Tageszusammenfassung - Donnerstag 29-01-2015

End-of-Shift report

Timeframe: Mittwoch 28-01-2015 18:00 − Donnerstag 29-01-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

IT-Security-Links #69

Trojan.Tubrosa is a new click-fraud malware. The attackers compromise victims' computers via Spam campaigns to use them to automatically inflate their YouTube video views. The malware ..

http://securityblog.switch.ch/2015/01/27/it-security-links-69/

---

Asterisk Project Security Advisory - AST-2015-002

CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk ..

http://downloads.asterisk.org/pub/security/AST-2015-002.html

---

ENISA Cloud Certification Schemes Metaframework

ENISA publishes a meta-framework and an online tool to help customers with cloud security when buying cloud services.

http://www.enisa.europa.eu/media/press-releases/enisa-cloud-certification-schemes-metaframework

---

Debian Security Advisory DSA-3143-1 virtualbox -- security update

CVE-2015-0377, CVE-2015-0418. Two vulnerabilities have been discovered in VirtualBox, a x86 virtualisation solution, which might result in denial of service.

https://www.debian.org/security/2015/dsa-3143

---

CVE-2015-0311 (Flash up to 16.0.0.287) integrating Exploit Kits

Patched with Flash 16.0.0.296 the CVE-2015-0311 has been first seen exploited by Angler EK ( 2015-01-20 ) , soon after used in "standalone" mode in huge malvert campaign (pushing either Reveton, either Bedep (doing adfraud and ..

http://malware.dontneedcoffee.com/2015/01/cve-2015-0311-flash-up-to-1600287.html