[CERT-daily] Tageszusammenfassung - Montag 3-12-2012

Daily end-of-shift report team at cert.at
Mon Dec 3 18:05:12 CET 2012


=======================
= End-of-Shift report =
=======================
Timeframe:   Freitag 30-11-2012 18:00 − Montag 03-12-2012 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

*** Bugtraq: NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator ***
---------------------------------------------
NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator
---------------------------------------------
http://www.securityfocus.com/archive/1/524879




*** Schöne Bescherung - Hacker veröffentlicht Exploits für MySQL und SSH ***
---------------------------------------------
Der berüchtigte Hacker mit dem Pseudonym KingCope hat offenbar seine Altbestände ausgemistet und zum ersten Advent eine ganze Reihe von Exploits veröffentlicht, die zum Teil schon aus dem Jahr 2011 stammen. Primäres Ziel ist die mittlerweile von Oracle übernommene Open-Source-Datenbank MySQL; aber auch die SSH-Server der Firma SSH und FreeSSHd/FreeFTPd sind akut gefährdet.
---------------------------------------------
http://www.heise.de/security/meldung/Schoene-Bescherung-Hacker-veroeffentlicht-Exploits-fuer-MySQL-und-SSH-1760967.html/from/atom10





*** The top 25 computing coding errors that lead to 85% of criminal internet activity ***
---------------------------------------------
"The list is being hailed as a major breakthrough that should gradually make theInternet much safer. "When consumers see that most vulnerabilities are caused by amere 25 weaknesses, a new standard for due diligence is likely to emerge," saysKonrad Vesey, a member of the National Security Agencys Information AssuranceDirectorate...."
---------------------------------------------
http://www.sans.org/top25-software-errors/#s4





*** OurWebFTP 5.3.5 Cross Site Scripting ***
---------------------------------------------
Topic: OurWebFTP 5.3.5 Cross Site Scripting Risk: Low Text:HTTPCS Advisory : HTTPCS112 Product : OurWebFTP Version : 5.3.5 Page : /index.php Variables : mwb_control2=Enter&mw...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Z9CTYZ5_rmc/WLB-2012120027




*** Libsyn Cross Site Scripting ***
---------------------------------------------
Topic: Libsyn Cross Site Scripting Risk: Low Text:As you can see from my publications for last five years, I like holes which are placed at hundreds or millions of web sites. S...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/xmo2Up5J5oE/WLB-2012120026





*** FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities ***
---------------------------------------------
Topic: FortiWeb 4kC,3kC,1kC & VA Cross Site Vulnerabilities Risk: Low Text:Title: FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: == 2012-12-01 References: == http://...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/WC5HCX-SaKI/WLB-2012120022





*** Critical infrastructure systems should never have moved online, warn security experts ***
---------------------------------------------
"UK businesses linked to critical infrastructure areas have opened themselves up to cyber attacks by prematurely moving key systems online, according to prominent security experts. Co-founder of information security site The Jericho Forum, Paul Simmonds, highlighted the fact that the desire to cut costs by moving systems online has left firms vulnerable to cyber attacks."Im worried were rushing headlong into connecting parts of critical infrastructure items to the internet," ...
---------------------------------------------
http://www.v3.co.uk/v3-uk/news/2228538/critical-infrastructure-systems-should-never-have-moved-online-warn-security-experts




*** Blogger demonstrieren gewieften Passwortklau ***
---------------------------------------------
Mitarbeitern der Firma Neophasis haben herausgefunden, dass mit relativ einfachen Mitteln Passwörter und andere Nutzerdaten per JavaScript-Modifikationen aus Web-Browsern abgegriffen werden können. Dass der Diebstahl über eine oft genutzte Tastenkombination funktioniert, macht die Schwachstelle gefährlich.
---------------------------------------------
http://www.heise.de/security/meldung/Blogger-demonstrieren-gewieften-Passwortklau-1761237.html/from/atom10




*** Opera Web Browser 12.11 WriteAV Vulnerability ***
---------------------------------------------
Topic: Opera Web Browser 12.11 WriteAV Vulnerability Risk: Medium Text:Title : Opera Web Browser 12.11 WriteAV Vulnerability Version : 12.11 Build 1661 and 12.12 Date : 2012-12-03 Vend...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/bY9KoqQu62A/WLB-2012120031




*** Safety First: That Means Mobile Banking ***
---------------------------------------------
"The answer surprises; here is the question: Is it safer to bank using a desktop computer or an app on a mobile phone? The answer is that, all considered, you are vastly safer with that mobile banking app."Fraudsters go after the low-hanging fruit, and that is PC-based banking," said Andreas Baumhof, chief technology officer at ThreatMetrix, in an interview. There is substantially more traffic over online banking channels than there is mobile, and thus the keener interest of ...
---------------------------------------------
http://www.themobilityhub.com/author.asp?section_id=2262&doc_id=254931


More information about the Daily mailing list