CERT-MU Security Bulletin for the week of 26, January 2015

National Computer Board
Computer Emergency Response Team of Mauritius
(CERT-MU)
Weekly Security Bulletin
CERT-MU Weekly Security Bulletin provides a summary of information security news,
vulnerabilities, advisories and virus alerts for the week of January 26, 2015. This information is
uploaded on CERT-MU website on a daily basis. For details, refer to CERT-MU website:
http://cert-mu.org.mu.
Information Security News
 Hottest News of the Week
Another Emergency Flash Player Patch
For the second time in a week, Adobe has issued an emergency update to fix a critical security
flaw that cybercriminals are actively exploiting in its Flash Player software. Updates are
available for Flash Player on Windows and Mac OS X. Last week, Adobe released an out-ofband Flash Patch to fix a dangerous bug that attackers were already exploiting. In that advisory,
Adobe stated it was aware of yet another zero-day flaw that also was being exploited, but the
previous patch did not fixed that flaw.
Read More
Vulnerabilities
The table below shows the vulnerabilities related to various Operating Systems, Application
software and Network devices discovered during the week of January 26, 2015. More details
about the vulnerabilities and their countermeasures are available on the CERT-MU website. The
vulnerabilities are organized according to their severity – High, Medium and Low.
Vulnerabilities – Medium
Vendor /
Product
Cisco
Vulnerability
Cisco Prime Service Catalog
XML External Entity
Processing Vulnerability
Published Date
CERT-MU References
January 30, 2015
VN-2015-18
1
Apple
McAfee
IBM
Adobe
Apple iOS Flaws Let Remote
Users and Applications Bypass
Security Restrictions
McAfee Data Loss Prevention
Bugs
Permit
Cross-Site
Scripting Attacks and Remote
Authenticated SQL Injection
and Information Disclosure
Attacks
IBM Business Process Manager
Input Validation Flaws in
Process Portal Permit CrossSite Scripting Attacks
Adobe Flash Player Memory
Leak Lets Remote Users
Bypass Address Randomization
January 29, 2015
VN-2015-17
January 28, 2015
VN-2015-16
January 28, 2015
VN-2015-15
January 26, 2015
VN-2015-14
Virus Alerts
The latest viruses and risks for this week are listed below. Users are required to follow the links
on CERT-MU website for the removal instructions as proposed by the specific vendors.
Virus Alerts
Name
Type
Damage
Level
Trojan.Cryptolocker!g6
Trojan
Low
Trojan.Ransomlock!g81
Trojan
Medium
Trojan.Swifi!gen1
Trojan
Medium
Systems Affected




















Windows 2000
Windows 7
Windows 95
Windows 98
Windows Me
Windows NT
Windows Vista
Windows XP
Windows 2000
Windows 7
Windows Vista
Windows XP
Linux
Windows 2000
Windows 7
Windows 95
Windows 98
Windows Me
Windows NT
Windows Vista
Release Date
January 27, 2015
January 26, 2015
January 25, 2015
2


Windows XP
Windows Server 2003
Please note that the members who do not want to receive the weekly security bulletin, they can
unsubscribe from CERT-MU mailing list by sending an e-mail to the following address:
[email protected]
For more information please contact CERT-MU team on:
Hotline No: (+230) 800 2378
Fax No: (+230) 208 0119
Gen. Info. : [email protected]
Incident: [email protected]
Website: http://cert-mu.org.mu
3