Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - Montag 12-10-2015
by Daily end-of-shift report 12 Oct '15

12 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 09-10-2015 18:00 − Montag 12-10-2015 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** GnuPG (GPG) 2.1.9 release announced, (Sun, Oct 11th) *** --------------------------------------------- The GnuPG group has announced the release of GPG version 2.1.9, which addresses a number of technical issues within the components of the code. The update of any encryption component should be carefully planned, as the impact is often not fully understood until some data cannot be accessed because of encryption issues. If you are running a version of GPG older than version 2.1, i strongly recommend taking a look at the changes... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20235&rss *** Cloud DDoS Mitigation Services Can Be Easily Bypassed *** --------------------------------------------- An anonymous reader writes: A recent research paper shows that most Cloud-Based Security Providers are ineffective in protecting websites from DDoS attacks, mainly because they cannot entirely hide the origin websites IP address from attackers. As five security researchers from Belgium and the U.S. are claiming, there are eight methods through which these mitigation services can be bypassed. The techniques of obtaining a websites origin IP address rely on hackers searching through historical... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kzYQm-Sz02k/cloud-ddos-miti… *** Sicherheitslücke in TeamSpeak-Desktop-Client 3.0.18 *** --------------------------------------------- Die besonders bei Gamern populäre Voice-Chat-Software TeamSpeak erlaubt Angreifern, Dateien auf Client-PCs hochzuladen. Server-Betreiber sollen alte Clients aussperren. --------------------------------------------- http://www.heise.de/newsticker/meldung/Sicherheitsluecke-in-TeamSpeak-Deskt… *** HP perfomance monitor can climb through Windows *** --------------------------------------------- Crimp nasty privilege escalation bug by running it in Linux instead says Rapid7 Rapid7 is advising HP SiteScope users to run the tool on Linux rather than Windows servers because of a nasty privilege escalation vulnerability. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2015/10/11/hp_says_get… *** European Aviation Safety Agency - Airplane hacking is reality *** --------------------------------------------- European Aviation Safety Agency European Aviation confirmed the concerns about the Airplane hacking. Hackers could easily infiltrate critical systems. On October 8, 2015, the director of the European Aviation Safety Agency, Patrick Ky revealed he has hired consultant, which is also a commercial pilot, who was able to exploit vulnerabilities in the Aircraft Communications Addressing... --------------------------------------------- http://securityaffairs.co/wordpress/40975/hacking/easa-airplane-hacking.html *** A Study in Bots: DiamondFox *** --------------------------------------------- DiamondFox is a multipurpose botnet with capabilities ranging from credential stealing to theft of credit card information from point of sale systems. This capable malware is being distributed in a number of hacker forums, allowing it to be operated by attackers with extremely limited capabilities to operate it. Fortunately for malware researchers, DiamondFox fails to protect itself in various ways. --------------------------------------------- http://blog.cylance.com/a-study-in-bots-diamondfox *** TLS Fingerprinting (Smarter Defending & Stealthier Attacking) *** --------------------------------------------- Previously, I have been able to demonstrate that certain clients could be differentiated from other network traffic. Specifically, that meant discriminating SuperFish, PrivDog, and GeniusBox from mainstream browsers when making HTTPS connections, and generating IDS signatures based on these findings to assist network administrators in being able to identify problematic hosts without requiring access to either endpoint. I have now expanded this technique to improve the accuracy of the... --------------------------------------------- https://blog.squarelemon.com/tls-fingerprinting/ *** Kaspersky Internet Security: Network Attack Blocker Design Flaw *** --------------------------------------------- A component of Kaspersky Internet Security that's enabled by default is called the "Network Attack Blocker", described as "protects the computer against dangerous network activity". I examined the implementation, and determined that it's actually a simple stateless packet filter with a pattern-matching signature system. It has no concept of flow reassembly or protocol decoding, which require stateful packet inspection. When the software detects an attack, it adds... --------------------------------------------- https://code.google.com/p/google-security-research/issues/detail?id=564 *** USB Killer 2.0 - How to easily burn a PC with a USB device *** --------------------------------------------- In March I presented the PoC of a computer-frying Killer USB pendrive designed by the Russian researcher, now the USB Killer 2.0 is arrived! Do you remember the killer USB? In March I presented the proof-of-concept computer-frying Killer USB pendrive designed by the Russian researcher with the pseudonym "Dark Purple". Dark Purple works for a company that develops and manufactures electronic components,... --------------------------------------------- http://securityaffairs.co/wordpress/40984/hacking/usb-killer-2-0.html *** Thousands of Zhone SOHO routers can be easily hijacked *** --------------------------------------------- Two days before he is scheduled to give a talk about discovering and exploiting 0-day vulnerabilities in SOHO routers firmware, security researcher Lyon Yang has released details about a number of vu... --------------------------------------------- http://feedproxy.google.com/~r/HelpNetSecurity/~3/94i2m6_inBI/secworld.php *** DFN-CERT-2015-1574: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1574/ *** Bugtraq: ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/536662

