======================= = End-of-Shift report = =======================
Timeframe: Dienstag 31-05-2016 18:00 − Mittwoch 01-06-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** Tor Browser 6.0: Ditches SHA-1 Support, Uses DuckDuckGo For Default Search Results *** --------------------------------------------- The version 6.0 of Tor Browser, a free software for enabling anonymous communication, is now available to download. The new version introduces several changes, including disabling SHA-1 support, and removing .. --------------------------------------------- https://tech.slashdot.org/story/16/05/31/1643234/tor-browser-60-ditches-sha-...
*** Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005 *** --------------------------------------------- It has been over 19 months since Drupalgeddon, which refers to Drupal's Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it .. --------------------------------------------- https://blog.sucuri.net/2016/05/drupal-sqli-drupalgeddon-attack-trend-cve-20...
*** Finding Conditional Drupal Database Spam *** --------------------------------------------- Nobody likes spam. It's never fun (unless you're watching Monty Python). For us it comes with the territory; removing SEO spam has been at the core of what we deal with since our inception, giving us some pretty good .. --------------------------------------------- https://blog.sucuri.net/2016/05/finding-conditional-drupal-database-spam.htm...
*** Cluster of 'megabreaches' compromises a whopping 642 million passwords *** --------------------------------------------- MySpace, Tumblr, and Fling are the latest services to join discredited LinkedIn. --------------------------------------------- http://arstechnica.com/security/2016/05/cluster-of-megabreaches-compromise-a...
*** Moxa UC 7408-LX-Plus Firmware Overwrite Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a firmware overwrite vulnerability in Moxa's UC 7408-LX-Plus device. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-152-01
*** ABB PCM600 Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for one use of password hash with insufficient computational effort and three insufficiently protected credentials vulnerabilities in ABB's PCM600. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-152-02
*** Unfalsifiability of security claims *** --------------------------------------------- There is an inherent asymmetry in computer security: things can be declared insecure by observation, but not the reverse. There is no observation that allows us to declare an arbitrary system or technique secure. We .. --------------------------------------------- http://research.microsoft.com/pubs/256133/unfalsifiabilityOfSecurityClaims.p...
*** Lücke in ImageMagick und GraphicsMagick ermöglicht erneute Angriffe *** --------------------------------------------- Manipulierte Dateinamen können Schadcode über die popen()-Funktion des Betriebssystems zur Ausführung bringen. Patches stehen bereit. --------------------------------------------- http://heise.de/-3223811
*** Scrum.org hacked, may have lost crypto keys and some user data *** --------------------------------------------- Dont go dissing DevOps: a supplier has fessed up to a website vuln Scrum.org, the Scrum certification .. --------------------------------------------- www.theregister.co.uk/2016/06/01/scrumorg_hacked_may_have_lost_crypto_keys_and_some_user_data/
*** Heikle Sicherheitslücken in vorinstallierter Laptop-Software *** --------------------------------------------- http://derstandard.at/2000038006783
*** Microsoft: Spamfilter für Hotmail und Outlook kaputt *** --------------------------------------------- Unternehmen arbeitet mit Hochdruck an Lösung, manche Nutzer sollen "extreme Menge" an Spam-Mails erhalten --------------------------------------------- http://derstandard.at/2000038023486
*** The impossible task of creating a 'Best VPNs' list today *** --------------------------------------------- Our writer set out to make a list of reliable VPNs; turns out the task is complicated. --------------------------------------------- http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-th...
*** VB2015 paper: Economic Sanctions on Malware *** --------------------------------------------- Financial pressure can be a proactive and potentially very effective tool in making our computer ecosystems safer. By cleverly employing various trust metrics and technologies such as digital signing, watermarking, and .. --------------------------------------------- https://www.virusbulletin.com/blog/2016/06/economic-sanctions-malware/
*** DRIDEX Poses as Fake Certificate in Latest Spam Run *** --------------------------------------------- At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/dridex-poses-as-f...
*** Security: LG muss Android-Firmware reparieren *** --------------------------------------------- Zwei Sicherheitslücken in LGs-Android Firmware ermöglichen eine Reihe von Angriffen, teilweise auch aus der Ferne. Nutzer sollten schnell reagieren, die Updates stehen bereit. --------------------------------------------- http://www.golem.de/news/security-lg-muss-android-firmware-reparieren-1606-1...
*** Kindernahrung: Mein Baby Club von Hipp wurde gehackt *** --------------------------------------------- Kopierte Nutzerdaten sind immer ein Ärgernis - besonders, wenn die persönlichen Informationen von Kindern betroffen sind. Der Hersteller Hipp hat seine Kunden jetzt über einen Einbruch in die eigenen Serversysteme des Mein Baby Clubs informiert --------------------------------------------- http://www.golem.de/news/kindernahrung-mein-baby-club-von-hipp-wurde-gehackt...