======================= = End-of-Shift report = =======================
Timeframe: Montag 11-08-2014 18:00 − Dienstag 12-08-2014 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter
*** Adobe Security Bulletins Posted *** --------------------------------------------- The following Security Bulletins have been posted today:
APSB14-18: Security updates available for Adobe Flash Player http://helpx.adobe.com/security/products/flash-player/apsb14-18.html
APSB14-19: Security updates available for Adobe Reader and Acrobat http://helpx.adobe.com/security/products/reader/apsb14-19.html
Customers of the affected products should consult the relevant Security Bulletin(s) for details. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1118
*** Cisco Unified Communications Manager SIP Subsystem Vulnerability *** --------------------------------------------- CVE-2014-3337 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-...
*** Cisco Unified Communications Manager CTIManager Vulnerability *** --------------------------------------------- CVE-2014-3338 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-...
*** Two new Gameover Zeus variants in the wild *** --------------------------------------------- About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad. --------------------------------------------- http://www.scmagazine.com/two-new-gameover-zeus-variants-in-the-wild/article...
*** Millions of PCs Affected by Mysterious Computrace Backdoor *** --------------------------------------------- Absolute Softwares anti-theft Computrace software is mysteriously installed on brand new machines, nearly impossible to remove, and exploitable. --------------------------------------------- http://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-back...
*** NIST wants better SCADA security *** --------------------------------------------- Preparing the way for a test lab Americas National Institute of Standards and Technology (NIST) wants to take a hand in addressing the SCADA industry's chronic insecurity, by building a test bed for industrial control systems. --------------------------------------------- http://www.theregister.co.uk/2014/08/12/nist_wants_better_scada_security/
*** Command Injection allows Unauthenticated Command Bypass on multiple D-Link products *** --------------------------------------------- The DNS-315L DNS-320L, DNS-327L, DNS-340L, and DNS-345 have been identifed as having a vulnerability in their Web-GUI application that allows malicious users to gain access to the device configuraiton, device operating system, and stored file without requiring log-in credentials. --------------------------------------------- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10042
*** 2Q 2014 Security Roundup: Turning the Tables on Cyber Attacks *** --------------------------------------------- The incidents that cropped up in the months of April to June 2014 - from the data breaches, DDoS attacks, to malware improvements and threats to privacy - highlighted the need for enterprises to craft a more strategic response against and in anticipation of security threats. There were plenty of threats to be found in the quarter. There was... --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Cf4i9ouVNiM/
*** How to hack a Macbook using just USB *** --------------------------------------------- Yesterday, at the 2014 DEF CON hackers conference in Las Vegas, security researchers Joe Fitzpatrick and Miles Crabil demonstrated how they could directly access the memory of Apple Macbook devices using a piece of hardware they built to plug into the computer's own USB slot. --------------------------------------------- http://www.techly.com.au/2014/08/12/hack-macbook-using-just-usb/
*** BlackBerry Z10 erlaubte freien Zugriff über das WLAN *** --------------------------------------------- Sicherheitsforscher haben eine Lücke öffentlich gemacht, die es einem Angreifer erlaubte, auf Daten auf dem BlackBerry Z10 zuzugreifen. Der eingebaute File-Server erlaubte Zugriff auf den Telefonspeicher, ohne nach einem Passwort zu fragen. --------------------------------------------- http://www.heise.de/security/meldung/BlackBerry-Z10-erlaubte-freien-Zugriff-...