Deutsch | English

[CERT-daily] Tageszusammenfassung - Freitag 19-02-2016

Daily end-of-shift report team at cert.at
Fri Feb 19 18:02:49 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 18-02-2016 18:00 − Freitag 19-02-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Maimed Ramnit Still Lurking in the Shadow ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2016/02/maimed_ramnit_still.html




*** ZDI-16-172: Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-172/




*** Mutliple vulnerabilities in SAP 3D Visual Enterprise Viewer SketchUp document ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-176/
http://www.zerodayinitiative.com/advisories/ZDI-16-175/
http://www.zerodayinitiative.com/advisories/ZDI-16-174/
http://www.zerodayinitiative.com/advisories/ZDI-16-173/




*** Krypto-Trojaner Locky wütet in Deutschland: Über 5000 Infektionen pro Stunde ***
---------------------------------------------
Die neue Ransomware Locky findet hierzulande offenbar massenhaft Opfer, darunter auch ein Fraunhofer-Institut. Inzwischen haben die Täter ihrem Schädling sogar Deutsch beigebracht.
---------------------------------------------
http://heise.de/-3111774




*** B+B SmartWorx VESP211 Authentication Bypass Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an authentication bypass vulnerability in B+B SmartWorx's VESP211 serial servers.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-049-01




*** AMX Multiple Products Credential Management Vulnerabilities ***
---------------------------------------------
This advisory contains mitigations details for hard-coded passwords in multiple AMX products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-049-02




*** Privilege Escalation: Schon wieder Sicherheitslücke bei Comodo ***
---------------------------------------------
Ein unsicheres Standardpasswort in der Comodo-Internet-Security-Suite ermöglicht es Angreifern, ihre Rechte zu erweitern, um beliebige Programme auszuführen. Auf dem Rechner selbst - aber möglicherweise auch aus der Ferne. 
---------------------------------------------
http://www.golem.de/news/privilege-escalation-schon-wieder-sicherheitsluecke-in-comodo-1602-119253.html




*** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates ***
---------------------------------------------
http://support.citrix.com/article/CTX206001






More information about the Daily mailing list
Kontakt
Email: reports@cert.at
Tel.: +43 1 5056416 78
mehr ...
Warnungen
mehr ...
Blog
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

(HTML, PDF).
Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung