[CERT-daily] Tageszusammenfassung - Freitag 29-08-2014
Daily end-of-shift report
team at cert.at
Fri Aug 29 18:10:25 CEST 2014
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 28-08-2014 18:00 − Freitag 29-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
*** Heartbleed is the gift that keeps on giving as servers remain unpatched ***
---------------------------------------------
An average of 7,000 attacks continue to seek out servers vulnerable to the bug.
---------------------------------------------
http://arstechnica.com/security/2014/08/heartbleed-is-the-gift-that-keeps-on-giving-as-servers-remain-unpatched/
*** PCI Council urges retailers to defend against Backoff POS attacks ***
---------------------------------------------
The warning comes soon after the Secret Service and DHS issues a warning on the threat.
---------------------------------------------
http://www.scmagazine.com/pci-council-urges-retailers-to-defend-against-backoff-pos-attacks/article/368640/
*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3350
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3349
*** Django REMOTE_USER header security bypass ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95569
*** IBM Security Bulletin: Current Release of IBM SDK for Node.js is affected by CVE-2014-5256 ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_current_release_of_ibm_sdk_for_node_js_is_affected_by_cve_2014_5256?lang=en_us
*** Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks ***
---------------------------------------------
A few days ago we detected a watering hole campaign in a website owned by one big industrial company.The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing.The attackers were able to compromise the website and include code that loaded a malicious Javascript ..
---------------------------------------------
http://www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks
*** Squid Range Header Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030779
*** F5 BIG-IP ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files ***
---------------------------------------------
http://www.securitytracker.com/id/1030778
*** F5 Enterprise Manager ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files ***
---------------------------------------------
http://www.securitytracker.com/id/1030777
*** Sinkholing the Backoff POS Trojan ***
---------------------------------------------
There is currently a lot of buzz about the Backoff point-of-sale Trojan that is designed to steal credit card information from computers that have POS terminals attached.
---------------------------------------------
https://securelist.com/blog/research/66305/sinkholing-the-backoff-pos-trojan/
*** Nearly 100k Bugzilla Users Affected by Data Disclosure ***
---------------------------------------------
The email addresses and encrypted passwords of nearly 100,000 users of Mozilla's Bugzilla system were left on a publicly accessible server for several months earlier this year, the company said. The disclosure comes just a few weeks after Mozilla advised members of its Mozilla Developer ..
---------------------------------------------
http://threatpost.com/nearly-100k-bugzilla-users-affected-by-data-disclosure/107973
More information about the Daily
mailing list