======================= = End-of-Shift report = =======================
Timeframe: Dienstag 09-06-2015 18:00 − Mittwoch 10-06-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Multiple vulnerabilities in Cisco products *** --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=39256 http://tools.cisco.com/security/center/viewAlert.x?alertId=39257 http://tools.cisco.com/security/center/viewAlert.x?alertId=39240
*** MS15-JUN - Microsoft Security Bulletin Summary for June 2015 - Version: 1.0 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS15-JUN
*** VMSA-2015-0004 *** --------------------------------------------- VMware Workstation, Fusion and Horizon View Client updates address critical security issues .. --------------------------------------------- http://www.vmware.com/security/advisories/VMSA-2015-0004.html
*** Vawtrak Uses Tor2Web making hard to track down its servers *** --------------------------------------------- Security experts at Fortinet uncovered a new strain of the Vawtrak banking Trojan is implementing an obscuring mechanism based on the Tor2Web service. The authors of the banking Trojan Vawtrak are adopting a new tactic to hide the .. --------------------------------------------- http://securityaffairs.co/wordpress/37682/malware/vawtrak-uses-tor2web.html
*** iOS und OS X: Apple könnte HTTPS für Apps erzwingen *** --------------------------------------------- Entwickler von Apps für iOS und OS X sollten "so schnell wie möglich" auf sichere Verbindungen per HTTPS wechseln, empfiehlt Apple. Das Unternehmen könnte die Verschlüsselung gar für die Aufnahme im App Store erzwingen. --------------------------------------------- http://www.golem.de/news/ios-und-os-x-apple-koennte-https-fuer-apps-erzwinge...
*** Schlag gegen internationale Bande von Cyber-Kriminellen in Europa *** --------------------------------------------- http://derstandard.at/2000017259662
*** N-Tron 702W Hard-Coded SSH and HTTPS Encryption Keys *** --------------------------------------------- This advisory provides mitigation details for hard-coded SSH and HTTPS encryption keys in the N-Tron 702-W Industrial Wireless Access Point device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01
*** Sinapsi eSolar Light Plaintext Passwords Vulnerability *** --------------------------------------------- This advisory provides mitigation details for plain text passwords in the Sinapsi eSolar Light application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-160-02
*** Adobe, Microsoft Issue Critical Security Fixes *** --------------------------------------------- Adobe today released software updates to plug at least 13 security holes in its Flash Player software. Separately, Microsoft pushed out fixes for at least three dozen flaws .. --------------------------------------------- http://krebsonsecurity.com/2015/06/adobe-microsoft-issue-critical-security-f...
*** The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns *** --------------------------------------------- Kaspersky Lab uncovers Duqu 2.0 � a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities. --------------------------------------------- http://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisti...
*** Duqu 2.0 *** --------------------------------------------- In our full report, available at http://www.crysys.hu/duqu2/duqu2.pdf, we point out numerous similarities that we discovered between Duqu and Duqu 2.0, .. --------------------------------------------- http://blog.crysys.hu/2015/06/duqu-2-0/
*** Microsoft pusht HTTPS beim Internet Explorer und Edge-Webbrowser *** --------------------------------------------- Ab sofort sollen der Internet Explorer und Webbrowser von Windows 10 Edge das verschlüsselte Surfen über HTTPS vorantreiben. Dafür hat Microsoft jetzt Updates verteilt, die HSTS einführen. --------------------------------------------- http://heise.de/-2687051
*** Xen Security Advisory CVE-2015-3209 / XSA-135 *** --------------------------------------------- The QEMU security team has predisclosed the following advisory: pcnet_transmit loads a transmit-frame descriptor from the guest into the /tmd/ local variable to recover a length field, a status field and a guest-physical location of the associated .. --------------------------------------------- http://www.openwall.com/lists/oss-security/2015/06/10/3
*** Russische Hacker sollen hinter Cyber-Angriff auf TV-Sender stecken *** --------------------------------------------- Nicht – wie bisher angenommen – der Islamistischer Staat (IS), sondern russische Profi-Hacker sollen im April den Sendebetrieb von TV5 lahm gelegt haben. Die platzierte IS-Propaganda sei möglicherweise nur ein Täuschungsmanöver gewesen. --------------------------------------------- http://heise.de/-2687434