End-of-Shift report
Timeframe: Freitag 27-03-2015 18:00 − Montag 30-03-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
iOS, OS X Library AFNetwork Patches MiTM Vulnerability
Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.
http://threatpost.com/ios-os-x-library-afnetwork-patches-mitm-vulnerability/111870
Cisco Unified Call Manager Arbitrary File Retrieval Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38079
Privilege Escalation in TYPO3 Neos
http://www.typo3.org/news/article/privilege-escalation-in-typo3-neos/
Offenbar schwerwiegendes Datenleck bei Uber
Offenbar kursieren im Dark Web zurzeit Zugangsdaten zu Tausenden von Nutzerkonten des Fahrdienstes Uber. Diese werden zu Spottpreisen von mehreren Anbietern laut Motherboard verhökert. Die Datensätze enthalten demnach Benutzername, Passwort und die letzten Ziffern, sowie das Verfallsdatum der ..
http://derstandard.at/2000013594365
British Airways: Hacker hatten Zugriff auf Bonusmeilen
In einem offenbar automatisierten Angriff auf Konten des British Airways Executive Club ist es Einbrechern möglicherweise gelungen, die Bonusmeilen einiger Kunden abzugreifen.
http://www.golem.de/news/british-airways-hacker-hatten-zugriff-auf-bonusmeilen-1503-113231.html
Announcing tlscompare.org
As part of an ongoing project on increasing TLS security we are today announcing
https://tlscompare.org This webpage is about evaluating a massive extension of the ruleset for HTTPSEverywhere, a browser extension for Chrome and Firefox which ..
https://www.sba-research.org/2015/03/30/announcing-tlscompare-org/
Newsletter 3.7.0 - Open Redirect
https://wpvulndb.com/vulnerabilities/7868
Projekt-Hosting: Tagelanger DDoS-Angriff auf Github
Seit Donnerstag läuft die grösste DDoS-Attacke auf Github seit dem Entstehen des Dienstes. Experten vermuten, der Angriff gehe von chinesische Behörden aus, bestätigt wird das durch den Projekt-Hoster aber nicht.
http://www.golem.de/news/projekt-hosting-tagelanger-ddos-angriff-auf-github-1503-113242.html
Security Attacks via Malicious QR Codes
With the increasing use of smartphones, QR codes are becoming popular. Recently, WhatsApp launched its web version, which needs QR code scanning to access the web version of WhatsApp. So, many people now know what QR code is, but still more are unaware. It is very similar to a bar code we ..
http://resources.infosecinstitute.com/security-attacks-via-malicious-qr-codes/
OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=36956
Ad Networks Ripe for Abuse Via Malvertising
Criminals have found a safe haven abusing legitimate processes, such as real-time bidding, implemented by online advertising networks to move exploits and malware, and build botnets and fraud campaigns.
http://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840
WordPress Plugin - Revslider update captions CSS file critical vulnerability
Today being another day at work for SecureLayer7 to recover our client's defaced website, and bang I think I hit upon a nasty vulnerability of a famous plugin. Although we successfully patched the vulnerability and we fixed the undoing of the blacklisting. On further research I stumbled ..
http://blog.securelayer7.net/wordpress-plugin-revslider-update-captions-css-file-critical-vulnerability/