National Computer Board Computer Emergency Response Team of Mauritius (CERT-MU) Weekly Security Bulletin CERT-MU Weekly Security Bulletin provides a summary of information security news, vulnerabilities, advisories and virus alerts for the week of January 26, 2015. This information is uploaded on CERT-MU website on a daily basis. For details, refer to CERT-MU website: http://cert-mu.org.mu. Information Security News  Hottest News of the Week Another Emergency Flash Player Patch For the second time in a week, Adobe has issued an emergency update to fix a critical security flaw that cybercriminals are actively exploiting in its Flash Player software. Updates are available for Flash Player on Windows and Mac OS X. Last week, Adobe released an out-ofband Flash Patch to fix a dangerous bug that attackers were already exploiting. In that advisory, Adobe stated it was aware of yet another zero-day flaw that also was being exploited, but the previous patch did not fixed that flaw. Read More Vulnerabilities The table below shows the vulnerabilities related to various Operating Systems, Application software and Network devices discovered during the week of January 26, 2015. More details about the vulnerabilities and their countermeasures are available on the CERT-MU website. The vulnerabilities are organized according to their severity – High, Medium and Low. Vulnerabilities – Medium Vendor / Product Cisco Vulnerability Cisco Prime Service Catalog XML External Entity Processing Vulnerability Published Date CERT-MU References January 30, 2015 VN-2015-18 1 Apple McAfee IBM Adobe Apple iOS Flaws Let Remote Users and Applications Bypass Security Restrictions McAfee Data Loss Prevention Bugs Permit Cross-Site Scripting Attacks and Remote Authenticated SQL Injection and Information Disclosure Attacks IBM Business Process Manager Input Validation Flaws in Process Portal Permit CrossSite Scripting Attacks Adobe Flash Player Memory Leak Lets Remote Users Bypass Address Randomization January 29, 2015 VN-2015-17 January 28, 2015 VN-2015-16 January 28, 2015 VN-2015-15 January 26, 2015 VN-2015-14 Virus Alerts The latest viruses and risks for this week are listed below. Users are required to follow the links on CERT-MU website for the removal instructions as proposed by the specific vendors. Virus Alerts Name Type Damage Level Trojan.Cryptolocker!g6 Trojan Low Trojan.Ransomlock!g81 Trojan Medium Trojan.Swifi!gen1 Trojan Medium Systems Affected                     Windows 2000 Windows 7 Windows 95 Windows 98 Windows Me Windows NT Windows Vista Windows XP Windows 2000 Windows 7 Windows Vista Windows XP Linux Windows 2000 Windows 7 Windows 95 Windows 98 Windows Me Windows NT Windows Vista Release Date January 27, 2015 January 26, 2015 January 25, 2015 2   Windows XP Windows Server 2003 Please note that the members who do not want to receive the weekly security bulletin, they can unsubscribe from CERT-MU mailing list by sending an e-mail to the following address: [email protected] For more information please contact CERT-MU team on: Hotline No: (+230) 800 2378 Fax No: (+230) 208 0119 Gen. Info. : [email protected] Incident: [email protected] Website: http://cert-mu.org.mu 3