[CERT-daily] Tageszusammenfassung - Mittwoch 10-09-2014

Wed Sep 10 18:04:50 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 09-09-2014 18:00 − Mittwoch 10-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Security updates available for Adobe Flash Player (APSB14-21) ***
---------------------------------------------
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions
...
CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559
---------------------------------------------
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html


*** Assessing risk for the September 2014 security updates ***
---------------------------------------------
Today we released four security bulletins addressing 42 unique CVE's. One bulletin has a maximum severity rating of Critical and the other three have maximum severity Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.
---------------------------------------------
http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx


*** MSRT September 2014 - Zemot ***
---------------------------------------------
This month we added the Win32/Zemot family to the Malicious Software Removal Tool. The Zemot family of trojan downloaders are frequently used by malware with a number of different payloads. We started seeing activity from TrojanDownloader:Win32/Upatre.B in late 2013 and identified this threat as the main distributor of the click fraud malware PWS:Win32/Zbot.gen!AP and PWS:Win32/Zbot.CF. We renamed the downloader to Zemot in May 2014. Recently, other malware such as Win32/Rovnix,
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/09/09/msrt-september-2014-zemot.aspx


*** Microsoft IIS Web Server - CMD Process Contributing to Website Reinfections ***
---------------------------------------------
We often spend a lot of time talking about application level malware, but from time to time we do like to dabble in the ever so interesting web server infections as well. It is one of those things that comes with the job. Today, we're going to chat about an interesting reinfection case in which the client was running their website on a Microsoft's Internet Information Services (IIS) web server. Yes, contrary to popular belief many organizations, especially large enterprise
---------------------------------------------
http://blog.sucuri.net/2014/09/microsof-iis-web-server-cmd-process-contributing-to-website-reinfections.html


*** VMware vSphere product updates to third party libraries ***
---------------------------------------------
The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0008.html


*** The September 2014 issue of our SWITCH Security Report is available! ***
---------------------------------------------
A new issue of our monthly SWITCH Security Report has just been released.
Topics:
- Inside information on government Trojans used internationally published on Twitter
- Page not found: Network blocking in  in Switzerland and neighbouring countries
- Breaking bad - malvertising ransomware: ZeroLocker / CryptoLocker / CryptoWall / SynoLocker
- Canvas or cookies - choosing between Scylla and Charybdis
- The Clipboard: Interesting presentations, articles and videos
---------------------------------------------
http://securityblog.switch.ch/2014/09/10/the-september-2014-issue-of-our-switch-security-report-is-available/