End-of-Shift report
Timeframe: Donnerstag 27-08-2015 18:00 − Freitag 28-08-2015 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Security Update: Hotfix Available for ColdFusion (APSB15-21)
A Security Bulletin (APSB15-21) has been published regarding a hotfix for ColdFusion. This hotfix addresses an important vulnerability that could result in information disclosure. Adobe recommends users apply the hotfix using the instructions provided ..
https://blogs.adobe.com/psirt/?p=1262
DSA-3344 php5 - security update
https://www.debian.org/security/2015/dsa-3344
Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability
A vulnerability in the Cisco Identity Services Engine (ISE) guest portal could allow an unauthenticated, remote attacker to view a customized page on the guest portal. The vulnerability is due to lack of access control for the uploaded HTML files. An attacker could exploit this vulnerability ..
http://tools.cisco.com/security/center/viewAlert.x?alertId=40691
BitTorrent kills bug that turns networks into a website-slaying weapon
Reflective technique would let attacker amplify traffic and flood targets BitTorrent has fixed a flaw in its technology that quietly turns file-sharing networks into weapons ..
www.theregister.co.uk/2015/08/28/bittorrent_blasts_bug/
Google makes it official: Chrome will freeze Flash ads on sight from Sept 1
Browser to make most stuff click-to-play by default Google is making good on its promise to strangle Adobe Flashs ability to ..
www.theregister.co.uk/2015/08/28/google_says_flash_ads_out_september/
BSI warnt vor Risiko bei Intels Fernwartungstechnik AMT
Das Bundesamt für Sicherheit in der Informationstechnik rät dazu, die Konfiguration von Notebooks und Desktop-PCs mit Intels Active Management Technology zu prüfen: Bei manchen ..
http://heise.de/-2792791
Business Email Scams: A Growing Threat
Business Email Scams: is that email from the CEO asking for a wire transfer the real deal? Learn to spot ..
https://blog.malwarebytes.org/online-security/2015/08/business-email-scams-a-growing-threat/
Moxa SoftCMS Buffer Overflow Vulnerabilities
This advisory provides mitigation details for buffer overflow vulnerabilities in the Moxa SoftCMS software package.
https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01
Siemens SIMATIC S7-1200 CSRF Vulnerability
This advisory provides mitigation details for Cross-Site Request Forgery vulnerability in the SIMATIC S7 1200 CPUs.
https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02
Innominate mGuard VPN Vulnerability
This advisory provides mitigation details for a denial-of-service vulnerability in the Innominate mGuard device
https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03
This PUP Alerts You of a Zombie Invasion
Apps are constantly created to address certain needs. The more helpful an app claims to be, especially in times of crisis, the more users would likely take interest in ..
https://blog.malwarebytes.org/online-security/2015/08/draft-this-pup-alerts-you-of-a-zombie-invasion/
Fake EFF site serving espionage malware was likely active for 3+ weeks
A spear-phishing campaign some researchers say is linked to the Russian government masqueraded as the Electronic Frontier Foundation in an attempt to infect targets with malware ..
http://arstechnica.com/security/2015/08/fake-eff-site-serving-espionage-malware-was-likely-active-for-3-weeks/