[CERT-daily] Tageszusammenfassung - Freitag 14-02-2014

Fri Feb 14 18:12:06 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 13-02-2014 18:00 − Freitag 14-02-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Angriffe über Zero-Day-Lücke im Internet Explorer ***
---------------------------------------------
Im IE klafft eine kritische Schwachstelle, durch die man seinen Rechner beim Surfen mit Schadcode infizieren kann. Sie wird bereits für gezielte Cyber-Angriffe missbraucht.
---------------------------------------------
http://www.heise.de/security/meldung/Angriffe-ueber-Zero-Day-Luecke-im-Internet-Explorer-2113169.html
http://www.securitytracker.com/id/1029765
http://www.kb.cert.org/vuls/id/732479


*** BSI warnt Admins: "Zahlreiche deutsche Server mit Ebury-Rootkit infiziert" ***
---------------------------------------------
Das CERT-Bund hat das Linux-Rootkit bereits auf hunderten deutschen Servern lokalisiert; vermutlich sind deutlich mehr betroffen. Admins sollten ihr System jetzt testen.
---------------------------------------------
http://www.heise.de/security/meldung/BSI-warnt-Admins-Zahlreiche-deutsche-Server-mit-Ebury-Rootkit-infiziert-2113848.html


*** Bizarre attack infects Linksys routers with self-replicating malware ***
---------------------------------------------
Some 1,000 devices have been hit by the worm, which seeks out others to infect.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/9tO67obVxlY/story01.htm


*** Apples iCloud verschickt und empfängt Mail im Klartext ***
---------------------------------------------
Ein kurzer Nachtest von Apples iCloud-Mail-Diensten förderte zu Tage, dass Apples Mail-Server weniger Schutz vor Schnüfflern bieten als fast aller anderen Mail-Provider.
---------------------------------------------
http://www.heise.de/security/meldung/Apples-iCloud-verschickt-und-empfaengt-Mail-im-Klartext-2112766.html


*** DoubleClick malvertising campaign exposes long-run beneath the radar malvertising infrastructure ***
---------------------------------------------
Today, at 2014-02-12 12:16:20 (CET), we became aware of a possible evasive/beneath the radar malvertising based g01pack exploit kit attack, taking place through the DoubleClick ad network using an advertisement featured at About.com. Investigating further, we were able to identify the actual domains/IPs involved in the campaign, and perhaps most interestingly, managed to establish a rather interesting connection between the name servers of one of the domains involved in the attacks, and what...
---------------------------------------------
http://www.webroot.com/blog/2014/02/14/doubleclick-malvertising-campaign-exposes-long-run-beneath-radar-malvertising-infrastructure/


*** SYM14-004 Symantec Endpoint Protection Management Vulnerabilities ***
---------------------------------------------
On Tuesday, February 18, SEC Consult Vulnerability Lab, an Austrian-based security consultancy, is planning to release an advisory to the public regarding vulnerabilities that it found within Symantec Endpoint Protection. For additional information on the SYM14-004 vulnerability, read the Symantec Security Response SYM14-004 Security Advisory.
---------------------------------------------
http://www.symantec.com/business/support/index?page=content&id=TECH214866
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00
http://www.heise.de/security/meldung/Update-fuer-kritische-Luecken-im-Symantec-Endpoint-Protection-Manager-2114834.html


*** CA 2E Web Option Unauthenticated Privilege Escalation ***
---------------------------------------------
Topic: CA 2E Web Option Unauthenticated Privilege Escalation Risk: Medium Text:Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E W...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020111
http://www.securityfocus.com/archive/1/531064


*** GnuTLS Intermediate Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation ***
---------------------------------------------
http://www.securitytracker.com/id/1029766


*** Bugtraq: Critical security flaws in Nagios NRPE client/server crypto ***
---------------------------------------------
http://www.securityfocus.com/archive/1/531063