1 0

Tageszusammenfassung - Freitag 9-10-2015
by Daily end-of-shift report 09 Oct '15

09 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 08-10-2015 18:00 − Freitag 09-10-2015 18:00 Handler: Robert Waldner Co-Handler: n/a *** Prenotification: Upcoming Security Updates for Adobe Acrobat and Reader (APSB15-24) *** --------------------------------------------- A prenotification security advisory (APSB15-24) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, October 13, 2015. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1276 *** Brute Force Amplification Attacks Against WordPress XMLRPC *** --------------------------------------------- Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it's most likely being hit right now. It could be via protocols like SSH or FTP, and if it's a web server, via web-based brute force attempts againstRead More The post Brute Force Amplification Attacks Against WordPress XMLRPC appeared first on Sucuri Blog. --------------------------------------------- https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-w… *** PostgreSQL: 2015-10-08 Security Update Release *** --------------------------------------------- Two security issues have been fixed in this release which affect users of specific PostgreSQL features: CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. --------------------------------------------- http://www.postgresql.org/about/news/1615/ *** PowerShell Command Line Logging *** --------------------------------------------- The problem is that, by default, Windows only logs that PowerShell was launched. No additional details about what exactly happened are preserved. The only thing we can tell is that PowerShell called additional programs and possibly opened up a few network sessions. However, there is a way to gather additional details on PowerShell sessions and the command line in general. --------------------------------------------- https://logrhythm.com/blog/powershell-command-line-logging/ *** MYSQL v5.6.24 Buffer Overflows *** --------------------------------------------- SUMMARY During a manual source code audit of MYSQL Version 5.6.24, various buffer overflow issues have been realized. --------------------------------------------- http://www.securityfocus.com/archive/1/536652 *** Aktive Angriffe auf Cisco-VPN-Zugänge *** --------------------------------------------- Vornehmlich über bekannte Sicherheitsprobleme kapern Unbekannte in großem Stil Firmenzugänge über Cisco Clientless SSL VPN (Web VPN), berichtet die Sicherheitsfirma Volexity. --------------------------------------------- http://heise.de/-2841963 *** IBM Security Bulletins *** --------------------------------------------- *** Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005332 --------------------------------------------- *** Mozilla Firefox vulnerability issues in IBM SONAS *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005333 --------------------------------------------- *** Vulnerabilities in Java affect the IBM FlashSystem V9000 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005411 --------------------------------------------- *** Vulnerabilities in Java affect the IBM FlashSystem V840 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005412 --------------------------------------------- *** Vulnerabilities in Java affect the IBM FlashSystem models 840 and 900 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005413 --------------------------------------------- *** Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-2613, CVE-2015-2601, CVE-2015-4000, CVE-2015-2625, and CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005342 --------------------------------------------- *** Multiple vulnerabilities in IBM Java Runtime Version 6 affect IBM Cognos Business Viewpoint (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) *** http://www.ibm.com/support/docview.wss?uid=swg21967563 --------------------------------------------- *** Vulnerabilities in Open Source OpenSSL affects the IBM FlashSystem V840 (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, and CVE-2015-3216) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005376 --------------------------------------------- *** Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792) *** http://www.ibm.com/support/docview.wss?uid=ssg1S1005313 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 8-10-2015
by Daily end-of-shift report 08 Oct '15

08 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 07-10-2015 18:00 − Donnerstag 08-10-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** ZDI-15-461: Solarwinds Log and Event Manager Command Injection Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Log and Event Manager. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-461/ *** ZDI-15-460: Solarwinds Storage Manager ProcessFileUpload.jsp File Upload Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Storage Manager. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-460/ *** Forscher demonstriert Lücke im PGP-Standard *** --------------------------------------------- Durch die Rückwärtskompatibilität könnten Angreifer verschlüsselte und signierte Nachrichten nachträglich manipulieren. Immerhin geben aktuelle GnuPG-Versionen dann einen Hinweis auf mögliche Probleme. --------------------------------------------- http://heise.de/-2840052 *** SHA1 algorithm securing e-commerce and software could break by year's end *** --------------------------------------------- Researchers warn widely used algorithm should be retired sooner. --------------------------------------------- http://arstechnica.com/security/2015/10/sha1-crypto-algorithm-securing-inte… *** Zero-Day Exploit Found in Avast Antivirus *** --------------------------------------------- Avast was vulnerable to malicious HTTPS connections One of Googles security experts found a zero-day exploit inside the Avast antivirus, which the company has recently patched. --------------------------------------------- http://news.softpedia.com/news/zero-day-exploit-found-in-avast-antivirus-49… *** New mystery Windows-smashing RAT found in corporate network *** --------------------------------------------- Tin foil VXer wraps new Trojan in cloak and evasion tricks Malware man Yotam Gottesman has found a somewhat mysterious remote access Trojan on a corporate network that sports highly capable evasion techniques. --------------------------------------------- www.theregister.co.uk/2015/10/08/monker_rat/ *** Hack gegen Looppay: Samsung betont Sicherheit von Samsung Pay *** --------------------------------------------- Im Februar schluckte Samsung das Startup Looppay und integrierte dessen Technik in den mobilen Bezahldienst Samsung Pay. Kurz darauf schlichen sich Hacker in die Rechner des Startups, wie nun herauskam. --------------------------------------------- http://heise.de/-2840660 *** Wieder WLAN/SOHO router - remote root *** --------------------------------------------- Wie viele der kleinen WLAN Router (auch "SOHO" Router - small home and office router - genannt), hat auch Netgear bei der Sicherheit vom Web Interface gepatzt - so scheint es. Heute wurde bekannt, dass Netgear WNR1000v4 Router (eventuell sind auch andere Modelle betroffen) mit den folgenden Firmware .. --------------------------------------------- http://www.cert.at/services/blog/20151008163157-1605.html *** How I Hacked Hotmail *** --------------------------------------------- At Synack we really enjoy great vulnerabilities, whether in web, mobile, host or even in completely outrageous devices and systems (satellite hacking anyone?). But we always keep the great findings that we and the SRT have made for our customers confidential. So while this .. --------------------------------------------- https://www.synack.com/labs/blog/how-i-hacked-hotmail/

