======================= = End-of-Shift report = =======================

Timeframe: Dienstag 16-08-2016 18:00 − Mittwoch 17-08-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a

*** SQL Injection Vulnerability in Ninja Forms *** --------------------------------------------- As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently installed on 600,000+ websites. --------------------------------------------- https://blog.sucuri.net/2016/08/sql-injection-vulnerability-ninja-forms.html

*** PMASA-2016-38 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-38/

*** PMASA-2016-34 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-34/

*** PMASA-2016-39 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-39/

*** PMASA-2016-43 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-43/

*** PMASA-2016-54 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2016-54/

*** PGP admins: Kill short keys now, or Alice will become Chuck *** --------------------------------------------- Someones impersonating the likes of Linus Torvalds with attacks via keyservers The issue of short .. --------------------------------------------- www.theregister.co.uk/2016/08/17/pgp_admins_kill_short_keys_now_or_alice_will_become_chuck/

*** Snowden: NSA-Leak von Hackern ist "russische Botschaft" an USA *** --------------------------------------------- Der NSA-Whistleblower insinuiert, dass russische Hacker damit die Reaktion auf den Einbruch bei den Demokraten abmildern wollen --------------------------------------------- http://derstandard.at/2000042924155

*** Wartungsarbeiten Donnerstag, 18. 8. 2016, nachmittags *** --------------------------------------------- Am Donnerstag, 18. August 2016, nachmittags, müssen wir dringende Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (zB Email, Webserver, Mailinglisten) führen - es gehen dabei keine Daten (zb Emails) verloren, die .. --------------------------------------------- http://www.cert.at/services/blog/20160817111811-1777.html

*** VxWorks: Execute My Packets *** --------------------------------------------- Earlier this year we reported 3 vulnerabilities in VxWorks to Wind River. Each of these vulnerabilities can be exploited by anonymous remote attackers on the same .. --------------------------------------------- https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/

*** Sicherheitsbedenken: Provider und Aktivisten vereint gegen Router-Lockdown *** --------------------------------------------- Auch in Österreich soll Routerfirmware künftig reguliert werden. Aktivisten und ISPs kritisieren die geplanten Regelungen. Diese gingen davon aus, dass es keine Sicherheitslücken bei Routern geben würde. --------------------------------------------- http://www.golem.de/news/sicherheitsbedenken-provider-und-aktivisten-vereint...

*** New wave of targeted attacks focus on industrial organizations *** --------------------------------------------- Kaspersky Lab researchers discovered a new wave of targeted attacks against the industrial and engineering sectors in 30 countries around the world. Dubbed Operation .. --------------------------------------------- https://www.helpnetsecurity.com/2016/08/17/operation-ghoul/