End-of-Shift report
Timeframe: Montag 11-08-2014 18:00 − Dienstag 12-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Adobe Security Bulletins Posted
The following Security Bulletins have been posted today:
APSB14-18: Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-18.html
APSB14-19: Security updates available for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/reader/apsb14-19.html
Customers of the affected products should consult the relevant Security Bulletin(s) for details.
https://blogs.adobe.com/psirt/?p=1118
Cisco Unified Communications Manager SIP Subsystem Vulnerability
CVE-2014-3337
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337
Cisco Unified Communications Manager CTIManager Vulnerability
CVE-2014-3338
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338
Two new Gameover Zeus variants in the wild
About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad.
http://www.scmagazine.com/two-new-gameover-zeus-variants-in-the-wild/article/365647/
Millions of PCs Affected by Mysterious Computrace Backdoor
Absolute Softwares anti-theft Computrace software is mysteriously installed on brand new machines, nearly impossible to remove, and exploitable.
http://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700
NIST wants better SCADA security
Preparing the way for a test lab Americas National Institute of Standards and Technology (NIST) wants to take a hand in addressing the SCADA industry's chronic insecurity, by building a test bed for industrial control systems.
http://www.theregister.co.uk/2014/08/12/nist_wants_better_scada_security/
Command Injection allows Unauthenticated Command Bypass on multiple D-Link products
The DNS-315L DNS-320L, DNS-327L, DNS-340L, and DNS-345 have been identifed as having a vulnerability in their Web-GUI application that allows malicious users to gain access to the device configuraiton, device operating system, and stored file without requiring log-in credentials.
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10042
2Q 2014 Security Roundup: Turning the Tables on Cyber Attacks
The incidents that cropped up in the months of April to June 2014 - from the data breaches, DDoS attacks, to malware improvements and threats to privacy - highlighted the need for enterprises to craft a more strategic response against and in anticipation of security threats. There were plenty of threats to be found in the quarter. There was...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/Cf4i9ouVNiM/
How to hack a Macbook using just USB
Yesterday, at the 2014 DEF CON hackers conference in Las Vegas, security researchers Joe Fitzpatrick and Miles Crabil demonstrated how they could directly access the memory of Apple Macbook devices using a piece of hardware they built to plug into the computer's own USB slot.
http://www.techly.com.au/2014/08/12/hack-macbook-using-just-usb/
BlackBerry Z10 erlaubte freien Zugriff über das WLAN
Sicherheitsforscher haben eine Lücke öffentlich gemacht, die es einem Angreifer erlaubte, auf Daten auf dem BlackBerry Z10 zuzugreifen. Der eingebaute File-Server erlaubte Zugriff auf den Telefonspeicher, ohne nach einem Passwort zu fragen.
http://www.heise.de/security/meldung/BlackBerry-Z10-erlaubte-freien-Zugriff-ueber-das-WLAN-2291022.html