1 0

Tageszusammenfassung - Mittwoch 7-10-2015
by Daily end-of-shift report 07 Oct '15

07 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 06-10-2015 18:00 − Mittwoch 07-10-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Microsoft Edge Performance Object Lets Remote Users Detect Virtual Machines *** --------------------------------------------- http://www.securitytracker.com/id/1033749 *** Microsoft Internet Explorer Performance Object Lets Remote Users Detect Virtual Machines *** --------------------------------------------- http://www.securitytracker.com/id/1033748 *** Tripwire IP360 VnE Remote Administrative API Authentication Bypass *** --------------------------------------------- The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled. --------------------------------------------- https://cxsecurity.com/issue/WLB-2015100053 *** Virus Bulletin : VB2015 Prague - conference slides *** --------------------------------------------- The following are the presentation slides shown by speakers at the VB2015 conference in Prague. We are still waiting for some of the slides to be supplied to us - these will be added when they are submitted to us. --------------------------------------------- https://www.virusbtn.com/conference/vb2015/slides/index *** Outlook Web Access als Hintertür zum Firmennetz *** --------------------------------------------- Viele Unternehmen sind sich nicht bewusst, welch verführerisches Ziel der Webdienst von Outlook darstellt. Sicherheitsforscher zeigen an einen aktuellen Fall, wie Angreifer darüber Domänen-Passwörter ausleiten können. --------------------------------------------- http://www.heise.de/newsticker/meldung/Outlook-Web-Access-als-Hintertuer-zu… *** HTTP Evasions Explained - Part 4 - Doubly Compressed Content *** --------------------------------------------- This is the fourth part in a series which will explain the evasions done by HTTP Evader. This article is about the products which successfully support deflate compression (where several products already fail) but fail if the content is .. --------------------------------------------- http://noxxi.de/research/http-evader-explained-4-double-encoding.html *** General HTML5 Security, Part 2 *** --------------------------------------------- In the second part of the General HTML5 Security series, we are going to discuss the enhanced security in HTML5 with features such as the CSP (Content Security Policy) and sandboxed iframes. We .. --------------------------------------------- http://resources.infosecinstitute.com/general-html5-security-part-2/ *** Kemoge: Another Mobile Malicious Adware Infecting Over 20 Countries *** --------------------------------------------- https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.ht… *** US-Provider Verizon weitet Nutzung seines Supercookies aus *** --------------------------------------------- Mit dem Kauf von AOL will Verizon seine Kunden nun auch über dessen Werbenetzwerk weiterverfolgen. AOL erreicht mit seiner Werbung fast 600 Millionen Menschen weltweit. --------------------------------------------- http://heise.de/-2840065

1 0

Tageszusammenfassung - Dienstag 6-10-2015
by Daily end-of-shift report 06 Oct '15

