======================= = End-of-Shift report = =======================
Timeframe: Freitag 03-05-2013 18:00 − Montag 06-05-2013 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner
*** What’s a known source of malware doing in an iOS app? Ars investigates *** --------------------------------------------- Trojans, false positives, and the case of accidental cross contamination. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/suyRCkbyIFE/
*** gpsd AIS driver packet parser denial of service *** --------------------------------------------- gpsd AIS driver packet parser denial of service --------------------------------------------- http://xforce.iss.net/xforce/xfdb/83982
*** EMC Avamar Client Certificate Validation Flaw Lets Remote Users Spoof the System *** --------------------------------------------- http://www.securitytracker.com/id/1028511
*** EMC Avamar Authorization Flaw Lets Remote Authenticated Users Access Files *** --------------------------------------------- http://www.securitytracker.com/id/1028510
*** Microsoft Releases Security Advisory 2847140 *** --------------------------------------------- Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you... --------------------------------------------- http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-securi...
*** Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit *** --------------------------------------------- https://community.rapid7.com/community/metasploit/blog/2013/05/05/department...
*** New version of DIY Google Dorks based mass website hacking tool spotted in the wild *** --------------------------------------------- By Dancho Danchev Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one. A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to [...] --------------------------------------------- http://feedproxy.google.com/~r/WebrootThreatBlog/~3/8hoG6XIwk8s/
*** Vuln: WordPress Advanced XML Reader Plugin XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/59618
*** Cisco WebEx Cache Directory Read Vulnerability *** --------------------------------------------- A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-...
*** Cisco WebEx Uninitialized Memory Read Vulnerability *** --------------------------------------------- A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read uninitialized memory. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-...
*** Bugtraq: VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6 *** --------------------------------------------- http://www.securityfocus.com/archive/1/526541
*** Bugtraq: [SE-2012-01] New security vulnerabilities and broken fixes in IBM Java *** --------------------------------------------- http://www.securityfocus.com/archive/1/526540