[CERT-daily] Tageszusammenfassung - Freitag 6-09-2013

Fri Sep 6 18:15:36 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 05-09-2013 18:00 − Freitag 06-09-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Advance Notification Service for September 2013 Security Bulletin Release ***
---------------------------------------------
In celebration of kids heading back to school, today we're providing advance notification for the release of 14 bulletins, four Critical and 10 Important, for September 2013. The Critical updates address issues in Internet Explorer, Outlook, SharePoint and Windows.  As always, we've scheduled the bulletin release for the second Tuesday of the month, Sept. 10, 2013, at approximately 10:00 a.m. PDT. Revisit this blog then for our analysis of the risk and impact, as well as our
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/09/05/advance-notification-service-for-september-2013-security-bulletin-release.aspx


*** Windows 8s Picture Passwords Weaker Than Users Might Hope ***
---------------------------------------------
colinneagle writes with word of work done by researchers at Arizona State University, Delaware State University and GFS Technology Inc., who find that the multiple-picture sequence security option of Windows 8 suffers from various flaws -- some of them specific to a password system based on gestures, and some analogous to weaknesses in conventional passwords entered by keyboard. "The research found that the strength of picture gesture password has a strong connection to how long a person
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/28mhP0YmW7c/story01.htm


*** The NSA's work to make crypto worse and better ***
---------------------------------------------
Leaked documents say that the NSA has compromised encryption specs. It wasnt always this way.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/b8hGFShwJ6E/story01.htm


*** August 2013 Virus Activity Overview ***
---------------------------------------------
September 2, 2013 In August, Doctor Web specialists analysed a myriad of new malware. At the beginning of the month, they discovered a malicious program that compromised sites making use of popular CMSs. In the second half of August, a Trojan-Spy was found that represents a serious risk to Linux machines. Viruses According to the statistical information collected on computers by Dr.Web CureIt!, Trojan.Loadmoney.1 became the leader among the threats identified Trojan.Hosts.6815, which in an
---------------------------------------------
http://news.drweb.com/show/?i=3885&lng=en&c=9


*** IKEd AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL ***
---------------------------------------------
Topic: IKEd AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090054


*** Vuln: Citrix CloudPortal Services Manager CVE-2013-2939 Unspecified Security Vulnerability ***
---------------------------------------------
Citrix CloudPortal Services Manager CVE-2013-2939 Unspecified Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/62236


*** Patch-Dienstag: Microsoft flickt 14 Mal, Adobe einmal ***
---------------------------------------------
Sowohl Microsoft als auch Adobe wollen am kommenden Dienstag wieder diverse Probleme in ihrer Software beheben. Microsoft plant, vier kritische Lücken zu schließen, wovon eine alle unterstützten Versionen des Internet Explorers betrifft.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Patch-Dienstag-Microsoft-flickt-14-Mal-Adobe-einmal-1951099.html


*** Cisco Jabber for Windows SSL Certificate Verification Security Issue ***
---------------------------------------------
Cisco Jabber for Windows SSL Certificate Verification Security Issue
---------------------------------------------
https://secunia.com/advisories/54622