06 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 05-10-2015 18:00 − Dienstag 06-10-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** ZDI-15-456: Mozilla Firefox MPEG4 saio Chunk Integer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-456/ *** Trump Hotel Collection Confirms Card Breach *** --------------------------------------------- The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, said last week that a year-long breach of its credit card system may have resulted in the theft of cards used at the hotels. The acknowledgement comes roughly three months after this author first reported that multiple financial institutions suspected the hotels were compromised. --------------------------------------------- http://krebsonsecurity.com/2015/10/trump-hotel-collection-confirms-card-bre… *** Google Pushes Stagefright 2.0 Patches to Nexus Devices *** --------------------------------------------- Googles latest monthly over-the-air update for its Nexus Android devices include patches for the most recent vulnerabilities in Stagefright. --------------------------------------------- http://threatpost.com/google-pushes-stagefright-2-0-patches-to-nexus-device… *** Nuclear Plants Cybersecurity Is Bad, & Hard To Fix *** --------------------------------------------- Very few nuclear plants patch software, and operations engineers dislike security pros. --------------------------------------------- http://www.darkreading.com/risk/nuclear-plants-cybersecurity-is-bad-and-har… *** I am HDRoot! Part 1 *** --------------------------------------------- Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called 'HDRoot' after the original tool's name 'HDD Rootkit', is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. --------------------------------------------- http://securelist.com/analysis/publications/72275/i-am-hdroot-part-1/ *** Malware in comments *** --------------------------------------------- There are many tricks to hide malicious code. One of them is placing it to the part of legitimate files where people dont normally expect to see executable code so they dont skip such places during manual reviews. --------------------------------------------- http://labs.sucuri.net/?note=2015-10-05 *** Hintergrund: Analysiert: Google-Interna im Second-Hand-Shop *** --------------------------------------------- Ein in Deutschland gekaufter Gebraucht-Router hatte offenbar einen prominenten Vorbesitzer. Es lieferte den neuen Besitzern interessante und brisante Einblicke in die Infrastruktur von Google - einschliesslich Zugangsdaten. --------------------------------------------- http://heise.de/-2837379 *** OpenSMTPD Audit Report *** --------------------------------------------- Topic: OpenSMTPD Audit Report Risk: High Text:(Sorry for the "CVE-2015-ABCD" place-holders in the report, but OpenSMTPDs developers were ready with the patches before MITR... --------------------------------------------- https://cxsecurity.com/issue/WLB-2015100046 *** 2015 Internet Organised Crime Threat Assessment (IOCTA) *** --------------------------------------------- The 2015 Internet Organised Crime Threat Assessment (IOCTA) is a law enforcement-centric threat assessment intended to inform priority setting for the EMPACT Operational Action Plan for 2016 in the three sub-priority areas of cybercrime (cyber attacks, child sexual exploitation online and payment fraud). The .. --------------------------------------------- https://www.europol.europa.eu/content/internet-organised-crime-threat-asses… *** Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomware Alone *** --------------------------------------------- Today, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit. Angler is one of the largest exploit kit found on the market and has been making news as it has been linked to several high profile malvertising/ransomware campaigns. This is the most advanced and concerning exploit kit on the market - designed to bypass security devices and ultimately attack the largest number of devices possible. --------------------------------------------- http://talosintel.com/angler-exposed/ *** The MySpace Worm that Changed the Internet Forever *** --------------------------------------------- Samy didn't want to be everyone's hero. He didn't even want new friends. But thanks to a few clever lines of code, in less than a day, he became the 'hero', and a 'friend', to more than a million people on what was, at the time, the most popular online social network, MySpace. --------------------------------------------- http://motherboard.vice.com/read/the-myspace-worm-that-changed-the-internet… *** Vigilante Malware, Dark Knight or Dangerous Joke? *** --------------------------------------------- It's hard not to like the Batman story. Bruce Wayne, billionaire, playboy, philanthropist, bypasses the ineffectual and corrupt establishment to take the fight to the baddies. There's something romantic about the notion of taking matters into your own hands and getting stuff done where others can't. Now, according to research by Symantec, it seems we have our very .. --------------------------------------------- https://blog.team-cymru.org/2015/10/vigilante-malware-dark-knight-or-danger…

1 0

Tageszusammenfassung - Montag 5-10-2015
by Daily end-of-shift report 05 Oct '15

05 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Freitag 02-10-2015 18:00 − Montag 05-10-2015 18:00 Handler: Alexander Riepl Co-Handler: Robert Waldner *** Two Games Released in Google Play Can Root Android Devices *** --------------------------------------------- By Wish Wu, Ecular Xu Android malware creators have recently been mixing business with play. We found two malicious gaming apps that were published on Google Play and are capable of rooting Android devices. If the apps Brain Test and RetroTetris ring a bell, better check your devices. RetroTetris can be installed in Android versions starting from... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/uDbQy75DLZo/ *** VMware vCenter and ESXi updates address critical security issues. *** --------------------------------------------- Problem Description a. VMware ESXi OpenSLP Remote Code Execution b. VMware vCenter Server JMX RMI Remote Code Execution c. VMware vCenter Server vpxd denial-of-service vulnerability --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0007.html *** Patreon crowdfunding site hacked and data leaked online *** --------------------------------------------- The Crowdfunding website Patreon has been hacked and about 15 gigabytes of data including names, addresses and donations have been published online. The data have been available on different servers online locations, including this source. --------------------------------------------- http://securityaffairs.co/wordpress/40665/cyber-crime/patreon-crowdfunding-… *** Samsung Decides Not To Patch Kernel Vulnerabilities In Some S4 Smartphones *** --------------------------------------------- An anonymous reader writes: QuarksLAB, a security research company, has stumbled upon two kernel vulnerabilities for Samsung Galaxy S4 devices, which Samsung has decided to patch only for recent devices running Android Lollipop, but not Jelly Bean or KitKat. The two vulnerabilities (kernel memory disclosure and kernel memory corruption) were discovered in February 2014 and reported to Samsung in August 2014, affecting the samsung_extdisp driver of Samsung S4 (GT-I9500) devices. --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xM6Nt9ttxc4/samsung-decides… *** Virus oder Impfstoff? WiFatch befällt Router und schützt vor Malware *** --------------------------------------------- "Linux.Wifatch" infiziert Router und mit dem Internet verbundene Geräte, bindet sie in ein Botnetz ein, entfernt Malware und stärkt sie gegen weiterere Infektion. --------------------------------------------- http://heise.de/-2837158 *** Zertifikats-Schmu bei Windows Update beunruhigt Nutzer *** --------------------------------------------- Zertifikate, mit denen Microsoft die SSL-Verbindungen zur Windows-Update-Webseite absichert und Dateien des Update-Prozesses signiert, sind nicht vertrauenswürdig. Das führt zu Warnungen und fehlgeschlagenen Updates. --------------------------------------------- http://www.heise.de/newsticker/meldung/Zertifikats-Schmu-bei-Windows-Update… *** IBM *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in WSS4J affects IBM Cúram (CVE-2015-0226 & CVE-2015-0227 ) *** http://www.ibm.com/support/docview.wss?uid=swg21964133 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability reported in IBM Emptoris Sourcing (CVE-2015-5024) *** http://www.ibm.com/support/docview.wss?uid=swg21967255 --------------------------------------------- *** IBM Security Bulletin: Multiple Cross-Site scripting vulnerabilities in IBM Business Process Manager dashboards (CVE-2015-4955) *** http://www.ibm.com/support/docview.wss?uid=swg21966010 --------------------------------------------- *** IBM Security Bulletin: IBM Cloud Manager with OpenStack Keystone Vulnerability (CVE-2015-3646) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022663 --------------------------------------------- *** IBM GNU C library (glibc) vulnerabilities affect IBM SmartCloud Entry (CVE-2013-7423 CVE-2015-1781) *** http://www.ibm.com/support/docview.wss?uid=isg3T1022665 --------------------------------------------- *** Cisco *** --------------------------------------------- *** VoIPshield Reported Vulnerabilities in Cisco Unity Server *** http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-… --------------------------------------------- *** Cisco Secure ACS Denial Of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-… --------------------------------------------- *** Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-… ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 2-10-2015
by Daily end-of-shift report 02 Oct '15

