[CERT-daily] Tageszusammenfassung - Mittwoch 20-08-2014

Daily end-of-shift report team at cert.at
Wed Aug 20 18:10:37 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 19-08-2014 18:00 − Mittwoch 20-08-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter




*** Apache OFBiz cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95356




*** The Administrator of Things (AoT) - A Side Effect of Smartification ***
---------------------------------------------
In an earlier article, we talked about the ongoing smartification of the home - the natural tendency of households to accumulate more intelligent devices over time. While this has its benefits, the residents of smart homes also need to invest their time and energy to maintain these devices. These requirements will only grow as more...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5chS0C_DSr4/




*** RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass ***
---------------------------------------------
Topic: RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass Risk: Medium Text:ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-071 CVE Identifier: CVE-20...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014080085




*** "El Machete" ***
---------------------------------------------
"Machete" is a targeted attack campaign with Spanish speaking roots. Most of the victims are located in Venezuela, Ecuador, , Colombia, Peru, Russia, Cuba, and Spain. Targets include high-level profiles, including intelligence services, military, embassies and government institutions.
---------------------------------------------
https://securelist.com/blog/research/66108/el-machete/




*** Microsoft zieht weitere Windows-Updates zurück ***
---------------------------------------------
Nutzer klagen über Bluescreens und weitere Probleme
---------------------------------------------
http://derstandard.at/2000004536290




*** Vernetzte Geräte: Tausende Sicherheitslücken entdeckt ***
---------------------------------------------
In mehr als 140.000 Geräten haben Forscher teils schwerwiegende Sicherheitslücken entdeckt, darunter Zero-Day-Exploits, hartcodierte Passwörter und private Schlüssel.
---------------------------------------------
http://www.golem.de/news/vernetzte-geraete-tausende-sicherheitsluecken-entdeckt-1408-108708-rss.html




*** Bugtraq: [security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533176




*** Bugtraq: Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533180




*** Bugtraq: CVE-2014-5307 - Privilege Escalation in Panda Security Products ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533182




*** Bugtraq: CVE-2014-4973 - Privilege Escalation in ESET Windows Products ***
---------------------------------------------
Versions 5.0 - 7.0 of ESET Smart Security and ESET Endpoint Security products for Windows XP OS allow a low privileged user to execute code as SYSTEM by exploiting a vulnerability in the ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver also mentioned as Personal Firewall module Build 1183 (20140214) and prior.
---------------------------------------------
http://www.securityfocus.com/archive/1/533184




*** Aktuelle Masche: Krimineller "Blog-Klau" verärgert viele Betreiber ***
---------------------------------------------
Unbekannte spiegeln derzeit dutzende deutsche Blogs und versuchen, mit den gekaperten Inhalten illegal Kasse zu machen.
---------------------------------------------
http://www.heise.de/security/meldung/Aktuelle-Masche-Krimineller-Blog-Klau-veraergert-viele-Betreiber-2297045.html




*** Zertifikate: Google will vor SHA-1 warnen ***
---------------------------------------------
Google will Zertifikate, die mit SHA-1 signiert sind, bis spätestens 2017 loswerden. Der Chrome-Browser wird bald entsprechende Warnungen anzeigen. SHA-1 gilt schon seit einigen Jahren als potentiell unsicher.
---------------------------------------------
http://www.golem.de/news/zertifikate-google-will-vor-sha-1-warnen-1408-108700-rss.html




*** Multiple Vulnerabilities in various IBM Products ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/aix_libxml2_vulnerability?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/vulnerability_in_aix_bind?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_critical_security_vulnerability_in_rds_client_library_affecting_rational_change_cve_2014_3089?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_ibm_multi_enterprise_integration_gateway_cve_2014_4263_cve_2014_4244?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/multiple_vulnerabilities_in_current_releases_of_the_ibm_sdk_java_technology_edition2?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_critical_security_vulnerability_in_rds_client_library_affecting_rational_synergy_cve_2014_3089?lang=en_us


More information about the Daily mailing list