[CERT-daily] Tageszusammenfassung - Freitag 25-03-2016

Daily end-of-shift report team at cert.at
Fri Mar 25 18:03:42 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 24-03-2016 18:00 − Freitag 25-03-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** DFN-CERT-2016-0510/">Xen, QEMU: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0510/




*** USB Trojan Hides In Portable Applications, Targets Air-Gapped Systems ***
---------------------------------------------
A Trojan program, dubbed USB Thief by researchers at security firm ESET, infects USB drives that contain portable installations of popular applications such as Firefox, NotePad++, or TrueCrypt, and it also seems to be designed to steal information from so-called air-gapped computers. "In the case we ..
---------------------------------------------
https://it.slashdot.org/story/16/03/24/184255/usb-trojan-hides-in-portable-applications-targets-air-gapped-systems




*** F5: sol93122894: OpenSSL vulnerability CVE-2016-0705 ***
---------------------------------------------
OpenSSL handling of malformed DSA private keys may cause memory corruption and possibly stop the handling process.
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/k/93/sol93122894.html




*** Tenable: [R1] Log Correlation Engine (LCE) 4.8.0 Updates Libxml2 ***
---------------------------------------------
The Log Correlation Engine (LCE) uses the third-party Libxml2 library for some XML parsing routines. A vulnerability was found and patched in Libxml2 recently. Tenable has not evaluated this vulnerability beyond acknowledging that user-supplied XML ..
---------------------------------------------
http://www.tenable.com/security/tns-2016-06




*** Cogent DataHub Elevation of Privilege Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a privilege elevation vulnerability in the Cogent DataHub application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-084-01




*** SQL Injection Cheat Sheet ***
---------------------------------------------
What is an SQL Injection Cheat Sheet? An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability. This cheat sheet is of good ..
---------------------------------------------
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/




*** Erpressungstrojaner: "Petya" befällt deutschsprachiges Gebiet ***
---------------------------------------------
Die Ransomware verbreitet sich über Dropbox und zwingt Windows-User, Geld für die Entsperrung ihres Computers zu zahlen.
---------------------------------------------
http://derstandard.at/2000033657066






More information about the Daily mailing list