[CERT-daily] Tageszusammenfassung - Mittwoch 12-10-2016

Daily end-of-shift report team at cert.at
Wed Oct 12 18:07:08 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 11-10-2016 18:00 − Mittwoch 12-10-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** VU#396440: MatrixSSL contains multiple vulnerabilities ***
---------------------------------------------
Heap-based Buffer Overflow - CVE-2016-6890The Subject Alt Name field of X.509 certificates is not properly parsed. A specially crafted certificate may result in a heap-based buffer overflow ..
---------------------------------------------
http://www.kb.cert.org/vuls/id/396440




*** October 2016 security update release ***
---------------------------------------------
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security ..
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2016/10/11/october-2016-security-update-release/




*** Security Advisory: Expat XML library vulnerability CVE-2015-1283 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/15/sol15104541.html




*** Top of the Junk Pile (Shady TLD research part 16) ***
---------------------------------------------
[Sorry about neglecting the external blog during all of the Symantec excitement this summer, but we had a lot going on... This post is from our internal blog, back in July (7/08/2016), and we wanted to get it out on the site when we resumed blogging, since a lot of people have been ..
---------------------------------------------
https://www.bluecoat.com/2016-10-04/top-junk-pile-shady-tld-research-part-16




*** MSRT October 2016 release: Adding more unwanted software detections ***
---------------------------------------------
Unwanted software often piggy-backs on program downloads, delivered by software bundlers. These bundles, which you might have downloaded, can include software ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/10/11/msrt-october-2016-release-adding-more-unwanted-software-detections/




*** Four vulnerabilities found in Dell SonicWALL Email Security virtual appliance application ***
---------------------------------------------
Digital Defense (DDI) disclosed the discovery of four security vulnerabilities found in the Dell SonicWALL Email Security virtual appliance application. The appliance is frequently deployed as a perimeter device. Further, ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/10/12/sonicwall-email-security-vulnerabilities/




*** Scan Ruby-based apps for security issues with Dawnscanner ***
---------------------------------------------
Dawnscanner is an open source static analysis scanner designed to review the security of web applications written in Ruby. Dawnscanner’s genesis Its developer, Paolo Perego, says that he was motivated to create it back in spring ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/10/12/scan-ruby-based-apps-dawnscanner/




*** WiFi Still Remains a Good Attack Vector ***
---------------------------------------------
WiFi networks areeverywhere! When we plan to visit a place or reserve ahotel for our holidays, we always check first if free WiFi is available (be honest, you do!). Oncewe connected our beloved devices to an external wireless ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21583




*** Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161012-01-smartphone-en




*** List of 2016 OWASP London Talks & Videos ***
---------------------------------------------
https://www.youtube.com/owasplondon




*** VMware vRealize Operations Lets Remote Authenticated Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1036999




*** Several Exploit Kits Now Deliver Cerber 4.0 ***
---------------------------------------------
We have tracked three malvertising campaigns and one compromised site campaign using Cerber ransomware after version 4.0 (detected as as Ransom_CERBER.DLGE) was ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/several-exploit-kits-now-deliver-cerber-4-0/


More information about the Daily mailing list