[CERT-daily] Tageszusammenfassung - Freitag 3-06-2016

Daily end-of-shift report team at cert.at
Fri Jun 3 18:07:59 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 02-06-2016 18:00 − Freitag 03-06-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Trillium Exploit Kit Update Offers 'Security Tips' ***
---------------------------------------------
McAfee Labs has previously blogged about the Trillium Exploit Kit Version 3.0, which is commonly used to create and distribute malware. Last week, Version 4.0 appeared on several underground forums. We have analyzed the new version of the tool ..
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/trillium-exploit-kit-update-offers-security-tips/




*** DSA-3593 libxml2 - security update ***
---------------------------------------------
Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3593




*** GE MultiLink Series Hard-coded Credential Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a hard-coded credential vulnerability in GE's MultiLink series managed switches.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01




*** WP Mobile Detector <= 3.5 - Arbitrary File Upload ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8505




*** Understanding Angler Exploit Kit - Part 1: Exploit Kit Fundamentals ***
---------------------------------------------
Generally speaking, criminal groups use two methods for widespread distribution of malware. The most common method is malicious spam (malspam). This is a fairly direct mechanism, usually through an email attachment or ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/06/unit42-understanding-angler-exploit-kit-part-1-exploit-kit-fundamentals/




*** MySQL is YourSQL ***
---------------------------------------------
Its The End of the World and We Know It If you listen to the press - those purveyors of doom, those nattering nabobs of negativism - you arrive at a single, undeniable conclusion: The worldis going to hell in a hand-basket. They ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21117




*** Nach Kontroversen: Teamviewer führte neue Accountsicherungen ein ***
---------------------------------------------
Wenige Tage nach zahlreichen Nutzerbeschwerden über gehackte Accounts reagiert Teamviewer mit einem vorgezogenen Sicherheitsupdate. Wir haben mit dem Unternehmen darüber gesprochen. 
---------------------------------------------
http://www.golem.de/news/nach-kontroversen-teamviewer-fuehrte-neue-accountsicherungen-ein-1606-121294.html






More information about the Daily mailing list