02 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 01-10-2015 18:00 − Freitag 02-10-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Multiple XSS vulnerabilities in FortiSandbox WebUI *** --------------------------------------------- http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortisan… *** ZebOS routing remote shell service enabled *** --------------------------------------------- http://www.fortiguard.com/advisory/zebos-routing-remote-shell-service-enabl… *** Security advisory: Stored XSS in Jetpack *** --------------------------------------------- During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugins in the WordPress ecosystem. --------------------------------------------- https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-jetpack.html *** When Security Experts Gather to Talk Consensus, Chaos Ensues *** --------------------------------------------- Tension between researchers and vendors over the disclosure of software security vulnerabilities has raged for two decades. A meeting to address that tension further highlighted the tension. --------------------------------------------- http://www.wired.com/2015/10/security-experts-gather-talk-consensus-chaos-e… *** Avast Antivirus X.509 Error Rendering Command Execution *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2015100017 *** T-Mobile USA: Millionen Kundendaten gehackt *** --------------------------------------------- Rund 15 Millionen Kunden von T-Mobile in den USA sind von einem Hack persönlicher Daten betroffen. Die Informationen wurden nicht bei T-Mobile direkt erbeutet, sondern bei Experian, einem Dienst zur Prüfung der Bonität potenzieller Kunden. --------------------------------------------- http://www.golem.de/news/t-mobile-usa-millionen-kundendaten-gehackt-1510-11… *** FourQ: Microsofts kryptografischer Standard will besser sein *** --------------------------------------------- Microsoft steigt in die Elliptische-Kurven-Kryptografie ein und hat eine entsprechende Bibliothek veröffentlicht: FourQ soll teilweise deutlich schneller sein als bisherige Ansätze. --------------------------------------------- http://heise.de/-2836389 *** IoT-Malware: Freundlicher Virus verspricht mehr Sicherheit *** --------------------------------------------- Sicherheitstipps und deaktivierte Telnet-Daemons: Eine neue Malware möchte Internetnutzer erziehen. Die Entdecker raten trotzdem dazu, das Programm zu entfernen. --------------------------------------------- http://www.golem.de/news/iot-malware-freundlicher-virus-verspricht-mehr-sic… *** Cisco Wireless LAN Controller Devices 802.11i Management Frame Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=41249 *** Cisco Unified Communications Manager IM and Presence Service REST API Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=41242 *** Omron Multiple Product Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for vulnerabilities in the Omron Corporation CX-Programmer software, CJ2M series programmable logic controller (PLC), and CJ2H series PLC. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01 *** How Patreon got hacked *** --------------------------------------------- TL;DR, Patreon got hacked. We reported a specific Remote Code Execution to them due to a public debugger before they were breached. We believe this was the attack method due to the simplicity and availability of the vulnerable endpoint. This is how you prevent this from happening to you. --------------------------------------------- http://labs.detectify.com/post/130332638391/how-patreon-got-hacked-publicly…

1 0

Tageszusammenfassung - Donnerstag 1-10-2015
by Daily end-of-shift report 01 Oct '15

