End-of-Shift report
Timeframe: Dienstag 19-08-2014 18:00 − Mittwoch 20-08-2014 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
Apache OFBiz cross-site scripting
http://xforce.iss.net/xforce/xfdb/95356
The Administrator of Things (AoT) - A Side Effect of Smartification
In an earlier article, we talked about the ongoing smartification of the home - the natural tendency of households to accumulate more intelligent devices over time. While this has its benefits, the residents of smart homes also need to invest their time and energy to maintain these devices. These requirements will only grow as more...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/5chS0C_DSr4/
RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass
Topic: RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass Risk: Medium Text:ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-071 CVE Identifier: CVE-20...
http://cxsecurity.com/issue/WLB-2014080085
"El Machete"
"Machete" is a targeted attack campaign with Spanish speaking roots. Most of the victims are located in Venezuela, Ecuador, , Colombia, Peru, Russia, Cuba, and Spain. Targets include high-level profiles, including intelligence services, military, embassies and government institutions.
https://securelist.com/blog/research/66108/el-machete/
Microsoft zieht weitere Windows-Updates zurück
Nutzer klagen über Bluescreens und weitere Probleme
http://derstandard.at/2000004536290
Vernetzte Geräte: Tausende Sicherheitslücken entdeckt
In mehr als 140.000 Geräten haben Forscher teils schwerwiegende Sicherheitslücken entdeckt, darunter Zero-Day-Exploits, hartcodierte Passwörter und private Schlüssel.
http://www.golem.de/news/vernetzte-geraete-tausende-sicherheitsluecken-entdeckt-1408-108708-rss.html
Bugtraq: [security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
http://www.securityfocus.com/archive/1/533176
Bugtraq: Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities
http://www.securityfocus.com/archive/1/533180
Bugtraq: CVE-2014-5307 - Privilege Escalation in Panda Security Products
http://www.securityfocus.com/archive/1/533182
Bugtraq: CVE-2014-4973 - Privilege Escalation in ESET Windows Products
Versions 5.0 - 7.0 of ESET Smart Security and ESET Endpoint Security products for Windows XP OS allow a low privileged user to execute code as SYSTEM by exploiting a vulnerability in the ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver also mentioned as Personal Firewall module Build 1183 (20140214) and prior.
http://www.securityfocus.com/archive/1/533184
Aktuelle Masche: Krimineller "Blog-Klau" verärgert viele Betreiber
Unbekannte spiegeln derzeit dutzende deutsche Blogs und versuchen, mit den gekaperten Inhalten illegal Kasse zu machen.
http://www.heise.de/security/meldung/Aktuelle-Masche-Krimineller-Blog-Klau-veraergert-viele-Betreiber-2297045.html
Zertifikate: Google will vor SHA-1 warnen
Google will Zertifikate, die mit SHA-1 signiert sind, bis spätestens 2017 loswerden. Der Chrome-Browser wird bald entsprechende Warnungen anzeigen. SHA-1 gilt schon seit einigen Jahren als potentiell unsicher.
http://www.golem.de/news/zertifikate-google-will-vor-sha-1-warnen-1408-108700-rss.html
Multiple Vulnerabilities in various IBM Products
https://www-304.ibm.com/connections/blogs/PSIRT/entry/aix_libxml2_vulnerability?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/vulnerability_in_aix_bind?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_critical_security_vulnerability_in_rds_client_library_affecting_rational_change_cve_2014_3089?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_ibm_multi_enterprise_integration_gateway_cve_2014_4263_cve_2014_4244?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/multiple_vulnerabilities_in_current_releases_of_the_ibm_sdk_java_technology_edition2?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_critical_security_vulnerability_in_rds_client_library_affecting_rational_synergy_cve_2014_3089?lang=en_us