End-of-Shift report
Timeframe: Dienstag 09-09-2014 18:00 − Mittwoch 10-09-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
Security updates available for Adobe Flash Player (APSB14-21)
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions
...
CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
Assessing risk for the September 2014 security updates
Today we released four security bulletins addressing 42 unique CVE's. One bulletin has a maximum severity rating of Critical and the other three have maximum severity Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.
http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx
MSRT September 2014 - Zemot
This month we added the Win32/Zemot family to the Malicious Software Removal Tool. The Zemot family of trojan downloaders are frequently used by malware with a number of different payloads. We started seeing activity from TrojanDownloader:Win32/Upatre.B in late 2013 and identified this threat as the main distributor of the click fraud malware PWS:Win32/Zbot.gen!AP and PWS:Win32/Zbot.CF. We renamed the downloader to Zemot in May 2014. Recently, other malware such as Win32/Rovnix,
http://blogs.technet.com/b/mmpc/archive/2014/09/09/msrt-september-2014-zemot.aspx
Microsoft IIS Web Server - CMD Process Contributing to Website Reinfections
We often spend a lot of time talking about application level malware, but from time to time we do like to dabble in the ever so interesting web server infections as well. It is one of those things that comes with the job. Today, we're going to chat about an interesting reinfection case in which the client was running their website on a Microsoft's Internet Information Services (IIS) web server. Yes, contrary to popular belief many organizations, especially large enterprise
http://blog.sucuri.net/2014/09/microsof-iis-web-server-cmd-process-contributing-to-website-reinfections.html
VMware vSphere product updates to third party libraries
The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue.
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
The September 2014 issue of our SWITCH Security Report is available!
A new issue of our monthly SWITCH Security Report has just been released.
Topics:
- Inside information on government Trojans used internationally published on Twitter
- Page not found: Network blocking in in Switzerland and neighbouring countries
- Breaking bad - malvertising ransomware: ZeroLocker / CryptoLocker / CryptoWall / SynoLocker
- Canvas or cookies - choosing between Scylla and Charybdis
- The Clipboard: Interesting presentations, articles and videos
http://securityblog.switch.ch/2014/09/10/the-september-2014-issue-of-our-switch-security-report-is-available/