End-of-Shift report
Timeframe: Donnerstag 13-02-2014 18:00 − Freitag 14-02-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Angriffe über Zero-Day-Lücke im Internet Explorer
Im IE klafft eine kritische Schwachstelle, durch die man seinen Rechner beim Surfen mit Schadcode infizieren kann. Sie wird bereits für gezielte Cyber-Angriffe missbraucht.
http://www.heise.de/security/meldung/Angriffe-ueber-Zero-Day-Luecke-im-Internet-Explorer-2113169.html
http://www.securitytracker.com/id/1029765
http://www.kb.cert.org/vuls/id/732479
BSI warnt Admins: "Zahlreiche deutsche Server mit Ebury-Rootkit infiziert"
Das CERT-Bund hat das Linux-Rootkit bereits auf hunderten deutschen Servern lokalisiert; vermutlich sind deutlich mehr betroffen. Admins sollten ihr System jetzt testen.
http://www.heise.de/security/meldung/BSI-warnt-Admins-Zahlreiche-deutsche-Server-mit-Ebury-Rootkit-infiziert-2113848.html
Bizarre attack infects Linksys routers with self-replicating malware
Some 1,000 devices have been hit by the worm, which seeks out others to infect.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/9tO67obVxlY/story01.htm
Apples iCloud verschickt und empfängt Mail im Klartext
Ein kurzer Nachtest von Apples iCloud-Mail-Diensten förderte zu Tage, dass Apples Mail-Server weniger Schutz vor Schnüfflern bieten als fast aller anderen Mail-Provider.
http://www.heise.de/security/meldung/Apples-iCloud-verschickt-und-empfaengt-Mail-im-Klartext-2112766.html
DoubleClick malvertising campaign exposes long-run beneath the radar malvertising infrastructure
Today, at 2014-02-12 12:16:20 (CET), we became aware of a possible evasive/beneath the radar malvertising based g01pack exploit kit attack, taking place through the DoubleClick ad network using an advertisement featured at About.com. Investigating further, we were able to identify the actual domains/IPs involved in the campaign, and perhaps most interestingly, managed to establish a rather interesting connection between the name servers of one of the domains involved in the attacks, and what...
http://www.webroot.com/blog/2014/02/14/doubleclick-malvertising-campaign-exposes-long-run-beneath-radar-malvertising-infrastructure/
SYM14-004 Symantec Endpoint Protection Management Vulnerabilities
On Tuesday, February 18, SEC Consult Vulnerability Lab, an Austrian-based security consultancy, is planning to release an advisory to the public regarding vulnerabilities that it found within Symantec Endpoint Protection. For additional information on the SYM14-004 vulnerability, read the Symantec Security Response SYM14-004 Security Advisory.
http://www.symantec.com/business/support/index/content&id=TECH214866
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00
http://www.heise.de/security/meldung/Update-fuer-kritische-Luecken-im-Symantec-Endpoint-Protection-Manager-2114834.html
CA 2E Web Option Unauthenticated Privilege Escalation
Topic: CA 2E Web Option Unauthenticated Privilege Escalation Risk: Medium Text:Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E W...
http://cxsecurity.com/issue/WLB-2014020111
http://www.securityfocus.com/archive/1/531064
GnuTLS Intermediate Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation
http://www.securitytracker.com/id/1029766
Bugtraq: Critical security flaws in Nagios NRPE client/server crypto
http://www.securityfocus.com/archive/1/531063