End-of-Shift report
Timeframe: Freitag 20-11-2015 18:00 − Montag 23-11-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-tvcs
Command and Control Server Detection: Methods & Best Practices
Botnet C&C servers issue commands in many ways Recently I discussed botnets and the way they represent an ongoing and evolving threat to corporate IT security. This time I'll be discussing ..
https://www.alienvault.com/blogs/security-essentials/command-and-control-server-detection-methods-best-practices
Cisco Networking Services Sensitive Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151120-ns
Deepsec: ZigBee macht Smart Home zum offenen Haus
ZigBee-Funknetze weisen nach neuen Erkenntnissen von Sicherheitsforschern eklatante Sicherheitsmängel auf. Die Technik wird beispielsweise bei der Steuerung von Türschlössern eingesetzt.
http://heise.de/-3010287
Blackberry Offers Lawful Device Interception Capabilities
An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" ..
http://yro.slashdot.org/story/15/11/22/0048205/blackberry-offers-lawful-device-interception-capabilities
JW Player 6 Plugin for Wordpress <= 2.1.14 - Authenticated Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8260
DSA-3401 openjdk-7 - security update
It was discovered that rebinding a receiver of a direct method handlemay allow a protected method to be accessed.
https://www.debian.org/security/2015/dsa-3401
Bugtraq: Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
http://www.securityfocus.com/archive/1/536951
Data breach at firm that manages Cisco, Microsoft certifications
Pearson VUE says credentials manager product affected Cisco, IBM, Oracle and Microsofts certification management provider, Pearson VUE, has copped to a data breach following a malware ..
www.theregister.co.uk/2015/11/23/pearson_vue_data_breach_pcm/
Ist hier jemand Dell-Kunde? Die shippen anscheinend ...
Ist hier jemand Dell-Kunde? Die shippen anscheinend eine Backdoor-CA mit ihrem Windows.Aber, mal unter uns, wer sich irgendeinen PC kauft und nicht als erstes das Windows wegschmeisst und frisch neu installiert, dem ist eh nicht zu helfen.Daher war das ja ..
http://blog.fefe.de/?ts=a8adce6b
WP Database Backup <= 3.3 - Authenticated Persistent Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8275
Pornography - A Favorite Costume For Android Malware
30% of Internet traffic is in some way related to pornography and this is the primary reason why malware authors are using porn apps to infect large numbers of users. During recent data mining, we noticed an increasing volume of mobile malware using pornography (disguised as porn apps) to lure victims into different scams ..
http://research.zscaler.com/2015/11/pornography-favorite-costume-for.html