End-of-Shift report
Timeframe: Donnerstag 02-04-2015 18:00 − Freitag 03-04-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Website Malware - The SWF iFrame Injector Evolves
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invisible, ..
http://blog.sucuri.net/2015/04/website-malware-the-swf-iframe-injector-evolves.html
Audit Concludes No Backdoors in TrueCrypt
Auditors performing a cryptanalysis of TrueCrypt found four vulnerabilities, but zero backdoors in the popular open source encryption software.
http://threatpost.com/audit-concludes-no-backdoors-in-truecrypt/111994
Multiple vulnerabilities in Cisco products
http://tools.cisco.com/security/center/viewAlert.x?alertId=38194
http://tools.cisco.com/security/center/viewAlert.x?alertId=38193
http://tools.cisco.com/security/center/viewAlert.x?alertId=38210
The Fine Line Between Ad and Adware: A Closer Look at the MDash SDK
Just last month, there were reports that Google removed three apps from its Play Store as they were discovered to be adware in disguise. At the time of the discovery, the apps were said to have been downloaded into millions of devices, ..
http://blog.trendmicro.com/trendlabs-security-intelligence/the-fine-line-between-ad-and-adware-a-closer-look-at-the-mdash-sdk
VMSA-2015-0003
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
All in One SEO Pack <= 2.2.5.1 - Authentication Bypass
https://wpvulndb.com/vulnerabilities/7881
Schneider Electric VAMPSET Software Buffer Overflow Vulnerability
This advisory provides mitigation details for a vulnerability in the Schneider Electric VAMPSET software.
https://ics-cert.us-cert.gov//advisories/ICSA-15-092-01
SSH Fingerprints Are Important, (Fri, Apr 3rd)
Some years ago, I was preparing Cisco certification exams. I connected via SSH to a new Cisco router, and was presented with this familiar dialog: This made me think: before proceeding, I wanted to obtain the fingerprint out-of-band, via a trusted channel, so that I could verify it. So I took a ..
https://isc.sans.edu/diary.html?storyid=19543
Android Security - 2014 in Review
https://static.googleusercontent.com/media/source.android.com/en/us/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf