[CERT-daily] Tageszusammenfassung - Donnerstag 20-06-2013

Thu Jun 20 18:17:26 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 19-06-2013 18:00 − Donnerstag 20-06-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Multiple Vulnerabilities in Cisco TelePresence TC and TE Software ***
---------------------------------------------
Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition.
Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc


*** Vuln: OTRS CVE-2013-4088 Remote Security Bypass Vulnerability ***
---------------------------------------------
OTRS is prone to a remote security-bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions and obtain sensitive information; other attacks may also be possible.
---------------------------------------------
http://www.securityfocus.com/bid/60688


*** Anonymous' #OpPetrol: What is it, What to Expect, Why Care? ***
---------------------------------------------
Last month, the hacker collective Anonymous announced their intention to launch cyber attacks against the petroleum industry (under the code name #OpPetrol) that is expected to last up to June 20. Their claimed reason for this attack is primarily due to petroleum being sold with the US dollar instead of currency of the country where...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/wIkmxr0Tz_A/


*** LinkedIn auf indische Webseite umgeleitet ***
---------------------------------------------
Das Karriereportal LinkedIn war in den letzten Stunden nur hin und wieder zu erreichen. Das Karriereportal wurde auf fremde Seiten umgeleitet. Die Einen sprechen von "menschlichen Fehlern", die anderen von einem Angriff.
---------------------------------------------
http://www.heise.de/security/meldung/LinkedIn-auf-indische-Webseite-umgeleitet-1893282.html


*** VLC Media Player Unspecified Vulnerabilities ***
---------------------------------------------
Some vulnerabilities with an unknown impact have been reported in VLC Media Player.
The vulnerabilities are caused due to unspecified errors. No further information is currently available.
---------------------------------------------
https://secunia.com/advisories/53656


*** Blog: Apple of discord ***
---------------------------------------------
As Apple's popularity grows, so does the desire among fraudsters to make money from the people who own the company's devices. The cybercriminals are aiming to steal Apple ID data which provides access to users' personal information stored in iCloud (e.g., photographs, contacts, documents, email, etc.) as well as to the purchases made in the company's iTunes Store. Many malicious users go further and try to the steal bank card details used to pay for those purchases.
---------------------------------------------
http://www.securelist.com/en/blog/8108/Apple_of_discord