End-of-Shift report
Timeframe: Donnerstag 18-09-2014 18:00 − Freitag 19-09-2014 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
WordFence WordPress Security Plugin Pushes a Security Update
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out an important security update that ..
http://blog.sucuri.net/2014/09/security-disclosure-the-wordfence-wordpress-security-plugin-pushes-a-security-update.html
Multiple vulnerabilities in Cisco products
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3379
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3378
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3377
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3376
CosmicDuke and the latest political news
After we had published the CosmicDuke report in July 2014, we continued to actively follow the malware. Today, we discovered two new samples that both leverage timely, political topics to deceive the recipient into opening ..
http://www.f-secure.com/weblog/archives/00002745.html
Nuclear exploit kit - complete infection cycle
Zscaler ThreatLabZ has been seeing a steady increase in the Nuclear Exploit Kit (EK) traffic over the past few weeks. The detection of malicious activity performed by this EK remains low, due to usage of dynamic content and heavy ..
http://research.zscaler.com/2014/09/nuclear-exploit-kit-complete-infection.html
Web Scan looking for /info/whitelist.pac, (Fri, Sep 19th)
Nathan reported today that he has been seeing a new trend of web scanning against his webservers looking for /info/whitelist.pac. The scanning he has observed is over SSL. He has been ..
https://isc.sans.edu/diary.html?storyid=18675
Asterisk res_fax_spandsp Module Processing Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1030876
Asterisk SIP SUBSCRIBE Type Handling Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1030875
Android ist in Zukunft standardmässig verschlüsselt
Wie Google offiziell bekannt gegeben hat, wird die Verschlüsselungsfunktion in Android L erstmals ab Werk eingeschaltet sein.
http://futurezone.at/produkte/android-ist-in-zukunft-standardmaessig-verschluesselt/86.632.469
Advantech WebAccess Vulnerabilities
Researcher Ricardo Narvaja of Core Security Technologies has identified several buffer overflow vulnerabilities in Advantech's WebAccess application. Advantech has produced a patch that mitigates these vulnerabilities. The researcher has ..
https://ics-cert.us-cert.gov//advisories/ICSA-14-261-01
Bugtraq: CVE ID Syntax Change - Deadline Approaching
http://www.securityfocus.com/archive/1/533478
How to Detect SQL Injection Attacks
SQL Injection (SQLi) attacks have been around for over a decade. You might wonder why they are still so prevalent. The main reason is that they still work on quite a few web application targets. In fact, according to Veracode's 2014 State of Security Software Report , SQL injection vulnerabilities still ..
http://thehackernews.com/2014/09/how-to-detect-sql-injection-attacks.html
Hackerangriff auf Home Depot: 56 Millionen Kreditkarten betroffen
Hacker sind weiter auf Beutezug durch den US-Einzelhandel: Erst verschafften sie sich Zugriff auf rund 40 Millionen Bankkarten bei Target-Supermärkten, jetzt könnten bei der Baumarktkette Home Depot 56 Millionen Karten betroffen sein.
http://www.heise.de/security/meldung/Hackerangriff-auf-Home-Depot-56-Millionen-Kreditkarten-betroffen-2399827.html
Cloudflare: TLS-Verbindungen ohne Schlüssel sollen Banken schützen
Cloudflare bietet Kunden künftig ein neues Feature namens Keyless SSL, mit dem der Teil des TLS-Handshakes, der den privaten Schlüssel benötigt, ausgelagert werden kann. Damit können Unternehmen die Kontrolle über den Schlüssel behalten.
http://www.golem.de/news/cloudflare-tls-verbindungen-ohne-schluessel-sollen-banken-schuetzen-1409-109351.html
XSS: Cross-Site-Scripting über DNS-Records
Eine besonders kreative Variante einer Cross-Site-Scripting-Lücke macht auf der Webseite Hacker News die Runde: Mittels eines TXT-DNS-Records lässt sich auf zahlreichen Webseiten Javascript einfügen.
http://www.golem.de/news/xss-cross-site-scripting-ueber-dns-records-1409-109354.html