01 Oct '15

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 30-09-2015 18:00 − Donnerstag 01-10-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Updates for multiple Apple products, including iOS and OS X *** --------------------------------------------- https://support.apple.com/kb/HT205284 https://support.apple.com/kb/HT205267 https://support.apple.com/kb/HT205265 *** Cisco Nexus 3000 Series Switches SNMP Non-Existent OID Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=41240 *** Mistakenly-deployed test patch leads to suspicious Windows update *** --------------------------------------------- Earlier today, various sources reporteda highly-suspicious Windows update. According to Ars Technica,a Microsoft spokesperson stated the company hadincorrectly published a test update and isin the process of removing it [1]. The update is no longer .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20201 *** User Dashboard - SQL Injection - Critical - SA-CONTRIB-2015-152 *** --------------------------------------------- https://www.drupal.org/node/2577901 *** Apple Gatekeeper Bypass Opens Door for Malicious Code *** --------------------------------------------- Gatekeeper is Mac OS X's guardian against rogue applications and malware sneaking into Apple's famous walled garden. It's also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow .. --------------------------------------------- https://threatpost.com/apple-gatekeeper-bypass-opens-door-for-malicious-cod… *** Car-Hacking Tool Turns Repair Shops Into Malware 'Brothels' *** --------------------------------------------- A new hacking device finds vulnerabilities in auto diagnostic tools that could be used to spread malware to thousands of vehicles. --------------------------------------------- http://www.wired.com/2015/10/car-hacking-tool-turns-repair-shops-malware-br… *** Jumping through the hoops: multi-stage malicious PDF spam *** --------------------------------------------- Weve recently encountered a number of malicious spam messages with PDFs attached. The PDFs themselves are not malicious as they dont contain executable code, but they do contain images with .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Jumping-through-the-hoops--m… *** Quaverse RAT: Remote-Access-as-a-Service *** --------------------------------------------- Quaverse RAT or QRAT is a fairly new Remote Access Tool (RAT) introduced in May 2015. This RAT is marketed as an undetectable Java RAT. As you might expect from a RAT, the tool is capable of grabbing passwords, key logging and browsing files on the victim's computer. On a regular basis for the past several months, we have observed the inclusion of QRAT in a number of spam campaigns. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-… *** VMSA-2015-0006.1 *** --------------------------------------------- VMware vCenter Server updates address a LDAP certificate validation issue --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0006.html *** Beta Bot Analysis: Part 2 *** --------------------------------------------- This article is Part 2 in a two-part series. Extracting the Botnet Configuration: The bot configuration is encrypted inside the bot and decrypted while the bot is running. In 1.0.2.5, 1.5 and 1.6 versions, BetaBot uses RC4 and some XOR encryption; you .. --------------------------------------------- http://resources.infosecinstitute.com/beta-bot-analysis-part-2/ *** VMSA-2015-0007 *** --------------------------------------------- VMware vCenter and ESXi updates address critical security issues. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0007.html *** HTTPS Available as Opt-In for Blogspot *** --------------------------------------------- Google announced that it has made HTTPS available as an opt-in for its Blogspot blog-publishing service. --------------------------------------------- http://threatpost.com/https-available-as-opt-in-for-blogspot/114872/ *** German Users Hit By Dirty Mobile Banking Malware Posing As PayPal App *** --------------------------------------------- Additional analysis by Joachim Capiral Mobile banking is now used by more and more users, so it shouldn't be a surprise to see banking Trojans trying to hit these users as well. We've seen spammed mails that pretend to be an update notification for an official PayPal app. These mails ask the user to click on .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/german-users-hit… *** Important Security Notice from Patreon *** --------------------------------------------- Yesterday I learned that there was unauthorized access to a Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. I am so sorry to our creators and their patrons for this breach of trust. The Patreon team and I are working especially hard right now to ensure the safety of the community. --------------------------------------------- https://www.patreon.com/posts/important-notice-3457485

1 0

Tageszusammenfassung - Mittwoch 30-09-2015
by Daily end-of-shift report 30 Sep '15

