End-of-Shift report
Timeframe: Mittwoch 20-08-2014 18:00 − Donnerstag 21-08-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Cisco WebEx MeetMeNow Server Directory Traversal Vulnerability
A vulnerability in a PHP file in the Cisco WebEx MeetMeNow Server could allow an authenticated, remote attacker to obtain the contents of arbitrary files on an affected device.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3340
The fall of rogue antivirus software brings new methods to light
Rogue antivirus software has been a part of the malware ecosystem for many years now - Win32/SpySheriff and Win32/FakeRean date all the way back to 2007. These rogues, and the many that have followed them throughout the years, generally mislead and scare users into paying a fee for "cleaning" false detections that the software claims to have found on the machine. They often use dozens ..
http://blogs.technet.com/b/mmpc/archive/2014/08/19/the-fall-of-rogue-antivirus-software-brings-new-methods-to-light.aspx
Researchers build security framework for Android
University researchers have modified the Android operating system to let developers plug in enterprise-class security enhancements that would normally require overhauling a mobile devices firmware.The code added to the OS is called the Android Security Modules (ASM) framework, which is described ..
http://www.csoonline.com/article/2474691/mobile-security/researchers-build-security-framework-for-android.html#tk.rss_applicationsecurity
Britischer Geheimdienst GCHQ entwickelt Hackerspiel mit
Im Browserspiel soll getestet werden, wie gut sich die Briten mit Online-Sicherheit auskennen. Dabei soll es Wettbewerbe geben, bei denen Nachwuchs rekrutiert wird.
http://futurezone.at/digital-life/britischer-geheimdienst-gchq-entwickelt-hackerspiel-mit/81.285.020
5 excuses for doing nothing about computer security
Sadly, as were sure you have found, once a friend or family member has latched onto a security avoidance excuse, it can be hard to talk them round. So, here are five excuses that we hear a lot, both from individuals and from small businesses, together with some points you can use to argue back that security really does matter.
http://nakedsecurity.sophos.com/2014/08/20/5-excuses-for-doing-nothing-about-computer-security/
Need a green traffic light all the way home? Easy with insecure street signals, say researchers
"While other deployments may use different wireless radios or even wired connections between intersections we have no reason to believe there are any fundamental differences between the network we studied and other traffic signal systems," the researchers concluded. "We believe that many traffic infrastructure ..
http://www.theregister.co.uk/2014/08/20/sick_of_slow_commuting_americas_traffic_lights_are_easily_hackable/
IoT: How I hacked my home
A typical modern home can have around five devices connected to the local network which aren't computers, tablets or cellphones. As users in a connected digital environment we need to ask ourselves: Are the devices connected to my network vulnerable? What could an attacker actually do if these devices were compromised? Is my home 'hackable?'
https://securelist.com/analysis/publications/66207/iot-how-i-hacked-my-home/