[CERT-daily] Tageszusammenfassung - Donnerstag 15-11-2012

Thu Nov 15 18:08:36 CET 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 14-11-2012 18:00 − Donnerstag 15-11-2012 18:00
Handler:     Matthias Fraidl
Co-Handler:  L. Aaron Kaplan

*** Battery-Powered Transmitter Could Crash A Citys 4G Network ***
---------------------------------------------
DavidGilbert99 writes "With a £400 transmitter, a laptop and a little knowledge you could bring down an entire citys high-speed 4G network. This information comes from research carried out in the U.S. into the possibility of using LTE networks as the basis for a next-generation emergency response communications system. Jeff Reed, director of the wireless research group at Virginia Tech, along with research assistant Marc Lichtman, described the vulnerabilities to the National
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/RXIyRXl8838/story01.htm


*** Hacker Grabs 150k Adobe User Accounts Via SQL Injection ***
---------------------------------------------
CowboyRobot writes "Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do, he
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/xRkFposRNps/story01.htm


*** Free hacking tool kits fuel cyber arms race ***
---------------------------------------------
"Ryan Linns hacks into corporate networks have become almost a matter of routine. On one recent morning, he woke up at his home near the Research Triangle in eastern North Carolina and walked down to an extra bedroom that he uses as an office. He sat at a workbench laden with computers, signed on to one of them and loaded a program called Metasploit...."
---------------------------------------------
http://www.smh.com.au/it-pro/security-it/free-hacking-tool-kits-fuel-cyber-arms-race-20121114-29bvb.html


*** Top 25 passwords of 2012 revealed ***
---------------------------------------------
"Just under a year ago we published a blog about the most popular passwords on the web as announced by security app company SplashData. The ranking is based on password information from compromised accounts posted by hackers online. This year, the list is back!..."
---------------------------------------------
http://blogs.avg.com/consumer/top-25-passwords-2012-revealed/?utm_source=AVG+Blogs&utm_medium=twitter


*** Obama segnet angeblich Direktive zur Cyber-Sicherheit ab ***
---------------------------------------------
US-Präsident Obama hat vor einigen Wochen eine geheime Anweisung unterzeichnet, die die Operationen der USA im Cyberspace neu regeln soll. Das berichtete die Washington Post und beruft sich auf mehrere Quellen, die sich jedoch nicht öffentlich dazu äußern dürften. 
---------------------------------------------
http://www.heise.de/security/meldung/Obama-segnet-angeblich-Direktive-zur-Cyber-Sicherheit-ab-1750416.html/from/atom10


*** NASA To Encrypt All of Its Laptops ***
---------------------------------------------
pev writes "After losing another laptop containing personal information, NASA wants to have all of its laptops encrypted within a months time with an intermediate ban of laptops containing sensitive information leaving its facilities. Between April 2009 and April 2011 it lost or had stolen 48 mobile computing devices. I wonder how it will be before other large organisations start following suit as a sensible precaution?"    Read more of this story at Slashdot.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/vvQZvrqrp34/story01.htm


*** Opera site served Blackhole malvertising, says antivirus firm ***
---------------------------------------------
No need to issue a press release, firm tells press Opera has suspended ad-serving on its portal as a precaution while it investigates reports that surfers were being exposed to malware simply by visiting the Norwegian browser firms home page.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/11/15/opera_blackhole/


*** Sicherheitsupdate für Mac Office 2008 und 2011 ***
---------------------------------------------
Microsoft hat in der Nacht zum Donnerstag für zwei Versionen seines Büropakets größere Aktualisierungen online gestellt. Laut Aussage des Konzerns beheben das Office 2008 for Mac 12.3.5 Update sowie Office for Mac 2011 14.2.5 signifikante Sicherheitslücken. 
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-Mac-Office-2008-und-2011-1750402.html/from/atom10


*** Bugzilla Informartion Leak & Cross Site Scripting ***
---------------------------------------------
Topic: Bugzilla Informartion Leak & Cross Site Scripting Risk: Medium Text:Summary = Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following securit...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/IoQFDSoFWoc/WLB-2012110102