[CERT-daily] Tageszusammenfassung - Freitag 6-03-2015

Daily end-of-shift report team at cert.at
Fri Mar 6 18:06:39 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 05-03-2015 18:00 − Freitag 06-03-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Oracle hängt Adware an den Java-Installer für Mac OS X ***
---------------------------------------------
Bei der Installation von Java wird nun auch Mac-Nutzern Adware angedreht - dabei handelt es sich aktuell um eine Browser-Erweiterung.
---------------------------------------------
http://heise.de/-2568995




*** Intuit Failed at 'Know Your Customer' Basics ***
---------------------------------------------
Intuit, the makers of TurboTax, recently introduced several changes to beef up the security of customer accounts following a spike in tax refund fraud at the state and federal level. Unfortunately, those changes dont go far ..
---------------------------------------------
http://krebsonsecurity.com/2015/03/intuit-failed-at-know-your-customer-basics/




*** Why A Free Obfuscator Is Not Always Free. ***
---------------------------------------------
We all love our code but some of us love it so much that we don't want anyone else to read or understand it. When you think about it, that's understandable - hours and hours of hard dev work, days of testing and weeks ..
---------------------------------------------
http://blog.sucuri.net/2015/03/why-a-free-obfuscator-is-not-always-free.html




*** Cisco IOS Autonomic Networking Infrastructure Self-Referential Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0659




*** Contact Form DB 2.8.29 - CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7826




*** Cisco IOS Software and Cisco IOS XE Software Crafted RADIUS Packet Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0598




*** Cisco IOS XR Software Malformed SNMP Packet Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0661




*** Freak: Auch Windows von SSL-Lücke betroffen ***
---------------------------------------------
Deutlich mehr Clients gefährdet als bisher angenommen - Neben Android und iOS auch Opera unter Linux ..
---------------------------------------------
http://derstandard.at/2000012569585




*** Internetdienst Onlinetvrecorder.com gehackt ***
---------------------------------------------
Der Internet-Aufnahmedienst Onlinetvrecorder.com ist Opfer eines Hackangriffes geworden. Der Anbieter empfiehlt allen Nutzern, ihr Passwort zu ändern.
---------------------------------------------
http://heise.de/-2569350




*** Multiple vulnerabilities in Siemens products ***
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-064-01
https://ics-cert.us-cert.gov//advisories/ICSA-15-064-02
https://ics-cert.us-cert.gov//advisories/ICSA-15-064-03
https://ics-cert.us-cert.gov//advisories/ICSA-15-064-04
https://ics-cert.us-cert.gov//advisories/ICSA-15-064-05




*** Verbraucherschützer warnen vor falschen E-Mails von Paketdiensten ***
---------------------------------------------
Links führen laut deutscher Verbraucherzentrale zu Schadsoftware - Falsche Mails nutzen Namen von DHL und UPS
---------------------------------------------
http://derstandard.at/2000012593805




*** Powerspy: Stalking über den Akkuverbrauch ***
---------------------------------------------
Statt über Bluetooth und per GPS lassen sich Smartphone-Benutzer auch anhand ihres Akkuverbrauchs verfolgen. Powerspy macht's möglich. 
---------------------------------------------
http://www.golem.de/news/powerspy-stalking-ueber-den-akkuverbrauch-1503-112791.html




***  Adobe drückt sich vor Finderlohn für gemeldete Lücken ***
---------------------------------------------
Wer Lücken im Adobe Reader, Flash und Co. findet, kann diese jetzt über ein Belohnungsprogramm an den Hersteller melden. Eine geldwerte Belohnung gibt es allerdings nicht – zumindest nicht von Adobe.
---------------------------------------------
http://heise.de/-2569878




*** The Ongoing Debate about the Gap between Compliance and Security ***
---------------------------------------------
Companies required to comply with the Payment Card Industry Data Security Standard (PCI DSS) must meet a wide range of technical and operation requirements. The challenge organizations face regarding PCI compliance has shifted from achieving the minimum level required to satisfy PCI audit ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/the-ongoing-debate-about-the-gap-between-compliance-and-security





More information about the Daily mailing list