30 Sep '15

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 29-09-2015 18:00 − Mittwoch 30-09-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Analyzing Black Hat URL Shorteners *** --------------------------------------------- Hackers are known to use URL shortening services to obfuscate their real landing pages. It's very effective in clickbait scams on social networks. Some hackers think that using URL shorteners in site injections makes it less likely to be .. --------------------------------------------- https://blog.sucuri.net/2015/09/analyzing-black-hat-url-shorteners.html *** Updated PClock Ransomware Still Comes Up Short *** --------------------------------------------- In recent years, ransomware families are often glamorized as being some of the most dangerous types of malware. They've certainly caused a wealth of damage to end users with some of the .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2015/09/updated-pclock-ransomwar… *** New Tactic Finds RAT Operators Fast *** --------------------------------------------- Low tolerance for latency makes RAT operators less likely to use proxies, easier to track back home. --------------------------------------------- http://www.darkreading.com/analytics/new-tactic-finds-rat-operators-fast/d/… *** Tricks for DLL analysis *** --------------------------------------------- Very often I get questions on how to perform analysis on DLL files. The reason being that it is easier to perform behavioral analysis on executables, either using external sandboxes or a vmware with tools like the ones from the Sysinternals .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=20195 *** Honeywell Experion PKS Directory Traversal Vulnerability *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-272-01 *** Mitsubishi Electric MELSEC FX-Series Controllers Denial of Service *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-146-01 *** Baxter SIGMA Spectrum Infusion System Vulnerabilities *** --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01 *** RSA Web Threat Detection Bugs Let Remote Authenticated Users Obtain the AnnoDB Password and Local Users Gain Root Privileges *** --------------------------------------------- Two vulnerabilities were reported in RSA Web Threat Detection. A local user can obtain root privileges on the target system. A remote authenticated user can obtain passwords on the target system. --------------------------------------------- http://www.securitytracker.com/id/1033672 *** RSA Certificate Manager and Registration Manager Input Validation Flaw in OneStep Component Lets Remote Users Traverse the Directory to View Files on the Target System *** --------------------------------------------- A vulnerability was reported in RSA Certificate Manager and RSA Registration Manager. A remote user can view files on the target system. --------------------------------------------- http://www.securitytracker.com/id/1033671 *** freeswitch Heap Overflow *** --------------------------------------------- A carefully crafted json string supplied to cJSON_Parse will trigger a heap overflow with user controlled data. The underlying vulnerability occurs in the parse_string function. --------------------------------------------- https://cxsecurity.com/issue/WLB-2015090190 *** Kontodaten via App ergaunert: Salzburgerin geschädigt *** --------------------------------------------- http://derstandard.at/2000022994264 *** WordPress Malware - VisitorTracker Campaign Update *** --------------------------------------------- For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially .. --------------------------------------------- https://blog.sucuri.net/2015/09/wordpress-malware-visitortracker-campaign-u… *** Companies leave vulnerabilities unpatched for up to 120 days *** --------------------------------------------- Kenna studied the proliferation of non-targeted attacks and companies' ability to mitigate these threats through the timely remediation of security vulnerabilities .. --------------------------------------------- http://www.net-security.org/secworld.php?id=18911 *** Security Advisory - Multiple Vulnerabilities in Huawei FusionServer Products *** --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisor… *** Multiple vulnerabilities in Typo3 extensions *** --------------------------------------------- http://www.typo3.org/news/article/sql-injection-in-extension-httpbl-blockin… http://www.typo3.org/news/article/cross-site-request-forgery-in-extension-t… http://www.typo3.org/news/article/cross-site-scripting-in-extension-news-sy… http://www.typo3.org/news/article/information-disclosure-in-extension-ldap-… *** Pwn The Docs: Vulnerability in readthedocs.org *** --------------------------------------------- If youre not familiar with readthedocs.org its a really popular place for developers to post documentation on their open source code. Its a really great platform and we in fact use it regularly. Honestly, Ive struggled with whether I want to release this vulnerability because its maintained by a few dudes .. --------------------------------------------- http://alex.hyperiongray.com/posts/302352-pwn-the-docs *** The Cost of a Data Breach: How Harmful Can a Data Breach Be? *** --------------------------------------------- There is this belief that businesses that have suffered a data security breach very often do not recover. But is that really so? What does it take to actually destroy a company with a data breach? Before we go to the analysis, .. --------------------------------------------- http://resources.infosecinstitute.com/the-cost-of-a-data-breach-how-harmful… *** That Big Security Fix for Credit Cards Won't Stop Fraud *** --------------------------------------------- The new chip cards and readers wont stop card fraud but will simply shift it to a different area. --------------------------------------------- http://www.wired.com/2015/09/big-security-fix-credit-cards-wont-stop-fraud/ *** User Education, Carrot vs. Stick *** --------------------------------------------- It's a perennial problem, after hours of presentations, online training, reminder emails, poster campaigns and memos, the phone rings, and a senior member of staff has opened a malicious email attachment, .. --------------------------------------------- https://blog.team-cymru.org/2015/09/user-education-carrot-vs-stick/ *** Sicherheitslücken gestopft: SAP macht HANA sicherer *** --------------------------------------------- SAP hat im Mai und April dieses Jahres zwölf Sicherheitslücken in der In-Memory-Plattform HANA geschlossen. Onapsis hat die Lücken erst jetzt gebündelt offengeleg, geht aus einer am gestrigen Dienstag veröffentlichten Sicherheitswarnung von Onapsis hervor. --------------------------------------------- http://heise.de/-2835049 *** Europol: Cyber-Kriminelle werden immer aggressiver *** --------------------------------------------- In Den Haag beraten 300 Experten von Europol und Interpol über wirksame Strategien gegen die Internet-Kriminalität. --------------------------------------------- http://heise.de/-2835263 *** Russian hacker, nabbed in Spain, cops 4+ years for Citadel botnet *** --------------------------------------------- Should have stayed under the skirt of Mother Russia. Just a thought Dimitry Belorossov - a Russian cyber-criminal who used the Citadel banking trojan - has been .. --------------------------------------------- www.theregister.co.uk/2015/09/30/rainerfox_sentenced/ *** New 'Ghost Push' Variants Sport Guard Code; Malware Creator Published Over 600 Bad Android Apps *** --------------------------------------------- Halloween is still a month from now and yet Android users are already being haunted by the previously reported 'Ghost Push' malware, which roots .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/new-ghost-push-v…

1 0

Tageszusammenfassung - Dienstag 29-09-2015
by Daily end-of-shift report 29 Sep '15

