[CERT-daily] Tageszusammenfassung - Montag 23-11-2015

Daily end-of-shift report team at cert.at
Mon Nov 23 18:04:53 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 20-11-2015 18:00 − Montag 23-11-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-tvcs




*** Command and Control Server Detection: Methods & Best Practices ***
---------------------------------------------
Botnet C&C servers issue commands in many ways Recently I discussed botnets and the way they represent an ongoing and evolving threat to corporate IT security. This time I'll be discussing ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/command-and-control-server-detection-methods-best-practices




*** Cisco Networking Services Sensitive Information Disclosure Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns




*** Deepsec: ZigBee macht Smart Home zum offenen Haus ***
---------------------------------------------
ZigBee-Funknetze weisen nach neuen Erkenntnissen von Sicherheitsforschern eklatante Sicherheitsmängel auf. Die Technik wird beispielsweise bei der Steuerung von Türschlössern eingesetzt.
---------------------------------------------
http://heise.de/-3010287




*** Blackberry Offers Lawful Device Interception Capabilities ***
---------------------------------------------
An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" ..
---------------------------------------------
http://yro.slashdot.org/story/15/11/22/0048205/blackberry-offers-lawful-device-interception-capabilities




*** JW Player 6 Plugin for Wordpress <= 2.1.14 - Authenticated Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8260




*** DSA-3401 openjdk-7 - security update ***
---------------------------------------------
It was discovered that rebinding a receiver of a direct method handlemay allow a protected method to be accessed.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3401




*** Bugtraq: Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation ***
---------------------------------------------
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
---------------------------------------------
http://www.securityfocus.com/archive/1/536951




*** Data breach at firm that manages Cisco, Microsoft certifications ***
---------------------------------------------
Pearson VUE says credentials manager product affected Cisco, IBM, Oracle and Microsofts certification management provider, Pearson VUE, has copped to a data breach following a malware ..
---------------------------------------------
www.theregister.co.uk/2015/11/23/pearson_vue_data_breach_pcm/




*** Ist hier jemand Dell-Kunde? Die shippen anscheinend ... ***
---------------------------------------------
Ist hier jemand Dell-Kunde? Die shippen anscheinend eine Backdoor-CA mit ihrem Windows.Aber, mal unter uns, wer sich irgendeinen PC kauft und nicht als erstes das Windows wegschmeisst und frisch neu installiert, dem ist eh nicht zu helfen.Daher war das ja ..
---------------------------------------------
http://blog.fefe.de/?ts=a8adce6b




*** WP Database Backup <= 3.3 - Authenticated Persistent Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8275




*** Pornography - A Favorite Costume For Android Malware ***
---------------------------------------------
30% of Internet traffic is in some way related to pornography and this is the primary reason why malware authors are using porn apps to infect large numbers of users. During recent data mining, we noticed an increasing volume of mobile malware using pornography (disguised as porn apps) to lure victims into different scams ..
---------------------------------------------
http://research.zscaler.com/2015/11/pornography-favorite-costume-for.html






More information about the Daily mailing list