End-of-Day report
Timeframe: Freitag 27-12-2019 18:00 - Montag 30-12-2019 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Lesser-known Tools for Android Application PenTesting
Over time, I became familiar with the different tools, popular or not, that helped me in my assessments. In this post, I-ll list down these not-so-popular tools (in my opinion based on the different sources and blogs that I have read where these tools were not mentioned) that I-m using during my engagements.
https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html
36C3: Vertraue keinem Bluetooth-Gerät - schon gar nicht im vernetzten Auto
Bei Chips zur drahtlosen Datenübertragung etwa via Bluetooth gibt es massive Sicherheitslücken. Bei geteilten Antennen lässt sich etwa WLAN ausknipsen.
https://heise.de/-4624388
Vulnerabilities
Trend Micro AntiVirus für Mac: Schwachstelle ermöglicht Manipulation von Dateien
Trend Micro AntiVirus ist eine Anti-Viren-Software.
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/2019/12/warnmeldung_tw-t19-0192.html
Security updates for Friday
Security updates have been issued by SUSE (dia, kernel, and libgcrypt).
https://lwn.net/Articles/808135/
Security updates for Monday
Security updates have been issued by Debian (debian-lan-config, freeimage, imagemagick, libxml2, mediawiki, openssl1.0, php5, and tomcat8).
https://lwn.net/Articles/808234/
Intel SPS vulnerability CVE-2019-11109
https://support.f5.com/csp/article/K54164678