======================= = End-of-Shift report = =======================
Timeframe: Donnerstag 28-08-2014 18:00 − Freitag 29-08-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl
*** Heartbleed is the gift that keeps on giving as servers remain unpatched *** --------------------------------------------- An average of 7,000 attacks continue to seek out servers vulnerable to the bug. --------------------------------------------- http://arstechnica.com/security/2014/08/heartbleed-is-the-gift-that-keeps-on...
*** PCI Council urges retailers to defend against Backoff POS attacks *** --------------------------------------------- The warning comes soon after the Secret Service and DHS issues a warning on the threat. --------------------------------------------- http://www.scmagazine.com/pci-council-urges-retailers-to-defend-against-back...
*** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-... http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-... http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-...
*** Django REMOTE_USER header security bypass *** --------------------------------------------- http://xforce.iss.net/xforce/xfdb/95569
*** IBM Security Bulletin: Current Release of IBM SDK for Node.js is affected by CVE-2014-5256 *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_...
*** Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks *** --------------------------------------------- A few days ago we detected a watering hole campaign in a website owned by one big industrial company.The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing.The attackers were able to compromise the website and include code that loaded a malicious Javascript .. --------------------------------------------- http://www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissance...
*** Squid Range Header Processing Flaw Lets Remote Users Deny Service *** --------------------------------------------- http://www.securitytracker.com/id/1030779
*** F5 BIG-IP ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files *** --------------------------------------------- http://www.securitytracker.com/id/1030778
*** F5 Enterprise Manager ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files *** --------------------------------------------- http://www.securitytracker.com/id/1030777
*** Sinkholing the Backoff POS Trojan *** --------------------------------------------- There is currently a lot of buzz about the Backoff point-of-sale Trojan that is designed to steal credit card information from computers that have POS terminals attached. --------------------------------------------- https://securelist.com/blog/research/66305/sinkholing-the-backoff-pos-trojan...
*** Nearly 100k Bugzilla Users Affected by Data Disclosure *** --------------------------------------------- The email addresses and encrypted passwords of nearly 100,000 users of Mozilla's Bugzilla system were left on a publicly accessible server for several months earlier this year, the company said. The disclosure comes just a few weeks after Mozilla advised members of its Mozilla Developer .. --------------------------------------------- http://threatpost.com/nearly-100k-bugzilla-users-affected-by-data-disclosure...