======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 31-07-2013 18:00 − Donnerstag 01-08-2013 18:00 Handler: Matthias Fraidl Co-Handler: n/a
*** Inside the Security Model of BlackBerry 10 *** --------------------------------------------- The new BlackBerry 10 operating system contains a number of security improvements and upgrades over earlier versions, but there are still some features and functions that an attacker may be able to exploit. --------------------------------------------- http://threatpost.com/inside-the-security-model-of-blackberry-10/101542
*** Malicious JavaScript flips ad network into rentable botnet *** --------------------------------------------- Enslaved machines helplessly press Apaches buttons Black Hat 2013 Security researchers have shown how hackers can use ad networks to create ephemeral, hard-to-trace botnets that can perform distributed-denial-of-service attacks at the click of a button. --------------------------------------------- http://www.theregister.co.uk/2013/07/31/whitehat_security_ad_networks_botnet...
*** Got an account on a site like Github? Hackers may know your e-mail address *** --------------------------------------------- Researcher de-anonymizes forum people posting extremist views. --------------------------------------------- http://arstechnica.com/security/2013/07/got-an-account-on-a-site-like-github...
*** Black Hat: TLS-Erweiterung schwächt Sicherheit der Verschlüsselung *** --------------------------------------------- Sicherheitsforscher Florent Daignière hat sich bei der Black Hat mit TLS-Extensions befasst, die Session Tickets vorsehen. Kann ein Angreifer Daten des Webservers abgreifen, lassen sich mitgeschnittene Verbindungen im Nachhinein entschlüsseln. --------------------------------------------- http://www.heise.de/security/meldung/Black-Hat-TLS-Erweiterung-schwaecht-Sic...
*** Researchers reveal how to hack an iPhone in 60 seconds *** --------------------------------------------- Three Georgia Tech hackers have revealed how to hack iPhones and iPads with malware imitating ordinary apps in under sixty seconds using a "malicious charger." --------------------------------------------- http://www.zdnet.com/researchers-reveal-how-to-hack-an-iphone-in-60-seconds-...
*** Angriffe auf mit mTAN geschützte Konten *** --------------------------------------------- Die Banken bezeichnen das mTAN-Verfahren als sicher. Trotzdem gelingt es Kriminiellen, den Sicherheitsmechanismus zu umgehen. Der Aufwand ist hoch, die Beute aber groß. --------------------------------------------- http://www.heise.de/security/meldung/Angriffe-auf-mit-mTAN-geschuetzte-Konte...
*** Teaching Old Malware New Tricks *** --------------------------------------------- Why Carberp, ZeuS, and Other Vintage Malware Have a Bigger Bite Than You Think (First in a three-part series) As a sales engineer working at FireEye, I spend my days running production pilots with prospects, discussing advanced persistent threats (APTs) --------------------------------------------- http://www.fireeye.com/blog/corporate/2013/08/teaching-old-malware-new-trick...
*** Cisco WAAS Central Manager Remote Code Execution Vulnerability *** --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
*** GnuPG / Libgcrypt RSA Secret Key Disclosure Weakness *** --------------------------------------------- https://secunia.com/advisories/54373
*** VMware ESXi Multiple Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/54339
*** TYPO3 Cross-Site Scripting and Arbitrary File Upload Vulnerabilities *** --------------------------------------------- https://secunia.com/advisories/53529
*** Subversion 1.7.9 remote DoS vulnerability. *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080004
*** Subversion 1.6.21 arbitrary code execution *** --------------------------------------------- http://cxsecurity.com/issue/WLB-2013080003
*** Vuln: Drupal Flippy Module Access Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/61546
*** Bugtraq: Open-Xchange Security Advisory 2013-07-31 *** --------------------------------------------- http://www.securityfocus.com/archive/1/527662
*** GnuPG / Libgcrypt RSA Secret Key Disclosure Weakness --------------------------------------------- https://secunia.com/advisories/54373