[CERT-daily] Tageszusammenfassung - Dienstag 29-04-2014

Tue Apr 29 18:07:01 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 28-04-2014 18:00 − Dienstag 29-04-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 23.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/2755801


*** Ubuntu 14.04 lockscreen bypass, (Mon, Apr 28th) ***
---------------------------------------------
Upgraded to Ubuntu 14.04? Hold down enter to bypass the lockscreen (what is old is new again): https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572 …" The reporter indicates that he was running Ubuntu 14.04 with all the packages updated. When the screen is locked with password, if holding ENTER, after some seconds the screen freezes and the lock screen ..
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=18039


*** Cisco ASA DHCPv6 Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2182


*** Researchers warn of resurgent Sefnit malware ***
---------------------------------------------
Botnet returns using new tactics A malware infection which drew headlines January has returned and is using new techniques to infect and spread amongst users.
---------------------------------------------
www.theregister.co.uk/2014/04/29/researchers_warn_of_resurgent_sefnit_malware/


*** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in the management component of the Citrix NetScaler Application Delivery Controller ..
---------------------------------------------
http://support.citrix.com/article/CTX140651


*** Massenhack bei AOL: Millionen Nutzer betroffen ***
---------------------------------------------
Unbekannte verschaffen sich Zugang zu privaten Informationen - Unternehmen fordert zum ändern des Passworts auf
---------------------------------------------
http://derstandard.at/1397521927406


*** The FireEye Advanced Threat Report 2013: European Edition ***
---------------------------------------------
We recently published the 2013 FireEye Advanced Threat Report during RSA Conference, providing a global overview of the advanced attacks that FireEye discovered last year. We are now drilling that global analysis down into the European threat ..
---------------------------------------------
http://www.fireeye.com/blog/corporate/2014/04/the-fireeye-advanced-threat-report-2013-european-edition.html


*** Cybercriminals Take Advantage Of Heartbleed With Spam ***
---------------------------------------------
Since news about Heartbleed broke out earlier this month, the Internet has been full of updates, opinions and details about the vulnerability, with personalities ranging from security experts to celebrities talking about it. Being as opportunistic as they are, cybercriminals have taken notice of this and ..
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RKpGQ6-RSA8/


*** Q1 2014 Mobile Threat Report ***
---------------------------------------------
Our Mobile Threat Report for Q1 2014 is out! Heres a couple of the things we cover in it:The vast majority of the new threats found was on Android (no surprise there), which accounted for 275 out of 277 new families we saw in this period, leaving 1 new malware apiece on iOS and Symbian.In Q1, ..
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002699.html


*** 6 free network vulnerability scanners ***
---------------------------------------------
Vulnerability scanners can help you automate security auditing and can play a crucial role in your IT security. They can scan your network and websites for up to thousands of different security risks, produce a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process. While these tools can ..
---------------------------------------------
http://www.csoonline.com/article/2148841/data-protection/6-free-network-vulnerability-scanners.html#tk.rss_applicationsecurity


*** Hashcat-Utils v1.0 Released ***
---------------------------------------------
Hashcat-utils are a set of small utilities that are useful in advanced password cracking. They all are packed into multiple stand-alone binaries. All of these utils are designed to execute only one specific function. Since they all work with STDIN and STDOUT you can group them into chains. The programs are available for Linux and Windows on both 32 bit and 64 bit architectures. The programs are also available as open source.
---------------------------------------------
http://www.toolswatch.org/2014/04/hashcat-utils-v1-0-released/