======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 01-04-2015 18:00 − Donnerstag 02-04-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
*** Phishing-Mails mit Anweisungen des Chefs oft erfolgreich *** --------------------------------------------- Phishing-Mails werden immer raffinierter. So gibt es etwa getarnte Mails vom Boss an seine Mitarbeiter, Geld zu überweisen, die höchst erfolgreich sind. --------------------------------------------- http://futurezone.at/digital-life/phishing-mails-mit-anweisungen-des-chefs-o...
*** User Import - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-093 *** --------------------------------------------- This module enables the import of users into Drupal, or the update of existing users, with data from a CSV file (comma separated file).Some management URLs were not properly protected. A malicious user could trick an administrator .. --------------------------------------------- https://www.drupal.org/node/2463949
*** Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090 *** --------------------------------------------- The Password Policy module allows enforcing restrictions on user passwords by defining password policies.The module doesnt sufficiently sanitize usernames in some administration pages, thereby exposing a Cross Site Scripting .. --------------------------------------------- https://www.drupal.org/node/2463835
*** NewPosThings Has New PoS Things *** --------------------------------------------- Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-...
*** Google suspends CNNIC from Chromes certificate store *** --------------------------------------------- Chinese certificate authority told to re-apply.When a web client, such as a browser, attempts to make an HTTPS connection, it needs to know that no man-in-the-middle attack is taking place. The web server therefore proves its .. --------------------------------------------- http://www.virusbtn.com/blog/2015/04_02b.xml
*** Frühjahrsputz bei Chrome: Fast 200 Adware-Plug-ins fliegen raus *** --------------------------------------------- Google räumt im Chrome Web Store auf und verbannt reihenweise Adware-Erweiterungen, die Millionen von Nutzern mit Werbung genervt haben. In Zukunft sollen derartige Plagegeister erst gar nicht im Web Store landen. --------------------------------------------- http://heise.de/-2595248
*** E-Mail-Sicherheit: Gedächtnislücken und Darkmail-Ideen *** --------------------------------------------- Die Internet Engineering Task Force hat sich die Vertraulichkeit der Internetprotokolle auf die Fahnen geschrieben. Was lässt sich bei E-Mails noch machen? Zum Beispiel Metadaten verbergen. Auch gibt es Versuche, sichere E-Mail handlicher zu machen. --------------------------------------------- http://heise.de/-2595167
*** Using the docker command to root the host (totally not a security issue) *** --------------------------------------------- It is possible to do a few more things more with docker besides working with containers, such as creating a root shell on the host, overwriting system configuration files, reading restricted stuff, etc. --------------------------------------------- http://reventlov.com/advisories/using-the-docker-command-to-root-the-host
*** Analysis of a Romanian Botnet *** --------------------------------------------- Recently I noticed some strange entries in our web server log files. Specifically, someone was trying to exploit our servers using the ShellShock vulnerability (CVE-2014-6271) to execute a .. --------------------------------------------- http://blog.politoinc.com/2015/04/analysis-of-a-romanian-botnet/
*** Verschlüsselung: Truecrypt-Audit findet kleinere Sicherheitsprobleme *** --------------------------------------------- Die zweite Phase des Audits für die Verschlüsselungssoftware Truecrypt ist beendet. Dabei wurden die kryptographischen Funktionen untersucht. Einige Sicherheitsprobleme wurden entdeckt, sie treten aber nur in seltenen Fällen auf. --------------------------------------------- http://www.golem.de/news/verschluesselung-truecrypt-audit-findet-kleinere-si...