End-of-Shift report
Timeframe: Montag 25-01-2016 18:00 − Dienstag 26-01-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of the Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. This vulnerability applies to all Permanent Web Links ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-ucce
Cisco Application Policy Infrastructure Controller Enterprise Module SNMP Hostname Cross-Site Scripting Vulnerability
A vulnerability in the Simple Network Management Protocol (SNMP) query process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-api
DSA-3453 mariadb-10.0 - security update
https://www.debian.org/security/2016/dsa-3453
Symantec partner caught running tech support scam
Tech support scammers are known for their cheek -- making unfounded claims that PCs are infected to scare consumers into parting with their money -- but a Symantec partner took nerve to a new level, a security company claimed last week.According to San Jose, Calif.-based Malwarebytes, Silurian ..
http://www.cio.com/article/3026356/security/symantec-partner-caught-running-tech-support-scam.html
Pentest Time Machine: NMAP + Powershell + whatever tool is next
Early on in many penetration test or security assessment, you will often find yourself wading through what seems like hundreds or thousands of text files, each seemingly hundreds or thousands of pages long (likely because they are). One ..
https://isc.sans.edu/diary.html?storyid=20653&
Appointment Booking Calendar <= 1.1.23 - Unauthenticated SQL Injection
https://wpvulndb.com/vulnerabilities/8366
PDF-Reader Foxit Reader für Schadcode anfällig
Neue Versionen sichern Foxit PhantomPDF und Foxit Reader ab. Beide Anwendungen lassen sich aus der Ferne attackieren und Angreifer können eigenen Code auf Computer schleusen.
http://heise.de/-3084161
Carsharing-Anbieter: Phishing-Angriff auf Car2go-Nutzer
Wer von einem Onlinedienst zur 'Verifizierung' von Daten aufgerufen wird, sollte immer vorsichtig sein. Aktuell läuft eine Phishing-Kampagne gegen Nutzer des Carsharing-Angebots von Daimler.
http://www.golem.de/news/carsharing-anbieter-phishing-angriff-auf-car2go-nutzer-1601-118742.html
Sicherheitsupdate für OpenSSL steht an
Neue OpenSSL-Versionen sollen zwei Sicherheitslücken schließen. Den Schweregrad einer Schwachstelle stuft das OpenSSL-Team mit hoch ein.
http://heise.de/-3084227
WP Easy Gallery <= 4.1.4 - Reflected Cross-Site Scripting (XSS)
https://wpvulndb.com/vulnerabilities/8367
Curve25519/Curve447: Neue elliptische Kurven von der IETF
Die Krypto-Arbeitsgruppe der IETF hat RFC 7748 veröffentlicht. Darin spezifiziert sind die zwei elliptischen Kurven Curve25519 und Curve447. Die Einigung ist das Ergebnis einer langen Diskussion.
http://www.golem.de/news/curve25519-curve447-neue-elliptische-kurven-von-der-ietf-1601-118754.html
Battling Business Email Compromise Fraud: How Do You Start?
In May 2014, an accountant to a Texas manufacturing firm received an email from a familiar correspondent, his company's CEO. The email instructed him to wait for a call from a partner company and warned against sharing the email to anyone ..
http://blog.trendmicro.com/trendlabs-security-intelligence/battling-business-email-compromise-fraud-how-do-you-start/
Oracle Pushes Java Fix: Patch It or Pitch It
Oracle has shipped an update for its Java software that fixes at least eight critical security holes. If you have an affirmative use for Java, please update to the latest version; if youre not sure why you have Java installed, its high time to remove the program once and for all.
http://krebsonsecurity.com/2016/01/oracle-pushes-java-fix-patch-it-or-pitch-it/
Symantec detects 3,500 servers infected with a malicious script
Symantec reported the worldwide infection of 3,500 public servers with a malicious script that redirects its victims to other compromised websites and said it believes could be part of a recon effort for future attacks.
http://www.scmagazine.com/symantec-detects-3500-servers-infected-with-a-malicious-script/article/467340/
Nach dem Hack: Vtech geht wieder ein bisschen online
Der Spielzeughersteller Vtech wurde Ende vergangenen Jahres wegen großer Sicherheitsmängel kritisiert und nahm daraufhin viele seiner Dienste vom Netz. Jetzt gehen einige Produkte wieder online - bei der Security will das Unternehmen dazugelernt haben.
http://www.golem.de/news/nach-dem-hack-vtech-geht-wieder-ein-bisschen-online-1601-118762.html