Tageszusammenfassung - Donnerstag 9-04-2015

End-of-Shift report

Timeframe: Mittwoch 08-04-2015 18:00 − Donnerstag 09-04-2015 18:00 Handler: Stephan Richter Co-Handler: n/a

Securing high-risk, third-party relationships

High-profile attacks reveal that malicious hackers target third-party vendors and supply chain partners as a backdoor into their primary target, according to CyberArk Software. Organizations in e...

http://feedproxy.google.com/~r/HelpNetSecurity/~3/vSpu1uYwxR4/secworld.php

AlienSpy RAT exploited to deliver the popular Citadel Trojan

Security experts at Fidelis firm discovered that variants of the AlienSpy remote access trojan (RAT) are currently being used in global phishing campaigns. Cyber criminals have exploited the AlienSpy RAT to deliver the popular Citadel banking Trojan and maintain the persistence inside the targeted architecture with a backdoor mechanism. Criminal crews used AlienSpy RAT to compromise systems in...

http://securityaffairs.co/wordpress/35802/cyber-crime/alienspy-rat-citadel-trojan.html

Apple aktualisiert Safari für OS X 10.8, 10.9 und 10.10

Mit den Versionen 8.0.5, 7.1.5 und 6.2.5 seines Browsers behebt Cupertino jede Menge Sicherheitslücken, darunter auch ein altes Problem im Privatmodus.

http://heise.de/-2597649

44 Relevant Cyber Security Conferences around the World

Wherever you may be in the world, chances are there's a cyber security event happening near you this year. Cyber security conferences are important and necessary for the industry and for each of us, individually, because they help bring together the community. What's more, innovation often spurs after having a meaningful discussion with a peer or a mentor, or after being part of a conversation on your favorite topic in the field of information security.

https://heimdalsecurity.com/blog/44-relevant-cyber-security-conferences-around-the-world/

Polymorphic Beebone botnet sinkholed in international police operation

On April 8, a global operation targeted the Beebone (also known as AAEH) botnet, a polymorphic downloader bot which installs various forms of malware on victims' computers. Initial figures show tha...

http://feedproxy.google.com/~r/HelpNetSecurity/~3/MGj0qJKKZ0I/secworld.php

Deadly combination of Upatre and Dyre Trojans still actively targeting users

Upatre (or Waski) is a downloader Trojan that has lately become the malware of choice for cyber crooks to deliver additional, more dangerous malware on users computers. A few weeks ago, Swiss and ...

http://feedproxy.google.com/~r/HelpNetSecurity/~3/IJ4tqq_YAUU/malware_news.php

LG software disables Windows security feature, developer says

LG Split Screen software that comes with the companys ultra wide monitors stealthily weakens Windows users defenses by deactivating the OS User Account Control (UAC) feature, developer Christopher ...

http://feedproxy.google.com/~r/HelpNetSecurity/~3/1t_AM7tskik/secworld.php

Hidden backdoor API to root privileges in Apple OS X

The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It's been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system.

https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

The Banking Trojan Emotet: Detailed Analysis

The Emotet Trojan is a highly automated and developing, territorially-targeted bank threat. Its small size, the dispersal methods used and the modular architecture, all make Emotet a very effective weapon for the cyber-criminal.

http://securelist.com/analysis/69560/the-banking-trojan-emotet-detailed-analysis/

Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists

When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted store for both iOS and OSX. Apple on Wednesday released...

http://threatpost.com/apple-leaves-cnnic-root-in-ios-osx-certificate-trust-lists/112086

TA15-098A: AAEH

Original release date: April 09, 2015 Systems Affected Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012 Overview AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and...

https://www.us-cert.gov/ncas/alerts/TA15-098A

ZDI-15-119: IBM Tivoli Storage Manager FastBack CRYPTO_S_EncryptBufferToBuffer Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Storage Manager FastBack. Authentication is not required to exploit this vulnerability.

http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/OQuaNiGQOf8/

ZDI-15-118: IBM Tivoli Storage Manager FastBack Mount CMountDismount::GetVaultDump Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability.

http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/RumTeWThXlw/

DFN-CERT-2015-0484 - F5 Networks BIG-IP Protocol Security Module (PSM), F5 Networks BIG-IP Systeme: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes

08.04.2015

https://portal.cert.dfn.de/adv/DFN-CERT-2015-0484/

DFN-CERT-2015-0477 - MantisBT: Mehrere Schwachstellen ermöglichen u. a. das Ausführen beliebigen Programmcodes

08.04.2015

https://portal.cert.dfn.de/adv/DFN-CERT-2015-0477/

Asterisk TLS Certificate Validation Flaw With Null Byte in Common Name Lets Remote Users Bypass Certificate Validation

http://www.securitytracker.com/id/1032052

CiviCRM private report - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-094

Advisory ID: DRUPAL-SA-CONTRIB-2015-094Project: CiviCRM private report (third-party module)Version: 6.x, 7.xDate: 2015-April-08 Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryDescriptionCiviCRM private report module enables users to create their own private copies of CiviCRM reports, which they can modify and save to meet their needs without requiring the "Administer reports" permission.The

https://www.drupal.org/node/2467697

[2015-04-09] Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows

XSS and XSRF vulnerabilities within the Confluence plugin Comala Workflows of Comalatech enable an attacker to perform unauthorized actions in the name of another logged-in user and attack other users of the web application with JavaScript code, browser exploits or Trojan horses.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150409-0_Comalatech_ComalaWorkflows_Multiple_XSS_XSRF_vulnerabilities_v10.txt

Juniper Security Advisories

JSA10679 - 2015-04 Security Bulletin: OpenSSL 8th January 2015 advisory.

http://kb.juniper.net/index/content&id=JSA10679&actp=RSS

JSA10680 - 2015-04 Security Bulletin: OpenSSL 19th March 2015 advisory

http://kb.juniper.net/index/content&id=JSA10680&actp=RSS

JSA10678 - 2015-04 Security Bulletin: Junos: Insufficient entropy on QFX3500 and QFX3600 platforms when the system boots up (CVE-2015-3006)

http://kb.juniper.net/index/content&id=JSA10678&actp=RSS

JSA10677 - 2015-04 Security Bulletin: SRX Series: Cross-Site-Scripting Vulnerability in Dynamic VPN (CVE-2015-3005).

http://kb.juniper.net/index/content&id=JSA10677&actp=RSS

JSA10676 - 2015-04 Security Bulletin: SRX Series: ISC BIND vulnerability denial of service in delegation handling (CVE-2014-8500)

http://kb.juniper.net/index/content&id=JSA10676&actp=RSS

JSA10675 - 2015-04 Security Bulletin: Junos J-Web: Clickjacking vulnerability (CVE-2015-3004)

http://kb.juniper.net/index/content&id=JSA10675&actp=RSS

JSA10674 - 2015-04 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in Junos CLI (CVE-2015-3003)

http://kb.juniper.net/index/content&id=JSA10674&actp=RSS

JSA10673 - 2015-04 Security Bulletin: IDP: Multiple vulnerabilities addressed by third party software updates.

http://kb.juniper.net/index/content&id=JSA10673&actp=RSS

JSA10672 - 2015-04 Security Bulletin: SRX Series: disconnecting from console may not automatically log out (CVE-2015-3002)

http://kb.juniper.net/index/content&id=JSA10672&actp=RSS