Tageszusammenfassung - Dienstag 8-04-2014

End-of-Shift report

Timeframe: Montag 07-04-2014 18:00 − Dienstag 08-04-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

Der GAU für Verschlüsselung im Web: Horror-Bug in OpenSSL

Ein äußerst schwerwiegender Programmierfehler gefährdet offenbar Verschlüsselung, Schlüssel und Daten der mit OpenSSL gesicherten Verbindungen im Internet. Angesichts der Verbreitung der OpenSource-Biliothek eine ziemliche Katastrophe.

http://www.heise.de/security/meldung/Der-GAU-fuer-Verschluesselung-im-Web-Horror-Bug-in-OpenSSL-2165517.html


VU#568252: Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability

Vulnerability Note VU#568252 Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability Original Release date: 07 Apr 2014 | Last revised: 07 Apr 2014 Overview Websense Triton Unified Security Center 7.7.3 and possibly earlier versions contains an information disclosure vulnerability which could allow an authenticated attacker to view stored credentials of a possibly higher privileged user. Description CWE-200: Information ExposureWhen logged into the Websense Triton

http://www.kb.cert.org/vuls/id/568252


Energieversorger testet Sicherheit – und fällt durch

In „Stirb langsam 4.0“ fahren Cyber-Gauner übers Internet die komplette Stromversorgung im Osten der USA herunter. Ein unrealistisches Szenario? Nicht ganz ...

http://www.heise.de/newsticker/meldung/Energieversorger-testet-Sicherheit-und-faellt-durch-2165153.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


The Muddy Waters of XP End-of-Life and Public Disclosures

Security researchers who have privately disclosed Windows XP vulnerabilities to Microsoft may never see patches for their bugs with XPs end of life date at hand. Will there be a rash of public disclosures?

http://threatpost.com/the-muddy-waters-of-xp-end-of-life-and-public-disclosures/105295


2013 wurden Daten von über 500 Millionen Nutzern geklaut

Daten von mehr als einer halben Milliarde Internet-Nutzer sind im vergangenen Jahr nach Berechnung von IT-Sicherheitsexperten bei Online-Angriffen gestohlen worden.

http://futurezone.at/digital-life/2013-wurden-daten-von-ueber-500-millionen-nutzern-geklaut/59.792.048


Hintergrund: ct-Fritzbox-Test spürt verborgene Geräte auf

Manche Nutzer des Fritzbox-Tests erhalten unerwartete Ergebnisse. Nicht selten sind WLAN-APs, Repeater oder andere AVM-Geräte die Ursache. Darüber hinaus gibt es auch einige Fehlerquellen, die einen händischen Test erforderlich machen können.

http://www.heise.de/newsticker/meldung/Hintergrund-c-t-Fritzbox-Test-spuert-verborgene-Geraete-auf-2165771.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


The 2013 Internet Security Threat Report: Year of the Mega Data Breach

Once again, it’s time to reveal the latest findings from our Internet Security Threat Report (ISTR), which looks at the current state of the threat landscape, based on our research and analysis from the past year. Key trends from this year’s report include the large increase in data breaches and targeted attacks, the evolution of mobile malware and ransomware, and the potential threat posed by the Internet of Things.

http://www.symantec.com/connect/blogs/2013-internet-security-threat-report-year-mega-data-breach


Cacti Multiple Vulnerabilities

Some vulnerabilities have been reported in Cacti, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and compromise a vulnerable system. * CVE-2014-2326 * CVE-2014-2708 * CVE-2014-2709

https://secunia.com/advisories/57647


Open-Xchange Email Autoconfiguration Information Disclosure Weakness

A weakness has been reported in Open-Xchange, which can be exploited by malicious people to disclose certain sensitive information. The weakness is caused due to the application communicating certain information via parameters of a GET request when using the email autoconfiguration, which can be exploited to disclose the account password.

https://secunia.com/advisories/57654


VU#345337: J2k-Codec contains multiple exploitable vulnerabilities

Vulnerability Note VU#345337 J2k-Codec contains multiple exploitable vulnerabilities Original Release date: 08 Apr 2014 | Last revised: 08 Apr 2014 Overview J2k-Codec contains multiple exploitable vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description J2k-Codec is a JPEG 2000 decoding library for Windows. J2k-Codec contains multiple exploitable exploitable vulnerabilities that can lead to arbitrary code execution.

http://www.kb.cert.org/vuls/id/345337