======================= = End-of-Shift report = =======================
Timeframe: Freitag 07-03-2014 18:00 − Montag 10-03-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter
*** Experts analyze Snake, Uroburos malware samples dating back to 2006 *** --------------------------------------------- Researchers with BAE Systems Applied Intelligence have determined that a possibly Russian-fueled malware campaign known as Snake, or Uroburos, may actually date back as far as 2006. --------------------------------------------- http://www.scmagazine.com/experts-analyze-snake-uroburos-malware-samples-dat...
*** SSL-Verschlüsselung auch in iOS-Apps problematisch *** --------------------------------------------- Nicht nur bei Android-Apps - auch im iPhone-Universum erweisen sich die Datenverbindungen von Apps recht oft als angreifbar. Rund 14 Prozent der iOS-Apps, die SSL einsetzen konnte ein Forscherteam austricksen. --------------------------------------------- http://www.heise.de/newsticker/meldung/SSL-Verschluesselung-auch-in-iOS-Apps...
*** iOS Security *** --------------------------------------------- iOS is designed with comprehensive security that offers enterprise-grade protection of corporate data. Learn more about the advanced security features of iOS in this security guide. --------------------------------------------- https://ssl.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf
*** ETH40G: Verschlüsselung mit 40 Gigabit pro Sekunde *** --------------------------------------------- Mit dem ETH40G aus der SITLine-Reihe verspricht Rohde & Schwarz einen hohen verschlüsselten Datendurchsatz mit 40 Gigabit pro Sekunde in breitbandigen Netzen. --------------------------------------------- http://www.golem.de/news/eth40g-verschluesselung-mit-40-gigabit-pro-sekunde-...
*** Linux kernel IPv6 crash due to router advertisement flooding *** --------------------------------------------- Topic: Linux kernel IPv6 crash due to router advertisement flooding Risk: Medium Text:The Linux kernel is vulnerable to a crash on hosts that accept router advertisements. An unlimited number of routes can be cre... --------------------------------------------- http://cxsecurity.com/issue/WLB-2014030061
*** OpenVZ update for kernel *** --------------------------------------------- OpenVZ has issued an update for the kernel. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to potentially disclose sensitive information and by malicious, local users to cause a DoS (Denial of Service). --------------------------------------------- https://secunia.com/advisories/57300
*** FFmpeg Multiple Vulnerabilities *** --------------------------------------------- Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library. --------------------------------------------- https://secunia.com/advisories/56866
*** Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition. *** --------------------------------------------- Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition. CVE(s): CVE-2014-0428, CVE-2014-0422, CVE-2013-5907, CVE-2014-0415, CVE-2014-0410, CVE-2013-5889, CVE-2014-0417, CVE-2014-0387, CVE-2014-0424, CVE-2013-5878, CVE-2014-0373, CVE-2014-0375, CVE-2014-0403, CVE-2014-0423, CVE-2014-0376, CVE-2013-5910, CVE-2013-5884, CVE-2013-5896, CVE-2013-5899, CVE-2014-0416, CVE-2013-5887, CVE-2014-0368, CVE-2013-5888, CVE-2013-5898 and CVE-2014-0411 Affected product(s) --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/multiple_vulnerabiliti...
*** Vuln: PHP Fileinfo Component Out of Bounds Memory Corruption Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/66002