[CERT-daily] Tageszusammenfassung - Dienstag 2-10-2012

Daily end-of-shift report team at cert.at
Tue Oct 2 18:04:42 CEST 2012


=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 01-10-2012 18:00 − Dienstag 02-10-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** SQL Injection bei Trend Micro Control Manager ***
---------------------------------------------
Ein Update beseitigt eine SQL-Injection-Lücke in Trends Security-Management-Plattform.
---------------------------------------------
http://www.heise.de/security/meldung/SQL-Injection-bei-Trend-Micro-Control-Manager-1721234.html/from/atom10




*** Cisco CallManager vulnerable to brute force attack ***
---------------------------------------------
"Roberto Suggi Liverani, founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager)...."
---------------------------------------------
http://thehackernews.com/2012/10/cisco-callmanager-vulnerable-to-brute.html




*** Expert fingers DDoS toolkit used in bank cyberattacks ***
---------------------------------------------
"Cyberattackers who disrupted the websites of U.S. banks over the last two weeks used a highly sophisticated toolkit -- a finding that points to a well-funded operation, one security vendor said on Monday. Prolexic Technologies said the distributed denial of service (DDoS) toolkit called itsoknoproblembro was used against some of the banks which included Wells Fargo, U.S. Bank, PNC Bank, Bank of America and JPMorgan Chase. Each of the banks was struck on separate days...."
---------------------------------------------
http://www.csoonline.com/article/717727/expert-fingers-ddos-toolkit-used-in-bank-cyberattacks




*** IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force ***
---------------------------------------------
Topic: IBM Lotus Notes Traveler 8.5.3 XSS & CSRF & Brute Force Risk: Low Text:I want to warn you about Brute Force, Cross-Site Scripting, Cross-Site Request Forgery and Redirector vulnerabilities in IBM ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Gq2FiubAbh0/WLB-2012100020




*** Switchvox Asterisk 5.1.2 Cross Site Scripting ***
---------------------------------------------
Topic: Switchvox Asterisk 5.1.2 Cross Site Scripting Risk: Low Text:Title: Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/KtK8D-i6E-o/WLB-2012100019




*** OPlayer 2.0.05 iOS Cross Site Scripting ***
---------------------------------------------
Topic: OPlayer 2.0.05 iOS Cross Site Scripting Risk: Low Text:Title: OPlayer v2.0.05 iOS - Multiple Web Vulnerabilities Date: == 2012-10-01 References: == http://www....
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/NytSNRlZ814/WLB-2012100018




*** GTA UTM Firewall GB 6.0.3 Cross Site Scripting ***
---------------------------------------------
Topic: GTA UTM Firewall GB 6.0.3 Cross Site Scripting Risk: Low Text:Title: GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: == 2012-09-10 References: == http:...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/vljvCj4a1PU/WLB-2012100017




*** DDoS attacks reach new level of sophistication ***
---------------------------------------------
"Prolexic Technologies warned of an escalating threat from unusually large and highly sophisticated DDoS attacks. The DDoS attacks have been launched in the last week using the so-called itsoknoproblembro DDoS toolkit. The malicious actor(s) behind the attacks have used this potent tool in conjunction with sophisticated attack methods that clearly demonstrate knowledge of common DDoS mitigation methods...."
---------------------------------------------
http://www.net-security.org/secworld.php?id=13704




*** How a single spam from China ended up as an attack on the White House ***
---------------------------------------------
"FoxNews leads today with a dramatic story entitled "Washington confirms Chinese hack attack on White House computer."In other important news, experts confirmed that there was a "high probability" that tomorrow, 03 October 2012, due to the rotation of the earth on its axis, the sun would once again give the impression of rising in the East. They also claimed that dinosaurs would "in all likelihood" continue in their state of alleged extinction.(You read it
---------------------------------------------
http://nakedsecurity.sophos.com/2012/10/02/how-a-single-spam-from-china-ended-up-as-an-attack-on-the-white-house/




*** Bugtraq: CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9 ***
---------------------------------------------
CVE-2012-3819: Stack Overflow in DartWebserver.dll <= 1.9
---------------------------------------------
http://www.securityfocus.com/archive/1/524273




*** [papers] - A Pentesters Guide to Hacking OData ***
---------------------------------------------
A Pentesters Guide to Hacking OData
---------------------------------------------
http://www.exploit-db.com/download_pdf/21664




*** PCI Security Standard: Mobile Payment Acceptance Security Guidelines, (Tue, Oct 2nd) ***
---------------------------------------------
What would Cyber Security Awareness Month with a Standards theme be without discussing some semblance of PCI-related content? Carefully avoiding the debate over the benefits and drawback of PCI DSS, Ill instead focus on a recent read with a quick summary of PCI Mobile Payment Acceptance Security Guidelines for Developers. This guideline hit my radar on 14 SEP courtesy of Ians Dragon News Bytes and was intriguing as I had just published Mobile application security best practices in a BYOD world
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14206&rss




*** Bugtraq: [security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information ***
---------------------------------------------
[security bulletin] HPSBST02818 SSRT100960 rev.1 - HP IBRIX X9000 Storage, Remote Disclosure of Information
---------------------------------------------
http://www.securityfocus.com/archive/1/524275






More information about the Daily mailing list