Tageszusammenfassung - Dienstag 23-08-2016

End-of-Shift report

Timeframe: Montag 22-08-2016 18:00 − Dienstag 23-08-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Vuln: WordPress CVE-2016-6897 Cross Site Request Forgery Vulnerability

http://www.securityfocus.com/bid/92572

---

Juniper Acknowledges Equation Group Targeted ScreenOS

Juniper Networks on Friday acknowledged that implants contained in the ShadowBrokers data dump target NetScreen firewalls running ScreenOS.

http://threatpost.com/juniper-acknowledges-equation-group-exploits-target-screenos/120042/

---

Obihai Patches Memory Corruption, DoS, CSRF Vulnerabilities in IP Phones

Obihai Technology recently patched a slew of issues in its ObiPhone IP phone products that could have led to memory corruption, a buffer overflow, and denial of service conditions, among other outcomes.

http://threatpost.com/obihai-patches-memory-corruption-dos-csrf-vulnerabilities-in-ip-phones/120061/

---

Vuln: PHP php_quot_print_encode() Function Integer Overflow Vulnerability

http://www.securityfocus.com/bid/92588

---

shellray. a php webshell detector

nimbusec shellray ist ein kostenloser Online Webshell Detector für .php-Dateien.

https://shellray.com/de/

---

Voice Message Notifications Deliver Ransomware

Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working ..

https://isc.sans.edu/diary.html?storyid=21397

---

Security Notice - Statement About Toolkit Released by Shadow Brokers

http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20160823-01-shadowbrokers-en

---

'Sicherheits-Check' bei Bank Austria-Kunden

Eine falsche Bank Austria-Mail ist im Umlauf. Darin behaupten Kriminelle, dass Kund/innen einen Sicherheits-Check durchführen müssen. Aus diesem ..

https://www.watchlist-internet.at/phishing/sicherheits-check-bei-bank-austria-kunden/

---

Sandscout: Angriff auf Apples Sandkasten

Im Sicherheitsvergleich mit Android schneidet iOS meist besser ab. In einem aktuellen Versuch gelang es Forschern aber, einen erfolgreichen Angriff auf die Sandboxing-Funktion von iOS-Apps durchzuführen.

http://www.golem.de/news/sandscout-angriff-auf-apples-sandkasten-1608-122856.html

---

Timing of Browser-Based Security Alerts Could Be Better

New academic research shows that security warnings should be better timed to pop up when computers users are less likely to be multitasking.

http://threatpost.com/timing-of-browser-based-security-alerts-could-be-better/120070/