End-of-Shift report
Timeframe: Montag 14-07-2014 18:00 − Dienstag 15-07-2014 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Introduction to Smart Meters
While wearable personal technology may be the most 'public' face of the Internet of Everything, the most widespread use of it may be in smart meters. What is a smart meter, exactly? It's a meter for utilities (electricity, gas, or water) that records the consumption of the utility in question, and transmits it ..
http://blog.trendmicro.com/trendlabs-security-intelligence/introduction-to-smart-meters/
Disclosure: Insecure Nonce Generation in WPtouch
If you use the popular WPtouch plugin (5m+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in ..
http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html
Five Year Old Phishing Campaign Unveiled
Details have been disclosed on a five-year-old phishing campaign where in attackers have pilfered victims's login credentials from Google, Yahoo, Facebook, Dropbox and Skype.
http://threatpost.com/five-year-old-phishing-campaign-unveiled/107197
OpenVPN PrivateTunnel ptservice privilege escalation
http://xforce.iss.net/xforce/xfdb/94482
HP StoreVirtual Bugs Let Remote Users Obtain Information and Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030567
Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates
A number of security vulnerabilities have been identified in the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway, formerly known ..
http://support.citrix.com/article/CTX140863
iCloud-Mail-Versand jetzt auch verschlüsselt
Als einer der letzten grossen Mail-Provider hat Apple nun die Sicherung des Transports gegen einfaches Mitlesen eingeschaltet. Die eingesetzten Verfahren lassen allerdings viel zu wünschen übrig.
http://www.heise.de/security/meldung/iCloud-Mail-Versand-jetzt-auch-verschluesselt-2260410.html
OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability
http://cxsecurity.com/issue/WLB-2014070078
Oracle zur Zukunft von Java 7 unter Windows XP
Java 7 wird bis frühestens April 2015 mit Security-Updates versorgt. Alle weiteren Releases der vorletzten Java-Version bis dahin werden auch weiterhin mit dem nicht mehr von Microsoft offiziell unterstützten Windows XP funktionieren.
http://www.heise.de/security/meldung/Oracle-zur-Zukunft-von-Java-7-unter-Windows-XP-2260554.html
The 'Forbidden' Apple: App Stores and the Illusion of Control Part I
There is no doubt we truly live in an 'App Economy.' From personal to professional, we direct and live our lives through our smart phones. But while we enjoy the latest games, stream the latest content or catch up on our friends activities, few think ..
http://research.zscaler.com/2014/07/the-forbidden-apple-app-stores-and.html
And the mice will 'Play': App Stores and the Illusion of Control Part II
In the last blog, we began analyzing what we've termed the vApp Dichotomy' of the App Economy - The fact that we are at least as much the consumed, as we are the consumer. Our goal was to analyze popular apps from Apple's App Store and Google Play to ..
http://research.zscaler.com/2014/07/and-mice-will-play-app-stores-and.html
Project Zero: Google baut Internet-Sicherheitsteam auf
Mit Vollzeit-Entwicklern im Project Zero will Google, das Sicherheitsforschung bisher nur nebenbei betrieben hat, das Internet sicherer machen und politisch Verfolgten helfen.
http://www.golem.de/news/project-zero-google-baut-internet-sicherheitsteam-auf-1407-107894-rss.html
New Kronos Banking Malware Advertised On Russian Forums
Researchers have spotted a new banking Trojan advertised for sale on Russian forums. Kronos promises features that help it evade detection and analysis, such as a Ring3 rootkit.
http://threatpost.com/new-kronos-banking-malware-advertised-on-russian-forums/107210