[CERT-daily] Tageszusammenfassung - Montag 22-07-2013

Daily end-of-shift report team at cert.at
Mon Jul 22 18:09:49 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 19-07-2013 18:00 − Montag 22-07-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Hack exposes e-mail addresses, password data for 2 million Ubuntu Forum users ***
---------------------------------------------
Ubuntu maintainer Canonical exhorts users to change passwords immediately.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/_k7Kb5g3abo/story01.htm




*** Bugtraq: Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability ***
---------------------------------------------
References: http://vulnerability-lab.com/get_content.php?id=775
---------------------------------------------
http://www.securityfocus.com/archive/1/527423




*** Bugtraq: Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities ***
---------------------------------------------
References: http://www.vulnerability-lab.com/get_content.php?id=727
---------------------------------------------
http://www.securityfocus.com/archive/1/527422




*** Gefahr durch SIM-Karten-Hack ***
---------------------------------------------
Die ITU will Mobilfunkprovider weltweit auf die Gefahr durch schwache Verschlüsselungstechnik von SIM-Karten aufmerksam machen. Angreifer können dadurch Handys mit manipulierten SMS-Nachrichten übernehmen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/ITU-warnt-vor-Gefahr-durch-SIM-Karten-Hack-1920896.html




*** GPG4Win bringt Verschlüsselung für Outlook 2010 ***
---------------------------------------------
Mit neuer Version werden auch die 64-bit-Versionen von Windows XP und Vista unterstützt
---------------------------------------------
http://derstandard.at/1373513307363




*** Compromised Sites Conceal StealRat Botnet Operations ***
---------------------------------------------
Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic. Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCompromised Sites Conceal StealRat Botnet Operations...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/0Z3mrtbjVD4/




*** Apple Developer Site Breach, (Mon, Jul 22nd) ***
---------------------------------------------
Apple closed access to its developer site after learning that it had been compromissed and developers personal information had been breached [1].  In the notice posted to the site, Apple explained that some developers personal information like name, e-mail address and mailing address may have been accessed. The note does not mention passwords, or if password hashes were accessed.   One threat often forgotten in these breaches is phishing. If an attacker has access to some personal information...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16210&rss




*** Apache HTTP Server mod_dav and mod_session_dbd Vulnerabilities ***
---------------------------------------------
Two vulnerabilities have been reported in Apache HTTP Server, where one has an unknown impact and the other one can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54241




*** IBM WebSphere Message Broker Java Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM WebSphere Message Broker, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/54261


More information about the Daily mailing list