[CERT-daily] Tageszusammenfassung - Donnerstag 25-10-2012

Thu Oct 25 18:00:04 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 24-10-2012 18:00 − Donnerstag 25-10-2012 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Bugtraq: VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability ***
---------------------------------------------
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524507


*** Bugtraq: VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability ***
---------------------------------------------
VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/524506


*** Bugtraq: [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin ***
---------------------------------------------
[waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin
---------------------------------------------
http://www.securityfocus.com/archive/1/524509


*** Microsoft Office Word 2010 Stack Exhaustion ***
---------------------------------------------
Topic: Microsoft Office Word 2010 Stack Exhaustion Risk: Low Text:Title : Microsoft Office Word 2010 Stack Overflow Version : Microsoft Office professional Plus 2010 Date : 2012...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/nm8w9gqy73w/WLB-2012100208


*** National and International Cyber Security Exercises: Survey, Analysis & Recommendations ***
---------------------------------------------
"Cyber exercises are an important tool to assess the preparedness of a community against cyber crises, technology failures and critical information infrastructure incidents. ENISA supports the stakeholders involved in EU cyber exercises. This report aims to support European and international bodies involved in cyber exercises with lessons learned about cyber exercises and recommendations for the future...."
---------------------------------------------
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cyber-exercises/exercise-survey2012


*** Researcher to demonstrate feature-rich malware that works as a browser extension ***
---------------------------------------------
"Security researcher Zoltan Balazs has developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying Web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more. Balazs, who works as an IT security consultant for professional services firm Deloitte in Hungary, created the proof-of-concept malware in order to raise awareness about the security
---------------------------------------------
http://www.computerworld.com/s/article/9232848/Researcher_to_demonstrate_feature_rich_malware_that_works_as_a_browser_extension