======================= = End-of-Shift report = =======================
Timeframe: Dienstag 27-01-2015 18:00 − Mittwoch 28-01-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl
*** 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 36.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/2755801
*** USN-2486-1: OpenJDK 6 vulnerabilities *** --------------------------------------------- Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial .. --------------------------------------------- http://www.ubuntu.com/usn/usn-2486-1/
*** VMware Security Advisories - 1 New, 1 Updated, (Wed, Jan 28th) *** --------------------------------------------- VMware has released an new and updated security advisory today. The two security advisories, listed below, address numerous vulnerabilities in the VMware .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=19241
*** Magnetrol HART DTM Vulnerability *** --------------------------------------------- This advisory provides mitigation details for an improper input validation vulnerability in the CodeWrights GmbH HART DTM library utilized by some Magnetrol products. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-15-027-01
*** Schneider Electric Multiple Products Buffer Overflow Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a buffer overflow vulnerability in Schneider Electric's SoMove Lite software package. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-15-027-02
*** CodeWrights GmbH HART DTM Vulnerability (Update B) *** --------------------------------------------- This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01A CodeWrights GmbH HART DTM Vulnerability that was published January 13, 2015, on the ICS-CERT web site. This updated advisory provides mitigation details for an improper input validation vulnerability in CodeWrights .. --------------------------------------------- https://ics-cert.us-cert.gov//advisories/ICSA-15-012-01B
*** Bug in ultra secure BlackPhone let attackers decrypt texts, stalk users *** --------------------------------------------- A recently fixed vulnerability in the BlackPhone instant messaging application gave attackers the ability to decrypt messages, steal contacts, and control vital functions of the device, which is marketed as a more secure way to protect communications from government and criminal snoops. --------------------------------------------- http://arstechnica.com/security/2015/01/bug-in-ultra-secure-blackphone-let-a...
*** CVE-2015-0016: Escaping the Internet Explorer Sandbox *** --------------------------------------------- I analyzed this vulnerability (designated as CVE-2015-0016) because it may be the first vulnerability in the wild that showed the capability to escape the Internet Explorer sandbox. As sandboxing represents a key part of exploit mitigation techniques, any exploit that can break established sandboxes is worth a second look. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2015-0016-esc...
*** Multiple vulnerabilities in the FreeBSD kernel code *** --------------------------------------------- Francisco Falcon from the Core Exploit Writers Team found multiple vulnerabilities in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the .. --------------------------------------------- http://www.net-security.org/secworld.php?id=17882
*** Neue Apple-TV-Software behebt zahlreiche Sicherheitslücken *** --------------------------------------------- Neben iOS 8.1.3 und OS X 10.10.2 hat Apple am Dienstagabend auch noch ein Update der Software seiner Multimediabox veröffentlicht. Neue Funktionen hat die offenbar nicht, dafür jede Menge Fixes. --------------------------------------------- http://heise.de/-2530119
*** Apple security updates 27 Jan 2015 *** --------------------------------------------- http://support.apple.com/en-us/HT1222