======================= = End-of-Shift report = =======================
Timeframe: Dienstag 21-07-2015 18:00 − Mittwoch 22-07-2015 18:00 Handler: Stephan Richter Co-Handler: n/a
*** WP-CLI Guide: Secure WordPress Backup and Update *** --------------------------------------------- Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your SSH credentials and use WP-CLI to connect to your website over the command line. Before we get into changing anything, we'll show you how to back up your database and compress... --------------------------------------------- https://blog.sucuri.net/2015/07/wp-cli-guide-secure-wordpress-backup-update....
*** Exclusive: Visa application portal closed following SC Magazine investigation *** --------------------------------------------- VFS Global closes visa application portal following SC Magazine investigation. Editable Schengen visa application forms accessed FOUR DAYS after operating company VFS Global said a vulnerability had been fixed. --------------------------------------------- http://www.scmagazine.com/exclusive-visa-application-portal-closed-following...
*** Free security tools help detect Hacking Team malware *** --------------------------------------------- Vulnerabilities and other threats exposed in the Hacking Team leaks has spurred Rook Security and Facebook to each release free security tools. --------------------------------------------- http://www.scmagazine.com/rook-security-facebook-release-free-security-tools...
*** "Super-Spion": Android-Überwachungssoftware von Hacking Team nutzt allerhand schmutzige Tricks *** --------------------------------------------- Eine Analyse der Spionage-App RCSAndroid zeigt umfassende Ausspähfunktionen auf. Die Infektion erfolgt über Exploits - und möglicherweise auch Google Play. --------------------------------------------- http://heise.de/-2759365
*** Introduction to Alternate Data Streams *** --------------------------------------------- In this post, we defined what is an alternate data stream (ADS), showed how it can be created and read, and how one can remove unwanted ADS.Categories: All Things DevTags: adsalternate data streamsPieter Arntzpowershellstreams(Read more...) --------------------------------------------- https://blog.malwarebytes.org/development/2015/07/introduction-to-alternate-...
*** Think your website isn't worth anything to hackers? Think again *** --------------------------------------------- Have you ever thought about the cost of your website compromise? --------------------------------------------- https://www.htbridge.com/blog/think-your-website-isn-t-worth-anything-to-hac...
*** l+f: Falsche Microsoft-Techniker simulieren falsche Bluescreens *** --------------------------------------------- Die Telefonabzocker, die sich als Microsoft-Techniker ausgeben, haben sich eine neue Masche überlegt - und sind jetzt auch telefonisch erreichbar. --------------------------------------------- http://heise.de/-2760509
*** DFN-CERT-2015-1107: FreeBSD, Transmission Control Protocol (TCP): Eine Schwachstelle erlaubt einen Denial-of-Service-Angriff *** --------------------------------------------- Eine Schwachstelle im Transmission Control Protocol (TCP) der TCP/IP Protocol Suite ermöglicht einem entfernten, nicht authentisierten Angreifer einen kompletten Denial-of-Service-Zustand zu bewirken. Von der Schwachstelle sind alle derzeit unterstützten FreeBSD-Versionen betroffen. Sicherheitsupdates stehen bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2015-1107/
*** IBM Security Bulletins *** --------------------------------------------- https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us
*** Cisco IOS XR Concurrent Data Management Replication Process BGP Process Denial of Service Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40067
*** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40021
*** [R1] PHP < 5.4.43 Vulnerability Affects Tenable SecurityCenter *** --------------------------------------------- http://www.tenable.com/security/tns-2015-09
*** Hospira Symbiq Infusion System Vulnerability *** --------------------------------------------- This advisory was originally posted to the US-CERT secure Portal library on June 23, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides compensating measures for a vulnerability in the Hospira Symbiq Infusion System. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01
*** Counter-Strike 1.6 GameInfo Query Reflection DoS *** --------------------------------------------- Topic: Counter-Strike 1.6 GameInfo Query Reflection DoS Risk: Medium Text:#!/usr/bin/perl # # Counter-Strike 1.6 GameInfo Query Reflection DoS # Proof Of Concept # # Copyright 2015 (c) Todor ... --------------------------------------------- http://cxsecurity.com/issue/WLB-2015070103