[CERT-daily] Tageszusammenfassung - Mittwoch 17-08-2016

Daily end-of-shift report team at cert.at
Wed Aug 17 18:01:05 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 16-08-2016 18:00 − Mittwoch 17-08-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** SQL Injection Vulnerability in Ninja Forms ***
---------------------------------------------
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently installed on 600,000+ websites.
---------------------------------------------
https://blog.sucuri.net/2016/08/sql-injection-vulnerability-ninja-forms.html




*** PMASA-2016-38 ***
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2016-38/




*** PMASA-2016-34 ***
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2016-34/




*** PMASA-2016-39 ***
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2016-39/




*** PMASA-2016-43 ***
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2016-43/




*** PMASA-2016-54 ***
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2016-54/




*** PGP admins: Kill short keys now, or Alice will become Chuck ***
---------------------------------------------
Someones impersonating the likes of Linus Torvalds with attacks via keyservers The issue of short ..
---------------------------------------------
www.theregister.co.uk/2016/08/17/pgp_admins_kill_short_keys_now_or_alice_will_become_chuck/




*** Snowden: NSA-Leak von Hackern ist "russische Botschaft" an USA ***
---------------------------------------------
Der NSA-Whistleblower insinuiert, dass russische Hacker damit die Reaktion auf den Einbruch bei den Demokraten abmildern wollen
---------------------------------------------
http://derstandard.at/2000042924155




*** Wartungsarbeiten Donnerstag, 18. 8. 2016, nachmittags ***
---------------------------------------------
Am Donnerstag, 18. August 2016, nachmittags, müssen wir dringende Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (zB Email, Webserver, Mailinglisten) führen - es gehen dabei keine Daten (zb Emails) verloren, die ..
---------------------------------------------
http://www.cert.at/services/blog/20160817111811-1777.html




*** VxWorks: Execute My Packets ***
---------------------------------------------
Earlier this year we reported 3 vulnerabilities in VxWorks to Wind River. Each of these vulnerabilities can be exploited by anonymous remote attackers on the same ..
---------------------------------------------
https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/




*** Sicherheitsbedenken: Provider und Aktivisten vereint gegen Router-Lockdown ***
---------------------------------------------
Auch in Österreich soll Routerfirmware künftig reguliert werden. Aktivisten und ISPs kritisieren die geplanten Regelungen. Diese gingen davon aus, dass es keine Sicherheitslücken bei Routern geben würde.
---------------------------------------------
http://www.golem.de/news/sicherheitsbedenken-provider-und-aktivisten-vereint-gegen-routerbeschraenkungen-1608-122750.html




*** New wave of targeted attacks focus on industrial organizations ***
---------------------------------------------
Kaspersky Lab researchers discovered a new wave of targeted attacks against the industrial and engineering sectors in 30 countries around the world. Dubbed Operation ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/08/17/operation-ghoul/


More information about the Daily mailing list