[CERT-daily] Tageszusammenfassung - Mittwoch 21-05-2014

Daily end-of-shift report team at cert.at
Wed May 21 18:08:45 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 20-05-2014 18:00 − Mittwoch 21-05-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Ebay: Kundendaten bei Hackerangriff gestohlen ***
---------------------------------------------
Hacker hatten im Februar und März Zugriff auf Kundendaten
---------------------------------------------
http://derstandard.at/2000001422781




*** Enterprises Still Lax on Privileged User Access Controls ***
---------------------------------------------
The results of a survey commissioned by Raytheon demonstrate that enterprises still dont have a firm grasp on privileged users and their activities on corporate networks.
---------------------------------------------
http://threatpost.com/enterprises-still-lax-on-privileged-user-access-controls/106180




*** iBanking: Exploiting the Full Potential of Android Malware ***
---------------------------------------------
http://www.symantec.com/connect/blogs/ibanking-exploiting-full-potential-android-malware




*** World's most pricey trojan is veritable Swiss Army knife targeting Android ***
---------------------------------------------
Malicious Android app contains remote bugging, SMS interception, and much more.
---------------------------------------------
http://arstechnica.com/security/2014/05/worlds-most-pricey-trojan-is-veritable-swiss-army-knife-targeting-android/




*** Siemens Industrial Products OpenSSL Heartbleed Vulnerability (Update B) ***
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-105-03B




*** [2014-05-21] Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4 ***
---------------------------------------------
The software CoSoSys Endpoint Protector is affected by critical, unauthenticated SQL injection vulnerabilities and backdoor accounts.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140521-CoSoSys_Endpoint_Protector_Multiple_Vulnerabilities_v10_wo_poc.txt




*** Security App of the Week: WP Security Audit Log ***
---------------------------------------------
WP Security Audit Log is a WordPress plugin that logs all the actions and events that take place under your website's hood. The plugin is useful not only in case of a data breach, but also for preventing one. The plugin is designed to generate a security alert when certain actions are detected. For instance, ..
---------------------------------------------
http://news.softpedia.com/news/Security-App-of-the-Week-WP-Security-Audit-Log-442847.shtml




*** Hook Analyser 3.1 - Malware Analysis Tool ***
---------------------------------------------
Hook Analyser is a freeware application which allows an investigator/analyst to perform 'static & run-time / dynamic' analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet.
---------------------------------------------
http://www.darknet.org.uk/2014/05/hook-analyser-3-1-malware-analysis-tool/




*** Why You Should Ditch Adobe Shockwave ***
---------------------------------------------
This author has long advised computer users who have Adobes Shockwave Player installed to junk the product, mainly on the basis that few sites actually require the browser plugin, and because its yet another plugin that requires constant updating. But I was positively shocked this week to learn that this software introduces a far more pernicious problem: Turns out, ..
---------------------------------------------
http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/




*** LSE stellt Authentifizierungs-Tool LinOTP unter Open-Source-Lizenz ***
---------------------------------------------
Das Authentifizierungswerkzeug LinOTP steht ab sofort als Open-Source-Produkt zum kostenlosen Download bereit.
---------------------------------------------
http://www.heise.de/newsticker/meldung/LSE-stellt-Authentifizierungs-Tool-LinOTP-unter-Open-Source-Lizenz-2195061.html




*** Bugs in your TV ***
---------------------------------------------
Introduction As part of our research into the Internet of Things (IoT), we were asked to look at the current generation of Smart TVs and see whether they posed any new issues when used in the home or office. In particular, the latest sets come with built-in cameras (for use with video chat applications, ..
---------------------------------------------
https://www.nccgroup.com/en/blog/2014/05/bugs-in-your-tv/






More information about the Daily mailing list