[CERT-daily] Tageszusammenfassung - Mittwoch 22-07-2015

Daily end-of-shift report team at cert.at
Wed Jul 22 18:27:36 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 21-07-2015 18:00 − Mittwoch 22-07-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** WP-CLI Guide: Secure WordPress Backup and Update ***
---------------------------------------------
Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your SSH credentials and use WP-CLI to connect to your website over the command line. Before we get into changing anything, we'll show you how to back up your database and compress...
---------------------------------------------
https://blog.sucuri.net/2015/07/wp-cli-guide-secure-wordpress-backup-update.html




*** Exclusive: Visa application portal closed following SC Magazine investigation ***
---------------------------------------------
VFS Global closes visa application portal following SC Magazine investigation. Editable Schengen visa application forms accessed FOUR DAYS after operating company VFS Global said a vulnerability had been fixed.
---------------------------------------------
http://www.scmagazine.com/exclusive-visa-application-portal-closed-following-sc-magazine-investigation/article/427675/




*** Free security tools help detect Hacking Team malware ***
---------------------------------------------
Vulnerabilities and other threats exposed in the Hacking Team leaks has spurred Rook Security and Facebook to each release free security tools.
---------------------------------------------
http://www.scmagazine.com/rook-security-facebook-release-free-security-tools-in-response-to-hacking-team-leaks/article/427682/




*** "Super-Spion": Android-Überwachungssoftware von Hacking Team nutzt allerhand schmutzige Tricks ***
---------------------------------------------
Eine Analyse der Spionage-App RCSAndroid zeigt umfassende Ausspähfunktionen auf. Die Infektion erfolgt über Exploits - und möglicherweise auch Google Play.
---------------------------------------------
http://heise.de/-2759365




*** Introduction to Alternate Data Streams ***
---------------------------------------------
In this post, we defined what is an alternate data stream (ADS), showed how it can be created and read, and how one can remove unwanted ADS.Categories:  All Things DevTags: adsalternate data streamsPieter Arntzpowershellstreams(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/development/2015/07/introduction-to-alternate-data-streams/




*** Think your website isn't worth anything to hackers? Think again ***
---------------------------------------------
Have you ever thought about the cost of your website compromise?
---------------------------------------------
https://www.htbridge.com/blog/think-your-website-isn-t-worth-anything-to-hackers-think-again.html




*** l+f: Falsche Microsoft-Techniker simulieren falsche Bluescreens ***
---------------------------------------------
Die Telefonabzocker, die sich als Microsoft-Techniker ausgeben, haben sich eine neue Masche überlegt - und sind jetzt auch telefonisch erreichbar.
---------------------------------------------
http://heise.de/-2760509




*** DFN-CERT-2015-1107: FreeBSD, Transmission Control Protocol (TCP): Eine Schwachstelle erlaubt einen Denial-of-Service-Angriff ***
---------------------------------------------
Eine Schwachstelle im Transmission Control Protocol (TCP) der TCP/IP Protocol Suite ermöglicht einem entfernten, nicht authentisierten Angreifer einen kompletten Denial-of-Service-Zustand zu bewirken.
Von der Schwachstelle sind alle derzeit unterstützten FreeBSD-Versionen betroffen. Sicherheitsupdates stehen bereit.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1107/




*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us




*** Cisco IOS XR Concurrent Data Management Replication Process BGP Process Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40067




*** Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40021




*** [R1] PHP < 5.4.43 Vulnerability Affects Tenable SecurityCenter ***
---------------------------------------------
http://www.tenable.com/security/tns-2015-09




*** Hospira Symbiq Infusion System Vulnerability ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on June 23, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides compensating measures for a vulnerability in the Hospira Symbiq Infusion System.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01




*** Counter-Strike 1.6 GameInfo Query Reflection DoS ***
---------------------------------------------
Topic: Counter-Strike 1.6 GameInfo Query Reflection DoS Risk: Medium Text:#!/usr/bin/perl # # Counter-Strike 1.6 GameInfo Query Reflection DoS # Proof Of Concept # # Copyright 2015 (c) Todor ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015070103


More information about the Daily mailing list