Tageszusammenfassung - Freitag 30-08-2013

End-of-Shift report

Timeframe: Donnerstag 29-08-2013 18:00 − Freitag 30-08-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

CoreText Font Rendering Bug Leads To iOS, OS X Exploit

redkemper writes with this news from BGR.com (based on a report at Hacker News), excerpting: "Android might be targeted by hackers and malware far more often than Apples iOS platform, but that doesnt mean devices like the iPhone and iPad are immune to threats. A post on a Russian website draws attention to a fairly serious vulnerability that allows nefarious users to remotely crash apps on iOS 6, or even render them unusable. The vulnerability is seemingly due to a bug in Apples CoreText...


Cloud-Dienst als Malware-Einfallstor

IT-Sicherheitsforscher haben eine Methode gezeigt, mit der über Dropbox und Co. Sicherheitsmechanismen von Firmen überwunden werden können.


Sicherheitsforscher knacken Dropbox

Client entschlüsselt - Zwei-Weg-Authentifizierung kann umlaufen werden


TeleGeographys Interactive Submarine Cable Map

....Ever want to know where all the submarine cables are that provide part of the physical infrastructure of the Internet? Or which cities in the world have the most connectivity via submarine cables? (or which regions might be single points of failure?) In doing some research I stumbled across this excellent site from the folks at TeleGeography ...


FinFisher range of attack tools

FinFisher is a range of attack tools developed and sold by a company called Gamma Group.Recently, some FinFisher sales brochures and presentations were leaked on the net. They contain many interesting details about these tools.In the background part of the FinFisher presentation, they go on to explain how Gamma hired the (at-the-time) main developer of Backtrack Linux to build attack tools for Gamma. This is a reference to Martin Johannes Münch. They also boast how their developers have...


vBulletin users warned of potential exploit

The forum softwares developers advise users to delete the install folder


MatrikonOPC SCADA DNP3 Master Station Improper Input Validation

OVERVIEW: This updated advisory was originally posted to the US-CERT secure Portal library on August 02, 2013, and is now being released to the ICS-CERT Web page.Adam Crain of Automatak and independent researcher Chris Sistrunk have identified a buffer overflow vulnerability in MatrikonOPC’s SCADA DNP3 OPC Server application. MatrikonOPC has produced a patch that mitigates this vulnerability. The researchers tested the patch to validate that it resolves the vulnerability.This vulnerability...


Cisco Identity Services Engine Discloses Authentication Credentials to Remote Users


IBM InfoSphere Information Server Web Console Cross-Site Scripting Vulnerabilities


Schneider Electric OFS XML External Entities Vulnerability


Cisco ASA Software TFTP Protocol Inspection Denial of Service Vulnerability


LibTIFF Multiple Vulnerabilities



VMware ESXi and ESX address an NFC Protocol Unhandled Exception