[CERT-daily] Tageszusammenfassung - Montag 27-10-2014

Daily end-of-shift report team at cert.at
Mon Oct 27 18:08:46 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 24-10-2014 18:00 − Montag 27-10-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** OpenBSD ELF denial of service ***
---------------------------------------------
OpenBSD is vulnerable to a denial of service. A local attacker could exploit this vulnerability using a malicious ELF executable to cause a kernel panic.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/97747




*** A Tale of Two Powerpoint Vulnerabilities ***
---------------------------------------------
It's been already a week after the announcement of the CVE-2014-4114 vulnerability, and the tally of the exploiters have only increased. There are even ..
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002756.html




*** Amplification DDoS attacks most popular, according to Symantec ***
---------------------------------------------
The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.
---------------------------------------------
http://www.scmagazine.com/distributed-denial-of-service-attacks-are-increasing-in-power/article/379299/




*** OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes ***
---------------------------------------------
ownCloud developer Lukas Reschke has sent an email to the Ubuntu Devel mailing list, requesting that ownCloud (server) is removed from the Ubuntu repositories because the package is old and there are multiple critical security bugs for ..
---------------------------------------------
http://linux.slashdot.org/story/14/10/25/0046256/owncloud-dev-requests-removal-from-ubuntu-repos-over-security-holes



*** iTunes 12.0.1 for Windows DLL Hijacking ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014100154




*** Shellshock-Angriffe auf Mailserver ***
---------------------------------------------
Nach Informationen von heise Security versuchen Cyber-Kriminelle derzeit vermehrt, durch die Shellshock-Lücken in Mailserver einzudringen. Server-Betreiber sollten umgehend handeln.
---------------------------------------------
http://www.heise.de/security/meldung/Shellshock-Angriffe-auf-Mailserver-2432107.html




*** WordPress Count-per-Day Plugin (notes.php) Remote Code Upload ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014100161




*** WordPress Download Manager Plugin Arbitrary File Download ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014100160




*** Sipgate und Fidor Bank: DDoS-Angriffe waren Erpressungsversuch ***
---------------------------------------------
Mit dem gross angelegten DDoS-Angriff gegen Sipgate sollte Geld erpresst werden. Auch die Fidor Bank aus München war betroffen. 
---------------------------------------------
http://www.golem.de/news/sipgate-und-fidor-bank-ddos-angriffe-waren-erpressungsversuch-1410-110107.html




*** ASP Backdoors? Sure! It's not just about PHP ***
---------------------------------------------
I recently came to the realization that it might appear that we're partial to PHP and WordPress. This realization has brought about an overwhelming need to correct that perception. While they do make up an interesting percentage, there are various ..
---------------------------------------------
http://blog.sucuri.net/2014/10/asp-backdoors-its-not-all-about-php.html





More information about the Daily mailing list