Tageszusammenfassung - Mittwoch 10-09-2014

End-of-Shift report

Timeframe: Dienstag 09-09-2014 18:00 − Mittwoch 10-09-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

Security updates available for Adobe Flash Player (APSB14-21)

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions ... CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559

http://helpx.adobe.com/security/products/flash-player/apsb14-21.html


Assessing risk for the September 2014 security updates

Today we released four security bulletins addressing 42 unique CVE's. One bulletin has a maximum severity rating of Critical and the other three have maximum severity Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.

http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx


MSRT September 2014 - Zemot

​This month we added the Win32/Zemot family to the Malicious Software Removal Tool. The Zemot family of trojan downloaders are frequently used by malware with a number of different payloads. We started seeing activity from TrojanDownloader:Win32/Upatre.B in late 2013 and identified this threat as the main distributor of the click fraud malware PWS:Win32/Zbot.gen!AP and PWS:Win32/Zbot.CF. We renamed the downloader to Zemot in May 2014. Recently, other malware such as Win32/Rovnix,

http://blogs.technet.com/b/mmpc/archive/2014/09/09/msrt-september-2014-zemot.aspx


Microsoft IIS Web Server - CMD Process Contributing to Website Reinfections

We often spend a lot of time talking about application level malware, but from time to time we do like to dabble in the ever so interesting web server infections as well. It is one of those things that comes with the job. Today, we're going to chat about an interesting reinfection case in which the client was running their website on a Microsoft's Internet Information Services (IIS) web server. Yes, contrary to popular belief many organizations, especially large enterprise

http://blog.sucuri.net/2014/09/microsof-iis-web-server-cmd-process-contributing-to-website-reinfections.html


VMware vSphere product updates to third party libraries

The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue.

http://www.vmware.com/security/advisories/VMSA-2014-0008.html


The September 2014 issue of our SWITCH Security Report is available!

A new issue of our monthly SWITCH Security Report has just been released. Topics: - Inside information on government Trojans used internationally published on Twitter - Page not found: Network blocking in in Switzerland and neighbouring countries - Breaking bad - malvertising ransomware: ZeroLocker / CryptoLocker / CryptoWall / SynoLocker - Canvas or cookies - choosing between Scylla and Charybdis - The Clipboard: Interesting presentations, articles and videos

http://securityblog.switch.ch/2014/09/10/the-september-2014-issue-of-our-switch-security-report-is-available/