End-of-Shift report
Timeframe: Freitag 02-10-2015 18:00 − Montag 05-10-2015 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
Two Games Released in Google Play Can Root Android Devices
By Wish Wu, Ecular Xu Android malware creators have recently been mixing business with play. We found two malicious gaming apps that were published on Google Play and are capable of rooting Android devices. If the apps Brain Test and RetroTetris ring a bell, better check your devices. RetroTetris can be installed in Android versions starting from...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/uDbQy75DLZo/
VMware vCenter and ESXi updates address critical security issues.
Problem Description
a. VMware ESXi OpenSLP Remote Code Execution
b. VMware vCenter Server JMX RMI Remote Code Execution
c. VMware vCenter Server vpxd denial-of-service vulnerability
http://www.vmware.com/security/advisories/VMSA-2015-0007.html
Patreon crowdfunding site hacked and data leaked online
The Crowdfunding website Patreon has been hacked and about 15 gigabytes of data including names, addresses and donations have been published online. The data have been available on different servers online locations, including this source.
http://securityaffairs.co/wordpress/40665/cyber-crime/patreon-crowdfunding-hacked.html
Samsung Decides Not To Patch Kernel Vulnerabilities In Some S4 Smartphones
An anonymous reader writes: QuarksLAB, a security research company, has stumbled upon two kernel vulnerabilities for Samsung Galaxy S4 devices, which Samsung has decided to patch only for recent devices running Android Lollipop, but not Jelly Bean or KitKat. The two vulnerabilities (kernel memory disclosure and kernel memory corruption) were discovered in February 2014 and reported to Samsung in August 2014, affecting the samsung_extdisp driver of Samsung S4 (GT-I9500) devices.
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xM6Nt9ttxc4/samsung-decides-not-to-patch-kernel-vulnerabilities-in-some-s4-smartphones
Virus oder Impfstoff? WiFatch befällt Router und schützt vor Malware
"Linux.Wifatch" infiziert Router und mit dem Internet verbundene Geräte, bindet sie in ein Botnetz ein, entfernt Malware und stärkt sie gegen weiterere Infektion.
http://heise.de/-2837158
Zertifikats-Schmu bei Windows Update beunruhigt Nutzer
Zertifikate, mit denen Microsoft die SSL-Verbindungen zur Windows-Update-Webseite absichert und Dateien des Update-Prozesses signiert, sind nicht vertrauenswürdig. Das führt zu Warnungen und fehlgeschlagenen Updates.
http://www.heise.de/newsticker/meldung/Zertifikats-Schmu-bei-Windows-Update-beunruhigt-Nutzer-2837537.html?wt_mc=rss.ho.beitrag.rdf
IBM
IBM Security Bulletin: Vulnerabilities in WSS4J affects IBM Cúram (CVE-2015-0226 & CVE-2015-0227 )
http://www.ibm.com/support/docview.wss?uid=swg21964133
IBM Security Bulletin: Information disclosure vulnerability reported in IBM Emptoris Sourcing (CVE-2015-5024)
http://www.ibm.com/support/docview.wss?uid=swg21967255
IBM Security Bulletin: Multiple Cross-Site scripting vulnerabilities in IBM Business Process Manager dashboards (CVE-2015-4955)
http://www.ibm.com/support/docview.wss?uid=swg21966010
IBM Security Bulletin: IBM Cloud Manager with OpenStack Keystone Vulnerability (CVE-2015-3646)
http://www.ibm.com/support/docview.wss?uid=isg3T1022663
IBM GNU C library (glibc) vulnerabilities affect IBM SmartCloud Entry (CVE-2013-7423 CVE-2015-1781)
http://www.ibm.com/support/docview.wss?uid=isg3T1022665
Cisco
VoIPshield Reported Vulnerabilities in Cisco Unity Server
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20081008-unity
Cisco Secure ACS Denial Of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20080903-csacs
Wide Area Application Services (WAAS) Common UNIX Printing System (CUPS) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20080625-waas