======================= = End-of-Shift report = =======================
Timeframe: Donnerstag 27-08-2015 18:00 − Freitag 28-08-2015 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Security Update: Hotfix Available for ColdFusion (APSB15-21) *** --------------------------------------------- A Security Bulletin (APSB15-21) has been published regarding a hotfix for ColdFusion. This hotfix addresses an important vulnerability that could result in information disclosure. Adobe recommends users apply the hotfix using the instructions provided .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1262
*** DSA-3344 php5 - security update *** --------------------------------------------- https://www.debian.org/security/2015/dsa-3344
*** Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability *** ---------------------------------------------
A vulnerability in the Cisco Identity Services Engine (ISE) guest portal could allow an unauthenticated, remote attacker to view a customized page on the guest portal. The vulnerability is due to lack of access control for the uploaded HTML files. An attacker could exploit this vulnerability .. --------------------------------------------- http://tools.cisco.com/security/center/viewAlert.x?alertId=40691
*** BitTorrent kills bug that turns networks into a website-slaying weapon *** --------------------------------------------- Reflective technique would let attacker amplify traffic and flood targets BitTorrent has fixed a flaw in its technology that quietly turns file-sharing networks into weapons .. --------------------------------------------- www.theregister.co.uk/2015/08/28/bittorrent_blasts_bug/
*** Google makes it official: Chrome will freeze Flash ads on sight from Sept 1 *** --------------------------------------------- Browser to make most stuff click-to-play by default Google is making good on its promise to strangle Adobe Flashs ability to .. --------------------------------------------- www.theregister.co.uk/2015/08/28/google_says_flash_ads_out_september/
*** BSI warnt vor Risiko bei Intels Fernwartungstechnik AMT *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik rät dazu, die Konfiguration von Notebooks und Desktop-PCs mit Intels Active Management Technology zu prüfen: Bei manchen .. --------------------------------------------- http://heise.de/-2792791
*** Business Email Scams: A Growing Threat *** --------------------------------------------- Business Email Scams: is that email from the CEO asking for a wire transfer the real deal? Learn to spot .. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/08/business-email-scams-a...
*** Moxa SoftCMS Buffer Overflow Vulnerabilities *** --------------------------------------------- This advisory provides mitigation details for buffer overflow vulnerabilities in the Moxa SoftCMS software package. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01
*** Siemens SIMATIC S7-1200 CSRF Vulnerability *** --------------------------------------------- This advisory provides mitigation details for Cross-Site Request Forgery vulnerability in the SIMATIC S7 1200 CPUs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02
*** Innominate mGuard VPN Vulnerability *** --------------------------------------------- This advisory provides mitigation details for a denial-of-service vulnerability in the Innominate mGuard device --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03
*** This PUP Alerts You of a Zombie Invasion *** --------------------------------------------- Apps are constantly created to address certain needs. The more helpful an app claims to be, especially in times of crisis, the more users would likely take interest in .. --------------------------------------------- https://blog.malwarebytes.org/online-security/2015/08/draft-this-pup-alerts-...
*** Fake EFF site serving espionage malware was likely active for 3+ weeks *** --------------------------------------------- A spear-phishing campaign some researchers say is linked to the Russian government masqueraded as the Electronic Frontier Foundation in an attempt to infect targets with malware .. --------------------------------------------- http://arstechnica.com/security/2015/08/fake-eff-site-serving-espionage-malw...