[CERT-daily] Tageszusammenfassung - Dienstag 12-08-2014

Daily end-of-shift report team at cert.at
Tue Aug 12 18:06:42 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 11-08-2014 18:00 − Dienstag 12-08-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Adobe Security Bulletins Posted ***
---------------------------------------------
The following Security Bulletins have been posted today:

APSB14-18: Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-18.html

APSB14-19: Security updates available for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/reader/apsb14-19.html

Customers of the affected products should consult the relevant Security Bulletin(s) for details.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1118




*** Cisco Unified Communications Manager SIP Subsystem Vulnerability ***
---------------------------------------------
CVE-2014-3337
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337




*** Cisco Unified Communications Manager CTIManager Vulnerability ***
---------------------------------------------
CVE-2014-3338
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338




*** Two new Gameover Zeus variants in the wild ***
---------------------------------------------
About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad.
---------------------------------------------
http://www.scmagazine.com/two-new-gameover-zeus-variants-in-the-wild/article/365647/




*** Millions of PCs Affected by Mysterious Computrace Backdoor ***
---------------------------------------------
Absolute Softwares anti-theft Computrace software is mysteriously installed on brand new machines, nearly impossible to remove, and exploitable.
---------------------------------------------
http://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700




*** NIST wants better SCADA security ***
---------------------------------------------
Preparing the way for a test lab Americas National Institute of Standards and Technology (NIST) wants to take a hand in addressing the SCADA industry's chronic insecurity, by building a test bed for industrial control systems.
---------------------------------------------
http://www.theregister.co.uk/2014/08/12/nist_wants_better_scada_security/




*** Command Injection allows Unauthenticated Command Bypass on multiple D-Link products ***
---------------------------------------------
The DNS-315L DNS-320L, DNS-327L, DNS-340L, and DNS-345 have been identifed as having a vulnerability in their Web-GUI application that allows malicious users to gain access to the device configuraiton, device operating system, and stored file without requiring log-in credentials.
---------------------------------------------
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10042




*** 2Q 2014 Security Roundup: Turning the Tables on Cyber Attacks ***
---------------------------------------------
The incidents that cropped up in the months of April to June 2014 - from the data breaches, DDoS attacks, to malware improvements and threats to privacy - highlighted the need for enterprises to craft a more strategic response against and in anticipation of security threats. There were plenty of threats to be found in the quarter. There was...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Cf4i9ouVNiM/




*** How to hack a Macbook using just USB ***
---------------------------------------------
Yesterday, at the 2014 DEF CON hackers conference in Las Vegas, security researchers Joe Fitzpatrick and Miles Crabil demonstrated how they could directly access the memory of Apple Macbook devices using a piece of hardware they built to plug into the computer's own USB slot.
---------------------------------------------
http://www.techly.com.au/2014/08/12/hack-macbook-using-just-usb/




*** BlackBerry Z10 erlaubte freien Zugriff über das WLAN ***
---------------------------------------------
Sicherheitsforscher haben eine Lücke öffentlich gemacht, die es einem Angreifer erlaubte, auf Daten auf dem BlackBerry Z10 zuzugreifen. Der eingebaute File-Server erlaubte Zugriff auf den Telefonspeicher, ohne nach einem Passwort zu fragen.
---------------------------------------------
http://www.heise.de/security/meldung/BlackBerry-Z10-erlaubte-freien-Zugriff-ueber-das-WLAN-2291022.html


More information about the Daily mailing list