[CERT-daily] Tageszusammenfassung - Dienstag 15-07-2014

Daily end-of-shift report team at cert.at
Tue Jul 15 18:12:50 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 14-07-2014 18:00 − Dienstag 15-07-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Introduction to Smart Meters ***
---------------------------------------------
While wearable personal technology may be the most 'public' face of the Internet of Everything, the most widespread use of it may be in smart meters. What is a smart meter, exactly? It's a meter for utilities (electricity, gas, or water) that records the consumption of the utility in question, and transmits it ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/introduction-to-smart-meters/




*** Disclosure: Insecure Nonce Generation in WPtouch ***
---------------------------------------------
If you use the popular WPtouch plugin (5m+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in ..
---------------------------------------------
http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html



*** Five Year Old Phishing Campaign Unveiled ***
---------------------------------------------
Details have been disclosed on a five-year-old phishing campaign where in attackers have pilfered victims's login credentials from Google, Yahoo, Facebook, Dropbox and Skype.
---------------------------------------------
http://threatpost.com/five-year-old-phishing-campaign-unveiled/107197




*** OpenVPN PrivateTunnel ptservice privilege escalation ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/94482




*** HP StoreVirtual Bugs Let Remote Users Obtain Information and Remote Authenticated Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1030567




*** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway, formerly known ..
---------------------------------------------
http://support.citrix.com/article/CTX140863




*** iCloud-Mail-Versand jetzt auch verschlüsselt ***
---------------------------------------------
Als einer der letzten grossen Mail-Provider hat Apple nun die Sicherung des Transports gegen einfaches Mitlesen eingeschaltet. Die eingesetzten Verfahren lassen allerdings viel zu wünschen übrig.
---------------------------------------------
http://www.heise.de/security/meldung/iCloud-Mail-Versand-jetzt-auch-verschluesselt-2260410.html




*** OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070078




*** Oracle zur Zukunft von Java 7 unter Windows XP ***
---------------------------------------------
Java 7 wird bis frühestens April 2015 mit Security-Updates versorgt. Alle weiteren Releases der vorletzten Java-Version bis dahin werden auch weiterhin mit dem nicht mehr von Microsoft offiziell unterstützten Windows XP funktionieren.
---------------------------------------------
http://www.heise.de/security/meldung/Oracle-zur-Zukunft-von-Java-7-unter-Windows-XP-2260554.html




*** The 'Forbidden' Apple: App Stores and the Illusion of Control Part I ***
---------------------------------------------
There is no doubt we truly live in an 'App Economy.' From personal to professional, we direct and live our lives through our smart phones. But while we enjoy the latest games, stream the latest content or catch up on our friends activities, few think ..
---------------------------------------------
http://research.zscaler.com/2014/07/the-forbidden-apple-app-stores-and.html




*** And the mice will 'Play': App Stores and the Illusion of Control Part II ***
---------------------------------------------
In the last blog, we began analyzing what we've termed the vApp Dichotomy' of the App Economy - The fact that we are at least as much the consumed, as we are the consumer. Our goal was to analyze popular apps from Apple's App Store and Google Play to ..
---------------------------------------------
http://research.zscaler.com/2014/07/and-mice-will-play-app-stores-and.html




*** Project Zero: Google baut Internet-Sicherheitsteam auf ***
---------------------------------------------
Mit Vollzeit-Entwicklern im Project Zero will Google, das Sicherheitsforschung bisher nur nebenbei betrieben hat, das Internet sicherer machen und politisch Verfolgten helfen.
---------------------------------------------
http://www.golem.de/news/project-zero-google-baut-internet-sicherheitsteam-auf-1407-107894-rss.html




*** New Kronos Banking Malware Advertised On Russian Forums ***
---------------------------------------------
Researchers have spotted a new banking Trojan advertised for sale on Russian forums. Kronos promises features that help it evade detection and analysis, such as a Ring3 rootkit.
---------------------------------------------
http://threatpost.com/new-kronos-banking-malware-advertised-on-russian-forums/107210






More information about the Daily mailing list