[CERT-daily] Tageszusammenfassung - Donnerstag 27-03-2014
Daily end-of-shift report
team at cert.at
Thu Mar 27 18:08:34 CET 2014
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 26-03-2014 18:00 − Donnerstag 27-03-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Allied Telesis AT-RG634A ADSL router unauthenticated webshell ***
---------------------------------------------
Risk: High, Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell ..
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014030221
*** HP Multiple StoreOnce Products Unauthorised Access Security Bypass Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/57601
*** Linux Kernel ath9k "ath_tx_aggr_sleep()" Race Condition Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/57468
*** When ZOMBIES attack: DDoS traffic triples as 20Gbps becomes the new normal ***
---------------------------------------------
Junk traffic mostly floods in from botnets DDoS traffic has more than trebled since the start of 2013, according to a new study released on Thursday that fingers zombie networks as the primary source of junk traffic that can be used to flood websites.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/03/27/ddos_trends_incapsula/
*** DSA-2885-1 libyaml-libyaml-perl -- security update ***
---------------------------------------------
Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
---------------------------------------------
https://www.debian.org/security/2014/dsa-2885
*** Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication ***
---------------------------------------------
Cisco released its semiannual Cisco IOS Software Security Advisory Bundled Publication on March 26, 2014. In direct response to customer feedback, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year. The publication includes 5 Security Advisories that address vulnerabilities in Cisco IOS Software and 1 Security Advisory that addresses ..
---------------------------------------------
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html
*** Malware Hijacks Android Mobile Devices to Mine Cryptocurrency ***
---------------------------------------------
Several bits of malware targeting Android mobile devices hijack the smartphone or tablets resources to mine digital currency such as Litecoin or Dogecoin.
---------------------------------------------
http://threatpost.com/malware-hijacks-android-mobile-devices-to-mine-cryptocurrency/105059
More information about the Daily
mailing list