[CERT-daily] Tageszusammenfassung - Freitag 21-02-2014

Daily end-of-shift report team at cert.at
Fri Feb 21 18:27:40 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 20-02-2014 18:00 − Freitag 21-02-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter




*** Adobe Flash: Zero-Day-Exploit wird aktiv ausgenutzt ***
---------------------------------------------
Adobe hat diesen Monat erneut einen Sicherheitspatch für den Flash Player veröffentlicht. Dieser sollte schleunigst eingespielt werden. Derzeit laufen Attacken auf den Flash Player, bei dem ein Sicherheitsloch aktiv ausgenutzt wird. (Adobe, Server)
---------------------------------------------
http://www.golem.de/news/adobe-flash-zero-day-exploit-wird-aktiv-ausgenutzt-1402-104701-rss.html
http://blogs.adobe.com/psirt/?p=1059
http://helpx.adobe.com/security/products/flash-player/apsb14-07.html




*** Sicherheitsupdate für freie Datenbank PostgreSQL ***
---------------------------------------------
Die Entwickler schließen mehrere Sicherheitslücken, die Anwendern eine Veränderung ihrer Rechte erlaubten. Außerdem warnen sie vor einem noch nicht behobenen Fehler, der das Kapern eines System-Accounts ermöglicht.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-freie-Datenbank-PostgreSQL-2120447.html
http://www.postgresql.org/about/news/1506/




*** Spamvertised "You received a new message from Skype voicemail service" themed emails lead to Angler exploit kit ***
---------------------------------------------
We've just intercepted a currently circulating malicious spam campaign that's attempting to trick potential botnet victims into thinking that they've received a legitimate Voice Message Notification from Skype. In reality though, once socially engineered users click on the malicious link found in the bogus emails, they're automatically exposed to the client-side exploits served by the Angler exploit kit.
---------------------------------------------
http://www.webroot.com/blog/2014/02/20/spamvertised-received-new-message-skype-voicemail-service-themed-emails-lead-angler-exploit-kit/




*** Erpressungs-Trojaner Bitcrypt geknackt ***
---------------------------------------------
Der Erpressungs-Trojaner Bitcrypt verschlüsselt Dateien des Anwenders und rückt die Daten nur gegen Zahlung von Lösegeld wieder raus. Sicherheitsexperten gelang es jedoch, die Verschlüsselung zu knacken.
---------------------------------------------
http://www.heise.de/security/meldung/Erpressungs-Trojaner-Bitcrypt-geknackt-2121158.html




*** Google Fixes 28 Security Flaws in Chrome 33 ***
---------------------------------------------
Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release.
---------------------------------------------
https://threatpost.com/google-fixes-28-security-flaws-in-chrome-33/104391




*** HP Service Manager Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Conduct Cross-Site Scripting and Cross-Site Requset Forgery Attacks ***
---------------------------------------------
CVE Reference: CVE-2013-6202
Date: Feb 21 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
---------------------------------------------
http://www.securitytracker.com/id/1029803
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04117626-1




*** AdRotate 3.9.4 SQL Injection ***
---------------------------------------------
Topic: AdRotate 3.9.4 SQL Injection Risk: Medium Text:Advisory ID: HTB23201 Product: AdRotate Vendor: AJdG Solutions Vulnerable Version(s): 3.9.4 and probably prior Tested Versi...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014020178


More information about the Daily mailing list