End-of-Shift report
Timeframe: Dienstag 21-07-2015 18:00 − Mittwoch 22-07-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
WP-CLI Guide: Secure WordPress Backup and Update
Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your SSH credentials and use WP-CLI to connect to your website over the command line. Before we get into changing anything, we'll show you how to back up your database and compress...
https://blog.sucuri.net/2015/07/wp-cli-guide-secure-wordpress-backup-update.html
Exclusive: Visa application portal closed following SC Magazine investigation
VFS Global closes visa application portal following SC Magazine investigation. Editable Schengen visa application forms accessed FOUR DAYS after operating company VFS Global said a vulnerability had been fixed.
http://www.scmagazine.com/exclusive-visa-application-portal-closed-following-sc-magazine-investigation/article/427675/
Free security tools help detect Hacking Team malware
Vulnerabilities and other threats exposed in the Hacking Team leaks has spurred Rook Security and Facebook to each release free security tools.
http://www.scmagazine.com/rook-security-facebook-release-free-security-tools-in-response-to-hacking-team-leaks/article/427682/
"Super-Spion": Android-Überwachungssoftware von Hacking Team nutzt allerhand schmutzige Tricks
Eine Analyse der Spionage-App RCSAndroid zeigt umfassende Ausspähfunktionen auf. Die Infektion erfolgt über Exploits - und möglicherweise auch Google Play.
http://heise.de/-2759365
Introduction to Alternate Data Streams
In this post, we defined what is an alternate data stream (ADS), showed how it can be created and read, and how one can remove unwanted ADS.Categories: All Things DevTags: adsalternate data streamsPieter Arntzpowershellstreams(Read more...)
https://blog.malwarebytes.org/development/2015/07/introduction-to-alternate-data-streams/
Think your website isn't worth anything to hackers? Think again
Have you ever thought about the cost of your website compromise?
https://www.htbridge.com/blog/think-your-website-isn-t-worth-anything-to-hackers-think-again.html
l+f: Falsche Microsoft-Techniker simulieren falsche Bluescreens
Die Telefonabzocker, die sich als Microsoft-Techniker ausgeben, haben sich eine neue Masche überlegt - und sind jetzt auch telefonisch erreichbar.
http://heise.de/-2760509
DFN-CERT-2015-1107: FreeBSD, Transmission Control Protocol (TCP): Eine Schwachstelle erlaubt einen Denial-of-Service-Angriff
Eine Schwachstelle im Transmission Control Protocol (TCP) der TCP/IP Protocol Suite ermöglicht einem entfernten, nicht authentisierten Angreifer einen kompletten Denial-of-Service-Zustand zu bewirken.
Von der Schwachstelle sind alle derzeit unterstützten FreeBSD-Versionen betroffen. Sicherheitsupdates stehen bereit.
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1107/
IBM Security Bulletins
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us
Cisco IOS XR Concurrent Data Management Replication Process BGP Process Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40067
Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=40021
[R1] PHP < 5.4.43 Vulnerability Affects Tenable SecurityCenter
http://www.tenable.com/security/tns-2015-09
Hospira Symbiq Infusion System Vulnerability
This advisory was originally posted to the US-CERT secure Portal library on June 23, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory provides compensating measures for a vulnerability in the Hospira Symbiq Infusion System.
https://ics-cert.us-cert.gov/advisories/ICSA-15-174-01
Counter-Strike 1.6 GameInfo Query Reflection DoS
Topic: Counter-Strike 1.6 GameInfo Query Reflection DoS Risk: Medium Text:#!/usr/bin/perl # # Counter-Strike 1.6 GameInfo Query Reflection DoS # Proof Of Concept # # Copyright 2015 (c) Todor ...
http://cxsecurity.com/issue/WLB-2015070103