[CERT-daily] Tageszusammenfassung - Montag 2-12-2013

Mon Dec 2 18:07:24 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 29-11-2013 18:00 − Montag 02-12-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** SMS-Angriff zwingt Nexus-Smartphones in die Knie ***
---------------------------------------------
Der Empfang vieler Flash-SMS-Nachrichten soll Google-Nexus-Geräte rebooten. Davon betroffen sind auch Nexus-Smartphones mit aktuellem Android 4.4 (Kitkat).
---------------------------------------------
http://www.heise.de/security/meldung/SMS-Angriff-zwingt-Nexus-Smartphones-in-die-Knie-2058298.html


*** Windows TIFF-Lücke bereits seit Juli ausgenutzt - Patch Fehlanzeige ***
---------------------------------------------
Bereits im Sommer wurden E-Mails verschickt, die mit TIFF-Bildern eine kürzlich bekannt gewordene Windows-Lücke ausnutzten. Und während die Zahl dieser Schädlinge weiter wächst, gibt es immer noch keinen Patch vom Microsoft.
---------------------------------------------
http://www.heise.de/security/meldung/Windows-TIFF-Luecke-bereits-seit-Juli-ausgenutzt-Patch-Fehlanzeige-2058019.html


*** Nachholbedarf beim Schutz von industriellen Kontrollsystemen ***
---------------------------------------------
Sicherheitsprobleme mit industriellen Kontrollsystemen machen immer wieder Schlagzeilen. Das BSI gibt Betreibern nun mit einem 124-seitigen Leitfaden bewährte Methoden an die Hand, um ihre Systeme abzusichern.
---------------------------------------------
http://www.heise.de/security/meldung/Nachholbedarf-beim-Schutz-von-industriellen-Kontrollsystemen-2057953.html


*** Important Security Update for D-Link Routers ***
---------------------------------------------
D-Link has released an important security update for some of its older Internet routers. The patch closes a backdoor in the devices that could let attackers seize remote control over vulnerable routers.
---------------------------------------------
krebsonsecurity.com/2013/12/important-security-update-for-d-link-routers/


*** File Sharing Apps Expose iOS To Security Risks - Trustwave ***
---------------------------------------------
File sharing apps for Apple iOS mobile devices can potentially represent a security risk to users, according to a Trustwave security researcher.
---------------------------------------------
http://www.techweekeurope.co.uk/news/researcher-file-sharing-apps-expose-ios-security-risks-133096


*** Manipulation of hard drive firmware to conceal entire partitions ***
---------------------------------------------
Tools created by the computer hacking community to circumvent security protection on hard drives can have unintentional consequences for digital forensics. Tools originally developed to circumvent Microsoft's Xbox 360 hard drive protection can be used, independently of the Xbox 360 system, to change the reported size/model of a hard drive enabling criminals to hide data from digital forensic software and hardware.
---------------------------------------------
https://www.comp.glam.ac.uk/staff/kxynos/papers/read13-DI-HDD-manipulation.pdf


*** Description of Cumulative Update 3 for Exchange Server 2013 ***
---------------------------------------------
This article describes Cumulative Update 3 for Microsoft Exchange Server 2013 that provides the latest fixes for Exchange Server 2013 and contains stability and performance improvements.
---------------------------------------------
http://support.microsoft.com/kb/2892464


*** Uptime Agent 5.0.1 Stack Overflow Vulnerability ***
---------------------------------------------
Topic: Uptime Agent 5.0.1 Stack Overflow Vulnerability Risk: Medium Text:# Exploit Title: Up.Time Agent 5.0.1 Stack Overflow # Date: 28/11/2013 # Exploit Author: Denis Andzakovic # Vendor Homepage:...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013120009


*** Vuln: ABB MicroSCADA wserver.exe Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63901


*** Vuln: Jenkins Exclusion Plugin CVE-2013-6373 Unspecified Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63876


*** Google Nexus SMS Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1029414