[CERT-daily] Tageszusammenfassung - Dienstag 23-08-2016

Tue Aug 23 18:03:36 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 22-08-2016 18:00 − Dienstag 23-08-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Vuln: WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/92572


*** Juniper Acknowledges Equation Group Targeted ScreenOS ***
---------------------------------------------
Juniper Networks on Friday acknowledged that implants contained in the ShadowBrokers data dump target NetScreen firewalls running ScreenOS.
---------------------------------------------
http://threatpost.com/juniper-acknowledges-equation-group-exploits-target-screenos/120042/


*** Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities in IP Phones ***
---------------------------------------------
Obihai Technology recently patched a slew of issues in its ObiPhone IP phone products that could have led to memory corruption, a buffer overflow, and denial of service conditions, among other outcomes.
---------------------------------------------
http://threatpost.com/obihai-patches-memory-corruption-dos-csrf-vulnerabilities-in-ip-phones/120061/


*** Vuln: PHP php_quot_print_encode() Function Integer Overflow Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/92588


*** shellray. a php webshell detector ***
---------------------------------------------
nimbusec shellray ist ein kostenloser Online Webshell Detector für .php-Dateien. 
---------------------------------------------
https://shellray.com/de/


*** Voice Message Notifications Deliver Ransomware ***
---------------------------------------------
Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21397


*** Security Notice - Statement About Toolkit Released by Shadow Brokers ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160823-01-shadowbrokers-en


*** 'Sicherheits-Check' bei Bank Austria-Kunden ***
---------------------------------------------
Eine falsche Bank Austria-Mail ist im Umlauf. Darin behaupten Kriminelle, dass Kund/innen einen Sicherheits-Check durchführen müssen. Aus diesem ..
---------------------------------------------
https://www.watchlist-internet.at/phishing/sicherheits-check-bei-bank-austria-kunden/


*** Sandscout: Angriff auf Apples Sandkasten ***
---------------------------------------------
Im Sicherheitsvergleich mit Android schneidet iOS meist besser ab. In einem aktuellen Versuch gelang es Forschern aber, einen erfolgreichen Angriff auf die Sandboxing-Funktion von iOS-Apps durchzuführen.
---------------------------------------------
http://www.golem.de/news/sandscout-angriff-auf-apples-sandkasten-1608-122856.html


*** Timing of Browser-Based Security Alerts Could Be Better ***
---------------------------------------------
New academic research shows that security warnings should be better timed to pop up when computers users are less likely to be multitasking.
---------------------------------------------
http://threatpost.com/timing-of-browser-based-security-alerts-could-be-better/120070/