29 Sep '15

======================= = End-of-Shift report = ======================= Timeframe: Montag 28-09-2015 18:00 − Dienstag 29-09-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Hacker nutzen Imgur-Lücke beim Angriff auf Reddit und 8chan *** --------------------------------------------- Eine Lücke in einem beliebten Bilder-Hoster wie Imgur kann fatale Folgen haben. Wie im vorliegenden Fall, als Hacker über Bande die Nutzer von Reddit und 8chan ins Visier nahmen. --------------------------------------------- http://heise.de/-2828142 *** Revisiting Apple IPC: (1) Distributed Objects *** --------------------------------------------- Earlier this year I gave a talk at the inaugural Jailbreak Security Summit entitled Auditing and Exploiting Apple IPC [ slides | video ]. As part of my research for that talk I wanted to find at least one bug involving each of the available IPC mechanisms on OS X/iOS; many of which remain unexplored and poorly-documented from .. --------------------------------------------- http://googleprojectzero.blogspot.com/2015/09/revisiting-apple-ipc-1-distri… *** Regaining Control Over Edge *** --------------------------------------------- Getting stuck in a loop is no fun especially when it makes your browser unusable. Microsoft Edge has a bigger chance of that happening due to its default settings. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/09/regaining-control-ove… *** CryptoWall's 'Customer Journey' Sounds Like A Real Nightmare *** --------------------------------------------- The latest episode of Radiolab has what is without a doubt the best malware victim interview I've ever heard. Inna Simone's computer was infected by CryptoWall late last year and based on her telling of it, the worst part of the experience was trying to buy the Bitcoin she needed to pay off the extortionists. --------------------------------------------- https://labsblog.f-secure.com/2015/09/28/cryptowalls-customer-journey/ *** ZDI-15-451: InduSoft Web Studio Remote Agent Remote Code Execution Vulnerability *** --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-15-451/ *** VeraCrypt Patched Against Two Critical TrueCrypt Flaws *** --------------------------------------------- Two privilege escalation vulnerabilities in the last TrueCrypt build were discovered by James Forshaw of Google Project Zero, and patched in VeraCrypt. --------------------------------------------- http://threatpost.com/veracrypt-patched-against-two-critical-truecrypt-flaw… *** Oysters tablet comes preinstalled with Trojanized Android firmware *** --------------------------------------------- Keeping your mobile device free of malware requires intentional care, but sometimes even that is not enough. As Dr. Web researchers recently pointed out, a device you buy from .. --------------------------------------------- http://www.net-security.org/malware_news.php?id=3115 *** NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability *** --------------------------------------------- https://cxsecurity.com/issue/WLB-2015090182 *** Lebenswichtige medizinische Geräte ungeschützt im Internet *** --------------------------------------------- Herzschrittmacher, Infusionsgeräte, Magnetresonanztomographen: Sicherheitsforscher haben Zehntausende medizinische Geräte entdeckt, die über das Internet leicht angegriffen werden können - weil sie meist noch mit Windows XP laufen. Die Forscher setzten Defibrillatoren und MRTs als Honeypots ein. --------------------------------------------- http://www.golem.de/news/it-sicherheit-lebenswichtige-medizinische-geraete-… *** Abusing GDI for ring0 exploit primitives *** --------------------------------------------- Not long ago I came across a certain font related vulnerability, it was a 0day being exploited in the wild. The vulnerability was in a driver I was somewhat familiar with ATFMD.SYS. --------------------------------------------- https://blog.coresecurity.com/2015/09/28/abusing-gdi-for-ring0-exploit-prim… *** Botnet preying on Linux computers delivers potent DDoS attacks *** --------------------------------------------- XOR DDoS bombards as many as 20 targets per day, sometimes with 150 GBpS of traffic. --------------------------------------------- http://arstechnica.com/security/2015/09/botnet-preying-on-linux-computers-d… *** There is an app commandlet for that *** --------------------------------------------- Allegedly dubbed as Microsoft's post-exploitation language powershell is Microsoft attempt to provide good command-line interface for administrators, developers and power users. Despite being 8 years old it only recently started getting widespread adoption with enterprises moving on to Windows 7 and 2008 environments. --------------------------------------------- https://dfirblog.wordpress.com/2015/09/27/dissecting-powershell-attacks/ *** Reverse Engineering Virtual Machine Protected Binaries *** --------------------------------------------- In code obfuscation, a virtual machine is a mechanism used to execute a different instruction set than the one used by machine that runs the program. For example, a virtual machine can support executing the ARM instruction set on a 32-bit x86 architecture. Virtual machines used in code obfuscation are completely .. --------------------------------------------- http://resources.infosecinstitute.com/reverse-engineering-virtual-machine-p… *** Disclosing Vulnerabilities, Using Data Dumps & Sharing Threat Intelligence *** --------------------------------------------- In recent years, there has been an explosion in the number of information security conferences held around the world. Despite this, the weeks leading up to Black Hat in Las Vegas are still reserved for some of the most significant security announcements, advancements and hacks of .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/disclosing-vulnerabili… *** ATM Skimmer Gang Firebombed Antivirus Firm *** --------------------------------------------- Its notable whenever cybercime spills over into real-world, physical attacks. This is the story of a Russian security firm whose operations were pelted with Molotov cocktail attacks after exposing an organized crime gang that developed and sold malicious software to steal cash from ATMs. --------------------------------------------- http://krebsonsecurity.com/2015/09/atm-skimmer-gang-firebombed-antivirus-fi… *** Warning: Malicious emails claiming to be from Doctor Web *** --------------------------------------------- Virus makers often use names of well-known anti-virus companies to gain their victims trust and make them install some malicious program on their computers. At the end of September, cybercriminals employed this method to distribute a dangerous Trojan designed .. --------------------------------------------- http://news.drweb.com/show/?i=9631&lng=en&c=9 *** Security Advisory 2015-01: Vulnerability in OTRS iPhoneHandle interface allows user with valid session privilege escalation *** --------------------------------------------- September 29, 2015 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security(a)otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2016-03-02] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 --------------------------------------------- https://www.otrs.com/security-advisory-2015-01-vulnerability-in-otrs-iphone… *** Security Advisory 2015-02: Scheduler Process ID File Access *** --------------------------------------------- September 29, 2015 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security(a)otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2016-03-02] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 --------------------------------------------- https://www.otrs.com/security-advisory-2015-02-scheduler-process-id-file-ac…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily