[CERT-daily] Tageszusammenfassung - Freitag 27-06-2014

Daily end-of-shift report team at cert.at
Fri Jun 27 18:05:07 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 26-06-2014 18:00 − Freitag 27-06-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Stuxnet-like Havex Malware Strikes European SCADA Systems ***
---------------------------------------------
Security researchers have uncovered a new Stuxnet like malware, named as "Havex", which was used in a number of previous cyber attacks against organizations in the energy sector. Just like Famous Stuxnet Worm, which was specially designed to sabotage the Iranian nuclear project, the new trojan Havex is also programmed to infect industrial control system softwares of SCADA and ICS systems,...
---------------------------------------------
http://thehackernews.com/2014/06/stuxnet-like-havex-malware-strikes.html




*** Integer-Overflow: Sicherheitslücke in Kompressionsverfahren LZ4 und LZO ***
---------------------------------------------
Im Code für die weit verbreiteten Kompressionsverfahren LZO und LZ4 wurde eine Sicherheitslücke entdeckt. Das betrifft zahlreiche Anwendungen, darunter den Linux-Kernel, die Multimediabibliotheken FFmpeg und Libav, sowie OpenVPN.
---------------------------------------------
http://www.golem.de/news/integer-overflow-sicherheitsluecke-in-kompressionsverfahren-lz4-und-lzo-1406-107501-rss.html




*** Image Stock Spam Reemerges ***
---------------------------------------------
Image stock spam, which can affect share prices and cause financial loss, has become more prominent in the last week. Image spam has been around for a longtime and peaked in January 2007 when Symantec estimated that image spam accounted for nearly 52 percent of all spam. Pump-and-dump image stock spam made up a significant portion of that 52 percent.
---------------------------------------------
http://www.symantec.com/connect/blogs/image-stock-spam-reemerges




*** 1st International Conference on Information Systems Security and Privacy - ICISSP 2015 ***
---------------------------------------------
Venue: ESEO, Angers, Loire Valley, France Event date: 9 - 11 February, 2015 Scope: The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues.
---------------------------------------------
http://www.securityfocus.com/archive/1/532572




*** Neue PHP-Versionen verarzten Sicherheitslücken ***
---------------------------------------------
PHP 5.4.30 und 5.5.14 schließen jeweils eine größere Anzahl von Sicherheitslücken; die Entwickler empfehlen ein zügiges Upgrade.
---------------------------------------------
http://www.heise.de/security/meldung/Neue-PHP-Versionen-verarzten-Sicherheitsluecken-2241432.html




*** Thomson TWG87OUIR Cross Site Request Forgery ***
---------------------------------------------
Topic: Thomson TWG87OUIR Cross Site Request Forgery Risk: Medium Text:#Author: nopesled #Date: 24/06/14 #Vulnerability: POST Password Reset CSRF #Tested on: Thomson TWG87OUIR (Hardware Version) ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014060148




*** Bugtraq: [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/532571




*** Security Notice-Statement About the Impact of the Dual_EC_DRBG Vulnerability on Huawei Devices ***
---------------------------------------------
Jun 27, 2014 17:39
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-347145.htm




*** Vuln: LZ4 lz4.c Memory Corruption Vulnerability ***
---------------------------------------------
LZ4 lz4.c Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/68218


More information about the Daily mailing list