[CERT-daily] Tageszusammenfassung - Mittwoch 7-10-2015

Daily end-of-shift report team at cert.at
Wed Oct 7 18:02:08 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 06-10-2015 18:00 − Mittwoch 07-10-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** Microsoft Edge Performance Object Lets Remote Users Detect Virtual Machines ***
---------------------------------------------
http://www.securitytracker.com/id/1033749




*** Microsoft Internet Explorer Performance Object Lets Remote Users Detect Virtual Machines ***
---------------------------------------------
http://www.securitytracker.com/id/1033748




*** Tripwire IP360 VnE Remote Administrative API Authentication Bypass ***
---------------------------------------------
The IP350 VnE is susceptible to a remote XML-RPC authentication
bypass vulnerability, which allows for specially crafted privileged
commands to be remotely executed without authentication. The RPC
service is available on the public HTTPS interface of the VnE by
default, and cannot be disabled.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015100053




*** Virus Bulletin : VB2015 Prague - conference slides ***
---------------------------------------------
The following are the presentation slides shown by speakers at the VB2015 conference in Prague. We are still waiting for some of the slides to be supplied to us - these will be added when they are submitted to us.
---------------------------------------------
https://www.virusbtn.com/conference/vb2015/slides/index




*** Outlook Web Access als Hintertür zum Firmennetz ***
---------------------------------------------
Viele Unternehmen sind sich nicht bewusst, welch verführerisches Ziel der Webdienst von Outlook darstellt. Sicherheitsforscher zeigen an einen aktuellen Fall, wie Angreifer darüber Domänen-Passwörter ausleiten können.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Outlook-Web-Access-als-Hintertuer-zum-Firmennetz-2839445.html




*** HTTP Evasions Explained - Part 4 - Doubly Compressed Content ***
---------------------------------------------
This is the fourth part in a series which will explain the evasions done by HTTP Evader. This article is about the products which successfully support deflate compression (where several products already fail) but fail if the content is ..
---------------------------------------------
http://noxxi.de/research/http-evader-explained-4-double-encoding.html




*** General HTML5 Security, Part 2 ***
---------------------------------------------
In the second part of the General HTML5 Security series, we are going to discuss the enhanced security in HTML5 with features such as the CSP (Content Security Policy) and sandboxed iframes. We ..
---------------------------------------------
http://resources.infosecinstitute.com/general-html5-security-part-2/




*** Kemoge: Another Mobile Malicious Adware Infecting Over 20 Countries ***
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html




*** US-Provider Verizon weitet Nutzung seines Supercookies aus ***
---------------------------------------------
Mit dem Kauf von AOL will Verizon seine Kunden nun auch über dessen Werbenetzwerk weiterverfolgen. AOL erreicht mit seiner Werbung fast 600 Millionen Menschen weltweit.
---------------------------------------------
http://heise.de/-2840065






More information about the Daily mailing list