[CERT-daily] Tageszusammenfassung - Mittwoch 21-08-2013

Daily end-of-shift report team at cert.at
Wed Aug 21 18:08:08 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 20-08-2013 18:00 − Mittwoch 21-08-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Hacker greift offenbar Zugangsdaten für Twitter ab ***
---------------------------------------------
Ein Hacker hat sich offenbar Zugang zu Anmeldedaten des Kurznachrichtendienstes Twitter verschafft. Der Angreifer, der sich Mauritania Hacker nennt, hat am Dienstag angebliche Detailinformationen zu mehr als 15.000 Twitter-Accounts veröffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/Hacker-greift-offenbar-Zugangsdaten-fuer-Twitter-ab-1939338.html




*** Poison Ivy: Assessing Damage and Extracting Intelligence ***
---------------------------------------------
Today, our research team is publishing a report on the Poison Ivy family of remote access tools (RATs) along with a package of tools created...
---------------------------------------------
http://www.fireeye.com/blog/technical/targeted-attack/2013/08/pivy-assessing-damage-and-extracting-intel.html




*** Measuring Entropy and its Applications to Encryption ***
---------------------------------------------
There have been a bunch of articles about an information theory paper with vaguely sensational headlines like "Encryption is less secure than we thought" and "Research shakes crypto foundations." Its actually not that bad. Basically, the researchers arguethat the traditional measurement of Shannon entropy isnt the right model to use for cryptography, and that minimum entropy is. This difference may...
---------------------------------------------
http://www.schneier.com/blog/archives/2013/08/measuring_entro.html




*** Sicherheitsforscher: Zero-Day-Lücke im Adobe Reader ***
---------------------------------------------
In der aktuellen Version des Adobe Reader soll eine kritische Schwachstelle klaffen, durch die Angreifer Schadcode in PDF-Dokumenten platzieren können. Der Code wird ausgeführt, sobald man das Dokument öffnet.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsforscher-Zero-Day-Luecke-im-Adobe-Reader-1939782.html




*** Gpg4win 2.2 verschlüsselt E-Mails und Dateien ***
---------------------------------------------
Die neue Version 2.2 der GnuPG-Version für Windows unterstützt Outlook 2010 und 2013. Das Verschlüsselungs-Plug-in für den Windows Explorer liegt jetzt auch in einer 64-Bit-Version bei.
---------------------------------------------
http://www.heise.de/security/meldung/Gpg4win-2-2-verschluesselt-E-Mails-und-Dateien-1939546.html




*** Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.7 ***
---------------------------------------------
Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.0.0.7  CVE(s):  CVE-2013-2967, CVE-2013-2976, CVE-2013-4004, CVE-2013-0169, CVE-2013-0597, CVE-2013-1768, CVE-2013-1862, CVE-2013-4005, CVE-2013-3029, CVE-2013-1896, and CVE-2012-2098  Affected product(s) and affected version(s): The following IBM WebSphere Application Server Versions are affected: Version 8.5 Version 8 Version 7 Version 6.1 OSGi Applications and JPA Feature Pack EJB 3.0
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_8_0_0_7?lang=en_us




*** RSA Authentication Agent for PAM Allows Remote Users to Make Unlimited Login Attempts ***
---------------------------------------------
http://www.securitytracker.com/id/1028930




*** IBM WebSphere Portal Unspecified Bug Lets Remote Users Access User Directories ***
---------------------------------------------
http://www.securitytracker.com/id/1028933




*** McAfee Email Gateway Email Processing "ws_inv-smtp" Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54486




*** PHP OpenID XRDS Processing XML External Entities Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/54542




*** Multiple Vulnerabilities in Cisco Unified Communications Manager ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm


More information about the Daily mailing list