End-of-Shift report
Timeframe: Mittwoch 19-06-2013 18:00 − Donnerstag 20-06-2013 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition.
Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc
Vuln: OTRS CVE-2013-4088 Remote Security Bypass Vulnerability
OTRS is prone to a remote security-bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions and obtain sensitive information; other attacks may also be possible.
http://www.securityfocus.com/bid/60688
Anonymous' #OpPetrol: What is it, What to Expect, Why Care?
Last month, the hacker collective Anonymous announced their intention to launch cyber attacks against the petroleum industry (under the code name #OpPetrol) that is expected to last up to June 20. Their claimed reason for this attack is primarily due to petroleum being sold with the US dollar instead of currency of the country where...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/wIkmxr0Tz_A/
LinkedIn auf indische Webseite umgeleitet
Das Karriereportal LinkedIn war in den letzten Stunden nur hin und wieder zu erreichen. Das Karriereportal wurde auf fremde Seiten umgeleitet. Die Einen sprechen von "menschlichen Fehlern", die anderen von einem Angriff.
http://www.heise.de/security/meldung/LinkedIn-auf-indische-Webseite-umgeleitet-1893282.html
VLC Media Player Unspecified Vulnerabilities
Some vulnerabilities with an unknown impact have been reported in VLC Media Player.
The vulnerabilities are caused due to unspecified errors. No further information is currently available.
https://secunia.com/advisories/53656
Blog: Apple of discord
As Apple's popularity grows, so does the desire among fraudsters to make money from the people who own the company's devices. The cybercriminals are aiming to steal Apple ID data which provides access to users' personal information stored in iCloud (e.g., photographs, contacts, documents, email, etc.) as well as to the purchases made in the company's iTunes Store. Many malicious users go further and try to the steal bank card details used to pay for those purchases.
http://www.securelist.com/en/blog/8108/Apple_of_discord