Tageszusammenfassung - Montag 28-07-2014

End-of-Shift report

Timeframe: Freitag 25-07-2014 18:00 − Montag 28-07-2014 18:00 Handler: Alexander Riepl Co-Handler: n/a

Cisco WebEx Meetings Server Authenticated Encryption Vulnerability

A vulnerability in the user.php script of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3302


Cacti cross-site scripting

Cacti is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the Full Name field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting ..

http://xforce.iss.net/xforce/xfdb/94862


Cisco WebEx Meetings Server OutlookAction Class Vulnerability

A vulnerability in the OutlookAction Class of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to ..

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3304


Cisco WebEx Meetings Server Web Framework Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability occurs because sensitive information is passed in a query string. An attacker could ..

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3303


Service Drains Competitors' Online Ad Budget

The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Todays post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.

http://krebsonsecurity.com/2014/07/service-drains-competitors-online-ad-budget/


Daimler: Mit eigener Hacker-Gruppe gegen Sicherheitslücken

Der Automobilhersteller Daimler beschäftigt eine fest angestellte Gruppe von Datenspezialisten, deren Aufgabe es ist, das eigene Firmennetzwerk zu attackieren. So sollen Sicherheitslücken schneller aufgespürt werden.

http://www.golem.de/news/daimler-mit-eigener-hacker-gruppe-gegen-sicherheitsluecken-1407-108137-rss.html


Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure

If remote logging is enabled on the UniFi controller, syslog messages are sent to a syslog server. Contained within the syslog messages is the admin password that is used by both the UniFi controller, and all managed Access Points. This CVE was ..

http://cxsecurity.com/issue/WLB-2014070146


Tails: Zero-Day im Invisible Internet Project

In der Linux-Distribution Tails befindet sich eine Sicherheitslücke, über die Nutzeridentitäten aufgedeckt werden können. Die Schwachstelle ist nicht in Tor, sondern im Invisible-Internet-Project-Netzwerk zu finden.

http://www.golem.de/news/tails-zero-day-im-invisible-internet-project-1407-108148-rss.html


DANE disruptiv: Authentifizierte OpenPGP-Schlüssel im DNS

Pretty Good Privacy soll das DNS zur Schlüsselpropagierung nutzen. Auf der Liste der Entwickler der Internet Engineering Task Force (IETF) steht als nächstes die Zulassung eigenen Schlüsselmaterials.

http://www.heise.de/security/meldung/DANE-disruptiv-Authentifizierte-OpenPGP-Schluessel-im-DNS-2268917.html


Behind the Android.OS.Koler distribution network

Android.OS.Koler.a a ransomware program that blocks the screen of an infected device and requests a ransom in order to unlock the device. An entire network of malicious porn sites linked to a traffic direction system that redirects the victim to different payloads targeting not only mobile devices but any other visitor.

https://securelist.com/blog/research/65189/behind-the-android-os-koler-distribution-network/


Dissecting the CVE-2013-2460 Java Exploit

In this vulnerability, code is able to get the references of some restricted classes which are cleverly used for privilege escalation and bypassing the JVM sandbox. The vulnerable 'invoke' method of the 'sun.tracing.ProviderSkeleton' class is used to ..

http://research.zscaler.com/2014/07/dissecting-cve-2013-2460-java-exploit.html


Anatomy of an iTunes phish - tips to avoid getting caught out

Even if youd back yourself to spot a phish every time, heres a step-by-step account that might help to save your friends and family in the future...

http://nakedsecurity.sophos.com/2014/07/28/anatomy-of-an-itunes-phish-tips-to-avoid-getting-caught-out/


ICS 3C - ICS Cybersecurity Council Conference

ICS 3C gathers experts and decision makers placing Cybersecurity at the heart of a Pan-European Dialogue on solutions for securing critical processes.

http://www.anapur.de/u_e_ICS_Cybersecurity_Conference_2014_HD.htm


Trojaner: Warnungen vor gefälschten Ikea-Mails

Schon mehrere tausend Funde, E-Mails sind "täuschend echt" ..

http://derstandard.at/2000003626539


Malware, Would You Install it for One Cent?

A research study report entitled It's All About The Benjamins: An empirical study on incentivizing users to ignore security ..

http://www.seculert.com/blog/2014/07/would-you-install-potential-malware-for-one-cent.html