[CERT-daily] Tageszusammenfassung - Mittwoch 15-01-2014

Wed Jan 15 18:36:16 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 14-01-2014 18:00 − Mittwoch 15-01-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** Verfassungsschutz: Gefahr der Online-Wirtschaftsspionage noch immer unterschätzt ***
---------------------------------------------
Viele kleine und mittelständische Unternehmen sähen Ausgaben für IT-Sicherheit immer noch nicht als gut investiertes Geld an, meinte der Präsident des Bundesamts für Verfassungsschutz.
---------------------------------------------
http://www.heise.de/security/meldung/Verfassungsschutz-Gefahr-der-Online-Wirtschaftsspionage-noch-immer-unterschaetzt-2085962.html


*** NSA zapft auch Computer ohne Internetverbindung an ***
---------------------------------------------
Die NSA hat weltweit auf rund 100.000 Computern Spionagesoftware installiert. Auch zu Computern ohne Internetverbindung hat sich der US-Geheimdienst Zutritt verschafft.
---------------------------------------------
http://futurezone.at/netzpolitik/nsa-zapft-auch-computer-ohne-internetverbindung-an/46.101.666


*** A Look Into the Future and the January 2014 Bulletin Release ***
---------------------------------------------
In January, there are those who like to make predictions about the upcoming year. I am not one of those people. Instead, I like to quote Niels Bohr who said, "Prediction is very difficult, especially if it's about the future." However, I can say without a doubt that change is afoot in 2014.  In February, usage of the MD5 hash algorithm in certificates will be restricted, as first discussed in Security Advisory 2862973, and the update goes out through Microsoft Update on the...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2014/01/14/a-look-into-the-future-and-the-january-2014-bulletin-release.aspx


*** Kritische und wichtige Patches von Adobe und Microsoft ***
---------------------------------------------
Was lange währt wird endlich gut: Microsoft hat an seinem Patchday unter anderem die Rechteausweitungslücke in Windows geschlossen, die mindestens seit November für Angriffe missbraucht wird. Von Adobe gibt es dringende Updates für Acrobat und Reader.
---------------------------------------------
http://www.heise.de/security/meldung/Kritische-und-wichtige-Patches-von-Adobe-und-Microsoft-2086014.html


*** Oracle schließt 144 Sicherheitslücken ***
---------------------------------------------
Update betrifft auch Java 7 und Java 5
---------------------------------------------
http://derstandard.at/1388651059299


*** Adobe Security Bulletins Posted ***
---------------------------------------------
Today, we released the following Security Bulletins:
APSB14-01 – Security updates available for Adobe Reader and Acrobat
APSB14-02 – Security updates available for Adobe Flash Player 
Customers of the affected products should consult the relevant Security Bulletin(s) for details.
---------------------------------------------
http://blogs.adobe.com/psirt/?p=1041


*** Oracle Critical Patch Update Advisory - January 2014 ***
---------------------------------------------
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 144 new security fixes across the product families listed below.
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html


*** Summary for January 2014 - Version: 1.0 ***
---------------------------------------------
This bulletin summary lists security bulletins released for January 2014.
With the release of the security bulletins for January 2014, this bulletin summary replaces the bulletin advance notification originally issued January 9, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
---------------------------------------------
http://technet.microsoft.com/en-ca/security/bulletin/ms14-jan