[CERT-daily] Tageszusammenfassung - Mittwoch 7-11-2012

Wed Nov 7 18:12:25 CET 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Dienstag 06-11-2012 18:00 − Mittwoch 07-11-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** Nachfolger für RFC-Ignorant.Org in Sicht ***
---------------------------------------------
Der Datenbestand der im Oktober außer Betrieb gegangenen Anti-Spam-Blacklist RFC-Ignorant.Org wird unter RFC-Ignorant.de bei einem neuen Hoster weitergepflegt.
---------------------------------------------
http://www.heise.de/security/meldung/Nachfolger-fuer-RFC-Ignorant-Org-in-Sicht-1744059.html/from/atom10


*** Epic FAIL: Anonymous didnt hack PayPal, managed to frighten Oz hippies ***
---------------------------------------------
#OpNov5 pyrotechnics disappear in puff of smoke The smoke has cleared from Anonymouss Bonfire Night hacking spree with a denial from PayPal that it had been hacked. The payments-processing firm appeared to have been highest profile target of the hacking spree, but apparently this was an error caused by the tweeting and retweeting of an erroneous post by a cyber security blogger.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/06/anon_opnov5_update/


*** Adobe Ships Election Day Security Update for Flash ***
---------------------------------------------
Adobe has released a critical security update for its Flash Player and Adobe AIR software that fixes at least seven dangerous vulnerabilities in these products. Updates are available for Windows, Mac, Linux and Android systems.
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/czXcgBruHcM/


*** Volunteering falls short on threat information sharing ***
---------------------------------------------
"Critical infrastructure security apparently has its own version of Dont Ask, Dont Tell, despite calls in the public and private sector for better information sharing. And this one goes both ways. The private sector is not telling the government about its vulnerabilities, and government is also keeping threat and vulnerability information from the private sector...."
---------------------------------------------
http://www.csoonline.com/article/720881/volunteering-falls-short-on-threat-information-sharing


*** [remote] - EMC Networker Format String ***
---------------------------------------------
EMC Networker Format String
---------------------------------------------
http://www.exploit-db.com/exploits/22525


*** Cisco Security Advisory: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability ***
---------------------------------------------
Cisco Secure Access Control System TACACS+ Authentication Bypass
Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs
---------------------------------------------


*** Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue ***
---------------------------------------------
Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2)
Virtual Security Gateway Bypass Issue

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20121107-n1k
---------------------------------------------