[CERT-daily] Tageszusammenfassung - Donnerstag 29-01-2015

Daily end-of-shift report team at cert.at
Thu Jan 29 18:06:08 CET 2015 

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 28-01-2015 18:00 − Donnerstag 29-01-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** IT-Security-Links #69 ***
---------------------------------------------
Trojan.Tubrosa is a new click-fraud malware. The attackers compromise victims' computers via Spam campaigns to use them to automatically inflate their YouTube video views. The malware ..
---------------------------------------------
http://securityblog.switch.ch/2015/01/27/it-security-links-69/




*** Asterisk Project Security Advisory - AST-2015-002 ***
---------------------------------------------
CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk ..
---------------------------------------------
http://downloads.asterisk.org/pub/security/AST-2015-002.html




*** ENISA Cloud Certification Schemes Metaframework ***
---------------------------------------------
ENISA publishes a meta-framework and an online tool to help customers with cloud security when buying cloud services.
---------------------------------------------
http://www.enisa.europa.eu/media/press-releases/enisa-cloud-certification-schemes-metaframework




*** Debian Security Advisory DSA-3143-1 virtualbox -- security update ***
---------------------------------------------
CVE-2015-0377, CVE-2015-0418. Two vulnerabilities have been discovered in VirtualBox, a x86 virtualisation solution, which might result in denial of service.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3143




*** CVE-2015-0311 (Flash up to 16.0.0.287) integrating Exploit Kits ***
---------------------------------------------
Patched with Flash 16.0.0.296 the CVE-2015-0311 has been first seen exploited by Angler EK ( 2015-01-20 ) , soon after used in "standalone" mode in huge malvert campaign (pushing either Reveton, either Bedep (doing adfraud and ..
---------------------------------------------
http://malware.dontneedcoffee.com/2015/01/cve-2015-0311-flash-up-to-1600287.html

More information about the Daily mailing list