======================= = End-of-Shift report = =======================
Timeframe: Montag 22-08-2016 18:00 − Dienstag 23-08-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl
*** Vuln: WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92572
*** Juniper Acknowledges Equation Group Targeted ScreenOS *** --------------------------------------------- Juniper Networks on Friday acknowledged that implants contained in the ShadowBrokers data dump target NetScreen firewalls running ScreenOS. --------------------------------------------- http://threatpost.com/juniper-acknowledges-equation-group-exploits-target-sc...
*** Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities in IP Phones *** --------------------------------------------- Obihai Technology recently patched a slew of issues in its ObiPhone IP phone products that could have led to memory corruption, a buffer overflow, and denial of service conditions, among other outcomes. --------------------------------------------- http://threatpost.com/obihai-patches-memory-corruption-dos-csrf-vulnerabilit...
*** Vuln: PHP php_quot_print_encode() Function Integer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/92588
*** shellray. a php webshell detector *** --------------------------------------------- nimbusec shellray ist ein kostenloser Online Webshell Detector für .php-Dateien. --------------------------------------------- https://shellray.com/de/
*** Voice Message Notifications Deliver Ransomware *** --------------------------------------------- Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21397
*** Security Notice - Statement About Toolkit Released by Shadow Brokers *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160823-01-s...
*** 'Sicherheits-Check' bei Bank Austria-Kunden *** --------------------------------------------- Eine falsche Bank Austria-Mail ist im Umlauf. Darin behaupten Kriminelle, dass Kund/innen einen Sicherheits-Check durchführen müssen. Aus diesem .. --------------------------------------------- https://www.watchlist-internet.at/phishing/sicherheits-check-bei-bank-austri...
*** Sandscout: Angriff auf Apples Sandkasten *** --------------------------------------------- Im Sicherheitsvergleich mit Android schneidet iOS meist besser ab. In einem aktuellen Versuch gelang es Forschern aber, einen erfolgreichen Angriff auf die Sandboxing-Funktion von iOS-Apps durchzuführen. --------------------------------------------- http://www.golem.de/news/sandscout-angriff-auf-apples-sandkasten-1608-122856...
*** Timing of Browser-Based Security Alerts Could Be Better *** --------------------------------------------- New academic research shows that security warnings should be better timed to pop up when computers users are less likely to be multitasking. --------------------------------------------- http://threatpost.com/timing-of-browser-based-security-alerts-could-be-bette...