[CERT-daily] Tageszusammenfassung - Dienstag 23-10-2012

Daily end-of-shift report team at cert.at
Tue Oct 23 18:14:39 CEST 2012


=======================
= End-of-Shift report =
=======================
Timeframe:   Montag 22-10-2012 18:00 − Dienstag 23-10-2012 18:00
Handler:     Robert Waldner
Co-Handler:  Matthias Fraidl

*** CyanogenMod protokolliert Sperrmuster ***
---------------------------------------------
Die Android-Firmware CyanogenMod protokolliert offenbar die zur Entsperrung des Smartphones verwendeten Wischmuster mit. Das hat ein Entwickler bemerkt und mit einem Mini-Patch abgestellt. CyanogenMod ist eine herstellerunabhängige Firmware für Android-Smartphones.
---------------------------------------------
http://www.heise.de/security/meldung/CyanogenMod-protokolliert-Sperrmuster-1733903.html/from/atom10




*** Google Drive öffnet Hintertür zum Google-Account ***
---------------------------------------------
Der Windows-Client von Googles Dropbox-Alternative Drive öffnet eine Hintertür in den Google-Account, durch die sich neugierige Mitmenschen unter Umständen Zugriff auf Mails, Kontakte und Termine des Drive-Nutzers verschaffen können.
---------------------------------------------
http://www.heise.de/security/meldung/Google-Drive-oeffnet-Hintertuer-zum-Google-Account-1734695.html/from/atom10




*** Trend Micro Report for Q3, 2012: Zero-Days, Mobile Malware and Phishing ***
---------------------------------------------
"Security firm Trend Micro has released its Security Roundup Report for the third quarter of 2012. The figures highlight the fact that the number of malicious elements designed to target Android devices has increased from 30,000 (in June) to almost 175,000 (in September). While some of them are designed to inflate phone bills and fill the crooks pockets, others pose a privacy threat...."
---------------------------------------------
http://news.softpedia.com/news/Trend-Micro-Report-for-Q3-2012-Zero-Days-Mobile-Malware-and-Phishing-301242.shtml




*** ENISA Midpoint Report: First European Cyber Security Month Is a Success ***
---------------------------------------------
"The European Network and Information Security Agency (ENISA) has released a midpoint report on the first European Cyber Security Month (ECSM) and the figures are highly encouraging. The campaign has already reached close to 2 million users on Facebook and judging by the upcoming events, it will reach a lot more in the following period. Hundreds of professionals and thousands of regular Internet users have already taken part in events hosted by Portugal, Spain, Norway, Luxemburg and
---------------------------------------------
http://news.softpedia.com/news/ENISA-Midpoint-Report-First-European-Cyber-Security-Month-Is-a-Success-301180.shtml




*** Vuln: Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability ***
---------------------------------------------
Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56113




*** Joomla SQLReport Password Disclosure ***
---------------------------------------------
Topic: Joomla SQLReport Password Disclosure Risk: Medium Text:Title:Password Disclosure Vulnerability Author:AsSerT && MetAiZM Vendor:Joomla Dork:inurl:com_sqlreport Disclosure: http...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/L88Vk3uNWlw/WLB-2012100197




*** Solar-power system flaws shine light on Smart Grid threats ***
---------------------------------------------
"The Homeland Security Department has issued an alert about vulnerabilities in a control system for solar electric systems that could allow unauthorized users to access to the system and execute malicious code. The equipment is sold by the Italian systems integrator Sinapsi, and although a proof-of-concept exploit has been published, no exploits have yet been reported in the wild. The alert is a reminder of the need to incorporate security into increasingly complex and interactive power
---------------------------------------------
http://gcn.com/blogs/cybereye/2012/10/solar-system-flaws-smart-grid-threats.aspx?s=gcndaily_231012




*** Adobe schließt kritische Shockwave-Lücken ***
---------------------------------------------
Adobe schließt mit der Shockwave-Version 11.6.8.638 für Windows und Mac OS X zahlreiche kritische Lücken, durch die ein Angreifer potenziell Schadcode ins System schleusen kann. Insgesamt sind den Schwachstellen sechs CVE-Nummern zugeordnet. Es handelt sich vor allem um Pufferüberläufe.
---------------------------------------------
http://www.heise.de/security/meldung/Adobe-schliesst-kritische-Shockwave-Luecken-1735274.html/from/atom10


More information about the Daily mailing list