächtiger gesteht Phishing-Angriff auf iCloud ***
---------------------------------------------
Im Verfahren um die Veröffentlichung von privaten Promifotos hat sich der Verdächtige des Phishings schuldig bekannt. Doch mit der Veröffentlichung der Bilder will der Mann nichts zu tun haben. 
---------------------------------------------
http://www.golem.de/news/nacktfotos-von-prominenten-verdaechtiger-gesteht-phishing-angriff-auf-icloud-1603-119812.html


*** HTTPS: 77 Prozent aller Google-Anfragen verschlüsselt ***
---------------------------------------------
In seinem Transparenzbericht dokumentiert Google nun auch den Prozentsatz von Transportverschlüsselung bei seinen eigenen Diensten und Anfragen an Server der Suchmaschine. Vor allem der hohe Wert bei der Verteilung von Werbung überrascht.
---------------------------------------------
http://heise.de/-3140351


*** Erpressungstrojaner auf Websites von New York Times und BBC ***
---------------------------------------------
Potenziell Millionen Nutzer gefährdet, Sicherheitsforscher sehen Beleg für Schwächen des Werbenetzwerks
---------------------------------------------
http://derstandard.at/2000033046874


*** AceDeceiver: iOS-Trojaner nutzt Schwachstellen in Apples DRM ***
---------------------------------------------
Angreifern ist es einer Sicherheitsfirma zufolge gelungen, Schad-Software mehrfach ungehindert in den App Store zu bringen. Durch Schwachpunkte in Apples DRM FairPlay könne die Malware zudem auf iPhones gelangen - ohne Enterprise-Zertifikat.
---------------------------------------------
http://heise.de/-3140627