Tageszusammenfassung - Freitag 30-01-2015
End-of-Shift report
Timeframe: Donnerstag 29-01-2015 18:00 − Freitag 30-01-2015 18:00 Handler: Robert Waldner Co-Handler: Alexander RieplThe Vast World of Fraudulent Routing
As network security engineers have attempted to categorize blocks of IP addresses associated with spam or malware for subsequent filtering at their firewalls, the bad guys have had to evolve to continue to target their victims. Since routing ...http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/
Neue Outlook-App: Microsoft liest auch bei Firmenmails mit
Neue App für Android und iOS mit zweifelhafter Funktionalität - Exchange- und iCloud-Passwörter online gespeicherthttp://derstandard.at/2000011053283
The Internet of Dangerous Things
Distributed denial-of-service (DDoS) attacks designed to silence end users and sideline Web sites grew with alarming frequency and size last year, according to new data released this week. Those findings dovetail quite closely with ..http://krebsonsecurity.com/2015/01/the-internet-of-dangerous-things/
Microsoft Publishes Information Sharing Guidelines
Microsoft publishes a framework and guidelines on how to effectively set up and operate threat information sharing exchanges in hopes that organizations will actually share data.http://threatpost.com/microsoft-publishes-information-sharing-guidelines/110740
Blubrry PowerPress <= 6.0 - Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/7773
Honeywell HART DTM Vulnerability
This advisory provides mitigation details for an improper input vulnerability in the CodeWrights GmbH HART ..https://ics-cert.us-cert.gov//advisories/ICSA-15-029-01
Multiple vulnerabilities in Cisco WebEx Meetings
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0597 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0596 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0595
D-Link routers vulnerable to DNS hijacking
Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Links DSL-2740R ADSL modem/wireless router. The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE, he noted ... Donev hasnt notified D-Link of this flaw, but has released exploit code for the flaw in a security advisory.http://www.net-security.org/secworld.php?id=17888
Drei neue Versionen von Safari: Sicherheitslücken geschlossen
Für OS X 10.10, OS X 10.9 und OS X 10.8 stehen Updates für den Apple-Browser zur Verfügung. Sie beheben vor allem Sicherheitslücken.Nearly half of all DDoS attacks uses multiple attack vectors
Akamai released a new security report that provides analysis and insight into the global attack threat landscape including DDoS attacks. Akamai observed a 52 percent increase in average peak band...http://www.net-security.org/secworld.php?id=17896
GHOST glibc Vulnerability Affects WordPress and PHP applications
... security researchers have discovered that PHP applications, including the WordPress Content Management System (CMS), could also be affected by the bug. ... According to the Sucuri researcher Marc-Alexandre Montpas, GHOST vulnerability could be a big issue for WordPress CMS, as it uses wp_http_validate_url() function to validate every pingback post URL.http://thehackernews.com/2015/01/ghost-linux-security-vulnerability_29.html
BMW-Patzer schürt Angst vor Hackerangriffen auf Autos
Schwachstelle beim deutschen Autohersteller inzwischen behoben -http://derstandard.at/2000011080438
We got hacked! Now what?
Almost a year ago, I experienced my first real security incident. The companys bulletin board was compromised and it was my job to oversee and coordinate the incident response. The teams and I where pretty much thrown into the cold water, as weve never experienced an incident of that size before.https://www.hashtagsecurity.com/we-got-hacked-now-what/