End-of-Shift report
Timeframe: Dienstag 09-06-2015 18:00 − Mittwoch 10-06-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Multiple vulnerabilities in Cisco products
http://tools.cisco.com/security/center/viewAlert.x?alertId=39256
http://tools.cisco.com/security/center/viewAlert.x?alertId=39257
http://tools.cisco.com/security/center/viewAlert.x?alertId=39240
MS15-JUN - Microsoft Security Bulletin Summary for June 2015 - Version: 1.0
https://technet.microsoft.com/en-us/library/security/MS15-JUN
VMSA-2015-0004
VMware Workstation, Fusion and Horizon View Client updates address critical security issues ..
http://www.vmware.com/security/advisories/VMSA-2015-0004.html
Vawtrak Uses Tor2Web making hard to track down its servers
Security experts at Fortinet uncovered a new strain of the Vawtrak banking Trojan is implementing an obscuring mechanism based on the Tor2Web service. The authors of the banking Trojan Vawtrak are adopting a new tactic to hide the ..
http://securityaffairs.co/wordpress/37682/malware/vawtrak-uses-tor2web.html
iOS und OS X: Apple könnte HTTPS für Apps erzwingen
Entwickler von Apps für iOS und OS X sollten "so schnell wie möglich" auf sichere Verbindungen per HTTPS wechseln, empfiehlt Apple. Das Unternehmen könnte die Verschlüsselung gar für die Aufnahme im App Store erzwingen.
http://www.golem.de/news/ios-und-os-x-apple-koennte-https-fuer-apps-erzwingen-1506-114581.html
Schlag gegen internationale Bande von Cyber-Kriminellen in Europa
http://derstandard.at/2000017259662
N-Tron 702W Hard-Coded SSH and HTTPS Encryption Keys
This advisory provides mitigation details for hard-coded SSH and HTTPS encryption keys in the N-Tron 702-W Industrial Wireless Access Point device.
https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01
Sinapsi eSolar Light Plaintext Passwords Vulnerability
This advisory provides mitigation details for plain text passwords in the Sinapsi eSolar Light application.
https://ics-cert.us-cert.gov/advisories/ICSA-15-160-02
Adobe, Microsoft Issue Critical Security Fixes
Adobe today released software updates to plug at least 13 security holes in its Flash Player software. Separately, Microsoft pushed out fixes for at least three dozen flaws ..
http://krebsonsecurity.com/2015/06/adobe-microsoft-issue-critical-security-fixes-4
The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns
Kaspersky Lab uncovers Duqu 2.0 � a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities.
http://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/
Duqu 2.0
In our full report, available at
http://www.crysys.hu/duqu2/duqu2.pdf, we point out numerous similarities that we discovered between Duqu and Duqu 2.0, ..
http://blog.crysys.hu/2015/06/duqu-2-0/
Microsoft pusht HTTPS beim Internet Explorer und Edge-Webbrowser
Ab sofort sollen der Internet Explorer und Webbrowser von Windows 10 Edge das verschlüsselte Surfen über HTTPS vorantreiben. Dafür hat Microsoft jetzt Updates verteilt, die HSTS einführen.
http://heise.de/-2687051
Xen Security Advisory CVE-2015-3209 / XSA-135
The QEMU security team has predisclosed the following advisory: pcnet_transmit loads a transmit-frame descriptor from the guest into the /tmd/ local variable to recover a length field, a status field and a guest-physical location of the associated ..
http://www.openwall.com/lists/oss-security/2015/06/10/3
Russische Hacker sollen hinter Cyber-Angriff auf TV-Sender stecken
Nicht – wie bisher angenommen – der Islamistischer Staat (IS), sondern russische Profi-Hacker sollen im April den Sendebetrieb von TV5 lahm gelegt haben. Die platzierte IS-Propaganda sei möglicherweise nur ein Täuschungsmanöver gewesen.
http://heise.de/-2687434